Mobile-C: /home/dko/Projects/mobilec/src/security/xyssl-0.9/programs/test/ssl

00001 /*
00002  *  SSL/TLS stress testing program
00003  *
00004  *  Copyright (C) 2006-2007  Christophe Devine
00005  *
00006  *  This program is free software; you can redistribute it and/or modify
00007  *  it under the terms of the GNU General Public License as published by
00008  *  the Free Software Foundation; either version 2 of the License, or
00009  *  (at your option) any later version.
00010  *
00011  *  This program is distributed in the hope that it will be useful,
00012  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  *  GNU General Public License for more details.
00015  *
00016  *  You should have received a copy of the GNU General Public License along
00017  *  with this program; if not, write to the Free Software Foundation, Inc.,
00018  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00019  */
00020 
00021 #ifndef _CRT_SECURE_NO_DEPRECATE
00022 #define _CRT_SECURE_NO_DEPRECATE 1
00023 #endif
00024 
00025 #include <string.h>
00026 #include <stdlib.h>
00027 #include <stdio.h>
00028 
00029 #include "xyssl/net.h"
00030 #include "xyssl/ssl.h"
00031 #include "xyssl/havege.h"
00032 #include "xyssl/timing.h"
00033 #include "xyssl/certs.h"
00034 
00035 #define OPMODE_NONE             0
00036 #define OPMODE_CLIENT           1
00037 #define OPMODE_SERVER           2
00038 
00039 #define IOMODE_BLOCK            0
00040 #define IOMODE_NONBLOCK         1
00041 
00042 #define COMMAND_READ            1
00043 #define COMMAND_WRITE           2
00044 #define COMMAND_BOTH            3
00045 
00046 #define DFL_OPMODE              OPMODE_NONE
00047 #define DFL_IOMODE              IOMODE_BLOCK
00048 #define DFL_SERVER_NAME         "localhost"
00049 #define DFL_SERVER_PORT         4433
00050 #define DFL_COMMAND             COMMAND_READ
00051 #define DFL_BUFFER_SIZE         1024
00052 #define DFL_MAX_BYTES           0
00053 #define DFL_DEBUG_LEVEL         0
00054 #define DFL_CONN_TIMEOUT        0
00055 #define DFL_MAX_CONNECTIONS     0
00056 #define DFL_SESSION_REUSE       1
00057 #define DFL_SESSION_LIFETIME    86400
00058 #define DFL_FORCE_CIPHER        0
00059 
00060 /*
00061  * server-specific data
00062  */
00063 char *dhm_G = "4";
00064 char *dhm_P = 
00065 "E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
00066 "11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
00067 "F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
00068 "01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
00069 
00070 int server_fd = -1;
00071 
00072 /*
00073  * global options
00074  */
00075 struct options
00076 {
00077     int opmode;                 /* operation mode (client or server)    */
00078     int iomode;                 /* I/O mode (blocking or non-blocking)  */
00079     char *server_name;          /* hostname of the server (client only) */
00080     int server_port;            /* port on which the ssl service runs   */
00081     int command;                /* what to do: read or write operation  */
00082     int buffer_size;            /* size of the send/receive buffer      */
00083     int max_bytes;              /* max. # of bytes before a reconnect   */
00084     int debug_level;            /* level of debugging                   */
00085     int conn_timeout;           /* max. delay before a reconnect        */
00086     int max_connections;        /* max. number of reconnections         */
00087     int session_reuse;          /* flag to reuse the keying material    */
00088     int session_lifetime;       /* if reached, session data is expired  */
00089     int force_cipher[2];        /* protocol/cipher to use, or all       */
00090 };
00091 
00092 /*
00093  * Although this PRNG has good statistical properties (eg. passes
00094  * DIEHARD), it is not cryptographically secure.
