TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 40e46940df33ecf9dfb3507affb25a5f10301b3c / . / programs / test / ssl_test.c
blob: ebf2be9c14b8049070c0df8f43020a6f44a87362 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL/TLS stress testing program
3 *
4 * Copyright (C) 2006-2007 Christophe Devine
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20
21#ifndef _CRT_SECURE_NO_DEPRECATE
22#define _CRT_SECURE_NO_DEPRECATE 1
23#endif
24
25#include <string.h>
26#include <stdlib.h>
27#include <stdio.h>
28
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]29#include "polarssl/net.h"
30#include "polarssl/ssl.h"
31#include "polarssl/havege.h"
32#include "polarssl/timing.h"
33#include "polarssl/certs.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
35#define OPMODE_NONE 0
36#define OPMODE_CLIENT 1
37#define OPMODE_SERVER 2
38
39#define IOMODE_BLOCK 0
40#define IOMODE_NONBLOCK 1
41
42#define COMMAND_READ 1
43#define COMMAND_WRITE 2
44#define COMMAND_BOTH 3
45
46#define DFL_OPMODE OPMODE_NONE
47#define DFL_IOMODE IOMODE_BLOCK
48#define DFL_SERVER_NAME "localhost"
49#define DFL_SERVER_PORT 4433
50#define DFL_COMMAND COMMAND_READ
51#define DFL_BUFFER_SIZE 1024
52#define DFL_MAX_BYTES 0
53#define DFL_DEBUG_LEVEL 0
54#define DFL_CONN_TIMEOUT 0
55#define DFL_MAX_CONNECTIONS 0
56#define DFL_SESSION_REUSE 1
57#define DFL_SESSION_LIFETIME 86400
58#define DFL_FORCE_CIPHER 0
59
60/*
61 * server-specific data
62 */
63char *dhm_G = "4";
64char *dhm_P =
65"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
66"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
67"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
68"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
69
70int server_fd = -1;
71
72/*
73 * global options
74 */
75struct options
76{
77 int opmode; /* operation mode (client or server) */
78 int iomode; /* I/O mode (blocking or non-blocking) */
79 char *server_name; /* hostname of the server (client only) */
80 int server_port; /* port on which the ssl service runs */
81 int command; /* what to do: read or write operation */
82 int buffer_size; /* size of the send/receive buffer */
83 int max_bytes; /* max. # of bytes before a reconnect */
84 int debug_level; /* level of debugging */
85 int conn_timeout; /* max. delay before a reconnect */
86 int max_connections; /* max. number of reconnections */
87 int session_reuse; /* flag to reuse the keying material */
88 int session_lifetime; /* if reached, session data is expired */
89 int force_cipher[2]; /* protocol/cipher to use, or all */
90};
91
92/*
93 * Although this PRNG has good statistical properties (eg. passes
94 * DIEHARD), it is not cryptographically secure.