00095  */
00096 unsigned long int lcppm5( unsigned long int *state )
00097 {
00098     unsigned long int u, v;
00099 
00100     u = v = state[4] ^ 1;
00101     state[u & 3] ^= u;
00102     u ^= (v << 12) ^ (v >> 12);
00103     u ^= v * state[0]; v >>= 8;
00104     u ^= v * state[1]; v >>= 8;
00105     u ^= v * state[2]; v >>= 8;
00106     u ^= v * state[3];
00107     u &= 0xFFFFFFFF;
00108     state[4] = u;
00109 
00110     return( u );
00111 }
00112 
00113 void my_debug( void *ctx, int level, char *str )
00114 {
00115     if( level < ((struct options *) ctx)->debug_level )
00116         fprintf( stderr, "%s", str );
00117 }
00118 
00119 /*
00120  * perform a single SSL connection
00121  */
00122 static int ssl_test( struct options *opt )
00123 {
00124     int ret, i;
00125     int client_fd;
00126     int bytes_to_read;
00127     int bytes_to_write;
00128     int offset_to_read;
00129     int offset_to_write;
00130 
00131     long int nb_read;
00132     long int nb_written;
00133 
00134     unsigned long read_state[5];
00135     unsigned long write_state[5];
00136 
00137     unsigned char *read_buf;
00138     unsigned char *write_buf;
00139 
00140     struct hr_time t;
00141     havege_state hs;
00142     ssl_context ssl;
00143     ssl_session ssn;
00144     x509_cert srvcert;
00145     rsa_context rsa;
00146 
00147     ret = 1;
00148 
00149     havege_init( &hs );
00150     get_timer( &t, 1 );
00151 
00152     memset( read_state, 0, sizeof( read_state ) );
00153     memset( write_state, 0, sizeof( write_state ) );
00154 
00155     memset( &srvcert, 0, sizeof( x509_cert ) );
00156     memset( &rsa, 0, sizeof( rsa_context ) );
00157 
00158     if( opt->opmode == OPMODE_CLIENT )
00159     {
00160         if( ( ret = net_connect( &client_fd, opt->server_name,
00161                                              opt->server_port ) ) != 0 )
00162         {
00163             printf( "  ! net_connect returned %d\n\n", ret );
00164             return( ret );
00165         }
00166 
00167         if( ( ret = ssl_init( &ssl ) ) != 0 )
00168         {
00169             printf( "  ! ssl_init returned %d\n\n", ret );
00170             return( ret );
00171         }
00172 
00173         ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
00174     }
00175 
00176     if( opt->opmode == OPMODE_SERVER )
00177     {
00178         ret =  x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
00179                               strlen( test_srv_crt ) );
00180         if( ret != 0 )
00181         {
00182             printf( "  !  x509parse_crt returned %d\n\n", ret );
00183             goto exit;
00184         }
00185 
00186         ret =  x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
00187                               strlen( test_ca_crt ) );
00188         if( ret != 0 )
00189         {
00190             printf( "  !  x509parse_crt returned %d\n\n", ret );
00191             goto exit;
00192         }
00193 
00194         ret =  x509parse_key( &rsa, (unsigned char *) test_srv_key,
00195                               strlen( test_srv_key ), NULL, 0 );
00196         if( ret != 0 )
00197         {
00198             printf( "  !  x509parse_key returned %d\n\n", ret );
00199             goto exit;
00200         }
00201 
00202         if( server_fd < 0 )
00203         {
00204             if( ( ret = net_bind( &server_fd, NULL,
00205                                    opt->server_port ) ) != 0 )
00206             {
00207                 printf( "  ! net_bind returned %d\n\n", ret );
00208                 return( ret );
00209             }
00210         }
00211 
00212         if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
00213         {
00214             printf( "  ! net_accept returned %d\n\n", ret );
00215             return( ret );
00216         }
00217 
00218         if( ( ret = ssl_init( &ssl ) ) != 0 )
00219         {
00220             printf( "  ! ssl_init returned %d\n\n", ret );
00221             return( ret );
00222         }
00223 
00224         ssl_set_endpoint( &ssl, SSL_IS_SERVER );
00225         ssl_set_dh_param( &ssl, dhm_P, dhm_G );
00226         ssl_set_ca_chain( &ssl, srvcert.next, NULL );
00227         ssl_set_own_cert( &ssl, &srvcert, &rsa );