95 */
96unsigned long int lcppm5( unsigned long int *state )
97{
98 unsigned long int u, v;
99
100 u = v = state[4] ^ 1;
101 state[u & 3] ^= u;
102 u ^= (v << 12) ^ (v >> 12);
103 u ^= v * state[0]; v >>= 8;
104 u ^= v * state[1]; v >>= 8;
105 u ^= v * state[2]; v >>= 8;
106 u ^= v * state[3];
107 u &= 0xFFFFFFFF;
108 state[4] = u;
109
110 return( u );
111}
112
113void my_debug( void *ctx, int level, char *str )
114{
115 if( level < ((struct options *) ctx)->debug_level )
116 fprintf( stderr, "%s", str );
117}
118
119/*
120 * perform a single SSL connection
121 */
122static int ssl_test( struct options *opt )
123{
124 int ret, i;
125 int client_fd;
126 int bytes_to_read;
127 int bytes_to_write;
128 int offset_to_read;
129 int offset_to_write;
130
131 long int nb_read;
132 long int nb_written;
133
134 unsigned long read_state[5];
135 unsigned long write_state[5];
136
137 unsigned char *read_buf;
138 unsigned char *write_buf;
139
140 struct hr_time t;
141 havege_state hs;
142 ssl_context ssl;
143 ssl_session ssn;
144 x509_cert srvcert;
145 rsa_context rsa;
146
147 ret = 1;
148
149 havege_init( &hs );
150 get_timer( &t, 1 );
151
152 memset( read_state, 0, sizeof( read_state ) );
153 memset( write_state, 0, sizeof( write_state ) );
154
155 memset( &srvcert, 0, sizeof( x509_cert ) );
156 memset( &rsa, 0, sizeof( rsa_context ) );
157
158 if( opt->opmode == OPMODE_CLIENT )
159 {
160 if( ( ret = net_connect( &client_fd, opt->server_name,
161 opt->server_port ) ) != 0 )
162 {
163 printf( " ! net_connect returned %d\n\n", ret );
164 return( ret );
165 }
166
167 if( ( ret = ssl_init( &ssl ) ) != 0 )
168 {
169 printf( " ! ssl_init returned %d\n\n", ret );
170 return( ret );
171 }
172
173 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
174 }
175
176 if( opt->opmode == OPMODE_SERVER )
177 {
178 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
179 strlen( test_srv_crt ) );
180 if( ret != 0 )
181 {
182 printf( " ! x509parse_crt returned %d\n\n", ret );
183 goto exit;
184 }
185
186 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
187 strlen( test_ca_crt ) );
188 if( ret != 0 )
189 {
190 printf( " ! x509parse_crt returned %d\n\n", ret );
191 goto exit;
192 }
193
194 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
195 strlen( test_srv_key ), NULL, 0 );
196 if( ret != 0 )
197 {
198 printf( " ! x509parse_key returned %d\n\n", ret );
199 goto exit;
200 }
201
202 if( server_fd < 0 )
203 {
204 if( ( ret = net_bind( &server_fd, NULL,
205 opt->server_port ) ) != 0 )
206 {
207 printf( " ! net_bind returned %d\n\n", ret );
208 return( ret );
209 }
210 }
211
212 if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
213 {
214 printf( " ! net_accept returned %d\n\n", ret );
215 return( ret );
216 }
217
218 if( ( ret = ssl_init( &ssl ) ) != 0 )
219 {
220 printf( " ! ssl_init returned %d\n\n", ret );
221 return( ret );
222 }
223
224 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
225 ssl_set_dh_param( &ssl, dhm_P, dhm_G );
226 ssl_set_ca_chain( &ssl, srvcert.next, NULL );
227 ssl_set_own_cert( &ssl, &srvcert, &rsa );
228 }
229
230 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
231
232 ssl_set_rng( &ssl, havege_rand, &hs );
233 ssl_set_dbg( &ssl, my_debug, opt );
234 ssl_set_bio( &ssl, net_recv, &client_fd,
235 net_send, &client_fd );
236
237 ssl_set_session( &ssl, opt->session_reuse,
238 opt->session_lifetime, &ssn );
239
240 if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
241 ssl_set_ciphers( &ssl, ssl_default_ciphers );
242 else ssl_set_ciphers( &ssl, opt->force_cipher );
243
244 if( opt->iomode == IOMODE_NONBLOCK )
245 net_set_nonblock( client_fd );
246
247 read_buf = (unsigned char *) malloc( opt->buffer_size );
248 write_buf = (unsigned char *) malloc( opt->buffer_size );
249
250 if( read_buf == NULL || write_buf == NULL )
251 {
252 printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
253 goto exit;
254 }
255
256 nb_read = bytes_to_read = 0;
257 nb_written = bytes_to_write = 0;
258
259 while( 1 )