00228     }
00229 
00230     ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
00231 
00232     ssl_set_rng( &ssl, havege_rand, &hs );
00233     ssl_set_dbg( &ssl, my_debug, opt );
00234     ssl_set_bio( &ssl, net_recv, &client_fd,
00235                        net_send, &client_fd );
00236 
00237     ssl_set_session( &ssl, opt->session_reuse,
00238                            opt->session_lifetime, &ssn );
00239 
00240     if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
00241           ssl_set_ciphers( &ssl, ssl_default_ciphers );
00242     else  ssl_set_ciphers( &ssl, opt->force_cipher );
00243 
00244     if( opt->iomode == IOMODE_NONBLOCK )
00245         net_set_nonblock( client_fd );
00246 
00247      read_buf = (unsigned char *) malloc( opt->buffer_size );
00248     write_buf = (unsigned char *) malloc( opt->buffer_size );
00249 
00250     if( read_buf == NULL || write_buf == NULL )
00251     {
00252         printf( "  ! malloc(%d bytes) failed\n\n", opt->buffer_size );
00253         goto exit;
00254     }
00255 
00256     nb_read = bytes_to_read = 0;
00257     nb_written = bytes_to_write = 0;
00258 
00259     while( 1 )
00260     {
00261         if( opt->command & COMMAND_WRITE )
00262         {
00263             if( bytes_to_write == 0 )
00264             {
00265                 while( bytes_to_write == 0 )
00266                     bytes_to_write = rand() % opt->buffer_size;
00267 
00268                 for( i = 0; i < bytes_to_write; i++ )
00269                     write_buf[i] = (unsigned char) lcppm5( write_state );
00270 
00271                 offset_to_write = 0;
00272             }
00273 
00274             ret = ssl_write( &ssl, write_buf + offset_to_write,
00275                              bytes_to_write );
00276 
00277             if( ret >= 0 )
00278             {
00279                 nb_written += ret;
00280                 bytes_to_write  -= ret;
00281                 offset_to_write += ret;
00282             }
00283 
00284             if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
00285                 ret == XYSSL_ERR_NET_CONN_RESET )
00286             {
00287                 ret = 0;
00288                 goto exit;
00289             }
00290 
00291             if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
00292             {
00293                 printf( "  ! ssl_write returned %d\n\n", ret );
00294                 break;
00295             }
00296         }
00297 
00298         if( opt->command & COMMAND_READ )
00299         {
00300             if( bytes_to_read == 0 )
00301             {
00302                 bytes_to_read = rand() % opt->buffer_size;
00303                 offset_to_read = 0;
00304             }
00305 
00306             ret = ssl_read( &ssl, read_buf + offset_to_read,
00307                             bytes_to_read );
00308 
00309             if( ret >= 0 )
00310             {
00311                 for( i = 0; i < ret; i++ )
00312                 {
00313                     if( read_buf[offset_to_read + i] !=
00314                         (unsigned char) lcppm5( read_state ) )
00315                     {
00316                         ret = 1;
00317                         printf( "  ! plaintext mismatch\n\n" );
00318                         goto exit;
00319                     }
00320                 }
00321 
00322                 nb_read += ret;
00323                 bytes_to_read -= ret;
00324                 offset_to_read += ret;
00325             }
00326 
00327             if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
00328                 ret == XYSSL_ERR_NET_CONN_RESET )
00329             {
00330                 ret = 0;
00331                 goto exit;
00332             }
00333 
00334             if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
00335             {
00336                 printf( "  ! ssl_read returned %d\n\n", ret );
00337                 break;
00338             }
00339         }
00340 
00341         ret = 0;
00342 
00343         if( opt->max_bytes != 0 &&
00344             ( opt->max_bytes <= nb_read ||
00345               opt->max_bytes <= nb_written ) )
00346             break;
00347 
00348         if( opt->conn_timeout != 0 &&
00349             opt->conn_timeout <= (int) get_timer( &t, 0 ) )
00350             break;
00351     }
00352 
00353 exit:
00354 
00355     fflush( stdout );
00356 
00357     if( read_buf != NULL )
00358         free( read_buf );
00359 
00360     if( write_buf != NULL )
00361         free( write_buf );
00362 
00363     ssl_close_notify( &ssl );
00364     x509_free( &srvcert );
00365     rsa_free( &rsa );
00366     ssl_free( &ssl );
00367     net_close( client_fd );
00368 
00369     return( ret );
00370 }
00371 
00372 #define USAGE \
00373     "\n usage: ssl_test opmode=<> command=<>...\n"               \
00374     "\n acceptable parameters:\n"                                \
00375     "    opmode=client/server        default: <none>\n"          \
00376     "    iomode=block/nonblock       default: block\n"           \
00377     "    server_name=%%s              default: localhost\n"      \
00378     "    server_port=%%d              default: 4433\n"           \
00379     "    command=read/write/both     default: read\n"            \
00380     "    buffer_size=%%d (bytes)      default: 1024\n"           \
00381     "    max_bytes=%%d (bytes)        default: 0 (no limit)\n"   \
00382     "    debug_level=%%d              default: 0 (disabled)\n"   \
00383     "    conn_timeout=%%d (ms)        default: 0 (no timeout)\n" \
00384     "    max_connections=%%d          default: 0 (no limit)\n"   \
00385     "    session_reuse=on/off        default: on (enabled)\n"    \
00386     "    session_lifetime=%%d (s)     default: 86400\n"          \
00387     "    force_cipher=<name>         default: all enabled\n"     \
00388     " acceptable cipher names:\n"                                \
00389     "    SSL_RSA_RC4_128_MD5         SSL_RSA_RC4_128_SHA\n"      \
00390     "    SSL_RSA_DES_168_SHA         SSL_EDH_RSA_DES_168_SHA\n"  \
00391     "    SSL_RSA_AES_128_SHA         SSL_EDH_RSA_AES_256_SHA\n"  \
00392     "    SSL_RSA_AES_256_SHA\n\n"
00393 
00394 int main( int argc, char *argv[] )
00395 {
00396     int i, j, n;
00397     int ret = 1;
00398     int nb_conn;
00399     char *p, *q;
00400     struct options opt;
00401 
00402     if( argc == 1 )
00403     {
00404     usage:
00405         printf( USAGE );
00406         goto exit;
00407     }
00408 
00409     opt.opmode                  = DFL_OPMODE;
00410     opt.iomode                  = DFL_IOMODE;
00411     opt.server_name             = DFL_SERVER_NAME;
00412     opt.server_port             = DFL_SERVER_PORT;
00413     opt.command                 = DFL_COMMAND;
00414     opt.buffer_size             = DFL_BUFFER_SIZE;
00415     opt.max_bytes               = DFL_MAX_BYTES;
00416     opt.debug_level             = DFL_DEBUG_LEVEL;
00417     opt.conn_timeout            = DFL_CONN_TIMEOUT;
00418     opt.max_connections         = DFL_MAX_CONNECTIONS;
00419     opt.session_reuse           = DFL_SESSION_REUSE;
00420     opt.session_lifetime        = DFL_SESSION_LIFETIME;
00421     opt.force_cipher[0]         = DFL_FORCE_CIPHER;
00422 
00423     for( i = 1; i < argc; i++ )
00424     {
00425         n = strlen( argv[i] );
00426 
00427         for( j = 0; j < n; j++ )
00428         {
00429             if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
00430                 argv[i][j] |= 0x20;
00431         }
00432 
00433         p = argv[i];
00434         if( ( q = strchr( p, '=' ) ) == NULL )
00435             continue;
00436         *q++ = '\0';
00437 
00438         if( strcmp( p, "opmode" ) == 0 )
00439         {
00440             if( strcmp( q, "client" ) == 0 )
00441                 opt.opmode = OPMODE_CLIENT;
00442             else
00443             if( strcmp( q, "server" ) == 0 )
00444                 opt.opmode = OPMODE_SERVER;
00445             else goto usage;
00446         }
00447 
00448         if( strcmp( p, "iomode" ) == 0 )
00449         {
00450             if( strcmp( q, "block" ) == 0 )
00451                 opt.iomode = IOMODE_BLOCK;
00452             else
00453             if( strcmp( q, "nonblock" ) == 0 )
00454                 opt.iomode = IOMODE_NONBLOCK;
00455             else goto usage;
00456         }
00457 
00458         if( strcmp( p, "server_name" ) == 0 )
00459             opt.server_name = q;
00460 
00461         if( strcmp( p, "server_port" ) == 0 )
00462         {
00463             opt.server_port = atoi( q );
00464             if( opt.server_port < 1 || opt.server_port > 65535 )
00465                 goto usage;
00466         }
00467 
00468         if( strcmp( p, "command" ) == 0 )
00469         {
00470             if( strcmp( q, "read" ) == 0 )
00471                 opt.command = COMMAND_READ;
00472             else
00473             if( strcmp( q, "write" ) == 0 )
00474                 opt.command = COMMAND_WRITE;
00475             else
00476             if( strcmp( q, "both" ) == 0 )
00477             {
00478                 opt.iomode  = IOMODE_NONBLOCK;
00479                 opt.command = COMMAND_BOTH;
00480             }
00481             else goto usage;
00482         }
00483 
00484         if( strcmp( p, "buffer_size" ) == 0 )
00485         {
00486             opt.buffer_size = atoi( q );
00487             if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
00488                 goto usage;
00489         }
00490 
00491         if( strcmp( p, "max_bytes" ) == 0 )
00492             opt.max_bytes = atoi( q );
00493 
00494         if( strcmp( p, "debug_level" ) == 0 )
00495             opt.debug_level = atoi( q );
00496 
00497         if( strcmp( p, "conn_timeout" ) == 0 )
00498             opt.conn_timeout = atoi( q );
00499 
00500         if( strcmp( p, "max_connections" ) == 0 )
00501             opt.max_connections = atoi( q );
00502 
00503         if( strcmp( p, "session_reuse" ) == 0 )
00504         {
00505             if( strcmp( q, "on" ) == 0 )
00506                 opt.session_reuse = 1;
00507             else
00508             if( strcmp( q, "off" ) == 0 )
00509                 opt.session_reuse = 0;
00510             else
00511                 goto usage;
00512         }
00513 
00514         if( strcmp( p, "session_lifetime" ) == 0 )
00515             opt.session_lifetime = atoi( q );
00516 
00517         if( strcmp( p, "force_cipher" ) == 0 )
00518         {
00519             opt.force_cipher[0] = -1;
00520 
00521             if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
00522                 opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
00523 
00524             if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
00525                 opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
00526 
00527             if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
00528                 opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
00529 
00530             if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
00531                 opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
00532 
00533             if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
00534                 opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
00535 
00536             if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
00537                 opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
00538 
00539             if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
00540                 opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
00541 
00542             if( opt.force_cipher[0] < 0 )
00543                 goto usage;
00544 
00545             opt.force_cipher[1] = 0;
00546         }
00547     }
00548 
00549     switch( opt.opmode )
00550     {
00551         case OPMODE_CLIENT:
00552             break;
00553 
00554         case OPMODE_SERVER:
00555             break;
00556 
00557         default:
00558             goto usage;
00559     }
00560 
00561     nb_conn = 0;
00562 
00563     do {
00564         nb_conn++;
00565         ret = ssl_test( &opt );
00566         if( opt.max_connections != 0 &&
00567             opt.max_connections <= nb_conn )
00568             break;
00569     }
00570     while( ret == 0 );
00571 
00572 exit:
00573 
00574 #ifdef WIN32
00575     printf( "  Press Enter to exit this program.\n" );
00576     fflush( stdout ); getchar();
00577 #endif
00578 
00579     return( ret );
00580 }
/home/dko/Projects/mobilec/src/security/xyssl-0.9/programs/test/ssl_test.c