260 {
261 if( opt->command & COMMAND_WRITE )
262 {
263 if( bytes_to_write == 0 )
264 {
265 while( bytes_to_write == 0 )
266 bytes_to_write = rand() % opt->buffer_size;
267
268 for( i = 0; i < bytes_to_write; i++ )
269 write_buf[i] = (unsigned char) lcppm5( write_state );
270
271 offset_to_write = 0;
272 }
273
274 ret = ssl_write( &ssl, write_buf + offset_to_write,
275 bytes_to_write );
276
277 if( ret >= 0 )
278 {
279 nb_written += ret;
280 bytes_to_write -= ret;
281 offset_to_write += ret;
282 }
283
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]284 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
285 ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]286 {
287 ret = 0;
288 goto exit;
289 }
290
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]291 if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]292 {
293 printf( " ! ssl_write returned %d\n\n", ret );
294 break;
295 }
296 }
297
298 if( opt->command & COMMAND_READ )
299 {
300 if( bytes_to_read == 0 )
301 {
302 bytes_to_read = rand() % opt->buffer_size;
303 offset_to_read = 0;
304 }
305
306 ret = ssl_read( &ssl, read_buf + offset_to_read,
307 bytes_to_read );
308
309 if( ret >= 0 )
310 {
311 for( i = 0; i < ret; i++ )
312 {
313 if( read_buf[offset_to_read + i] !=
314 (unsigned char) lcppm5( read_state ) )
315 {
316 ret = 1;
317 printf( " ! plaintext mismatch\n\n" );
318 goto exit;
319 }
320 }
321
322 nb_read += ret;
323 bytes_to_read -= ret;
324 offset_to_read += ret;
325 }
326
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]327 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
328 ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]329 {
330 ret = 0;
331 goto exit;
332 }
333
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]334 if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335 {
336 printf( " ! ssl_read returned %d\n\n", ret );
337 break;
338 }
339 }
340
341 ret = 0;
342
343 if( opt->max_bytes != 0 &&
344 ( opt->max_bytes <= nb_read ||
345 opt->max_bytes <= nb_written ) )
346 break;
347
348 if( opt->conn_timeout != 0 &&
349 opt->conn_timeout <= (int) get_timer( &t, 0 ) )
350 break;
351 }
352
353exit:
354
355 fflush( stdout );
356
357 if( read_buf != NULL )
358 free( read_buf );
359
360 if( write_buf != NULL )
361 free( write_buf );
362
363 ssl_close_notify( &ssl );
364 x509_free( &srvcert );
365 rsa_free( &rsa );
366 ssl_free( &ssl );
367 net_close( client_fd );
368
369 return( ret );
370}
371
372#define USAGE \
373 "\n usage: ssl_test opmode=<> command=<>...\n" \
374 "\n acceptable parameters:\n" \
375 " opmode=client/server default: <none>\n" \
376 " iomode=block/nonblock default: block\n" \
377 " server_name=%%s default: localhost\n" \
378 " server_port=%%d default: 4433\n" \
379 " command=read/write/both default: read\n" \
380 " buffer_size=%%d (bytes) default: 1024\n" \
381 " max_bytes=%%d (bytes) default: 0 (no limit)\n" \
382 " debug_level=%%d default: 0 (disabled)\n" \
383 " conn_timeout=%%d (ms) default: 0 (no timeout)\n" \
384 " max_connections=%%d default: 0 (no limit)\n" \
385 " session_reuse=on/off default: on (enabled)\n" \
386 " session_lifetime=%%d (s) default: 86400\n" \
387 " force_cipher=<name> default: all enabled\n" \
388 " acceptable cipher names:\n" \
389 " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
390 " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
391 " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
392 " SSL_RSA_AES_256_SHA\n\n"
393
394int main( int argc, char *argv[] )
395{
396 int i, j, n;
397 int ret = 1;
398 int nb_conn;
399 char *p, *q;
400 struct options opt;
401
402 if( argc == 1 )
403 {
404 usage:
405 printf( USAGE );
406 goto exit;
407 }
408
409 opt.opmode = DFL_OPMODE;
410 opt.iomode = DFL_IOMODE;
411 opt.server_name = DFL_SERVER_NAME;
412 opt.server_port = DFL_SERVER_PORT;
413 opt.command = DFL_COMMAND;
414 opt.buffer_size = DFL_BUFFER_SIZE;
415 opt.max_bytes = DFL_MAX_BYTES;
416 opt.debug_level = DFL_DEBUG_LEVEL;
417 opt.conn_timeout = DFL_CONN_TIMEOUT;
418 opt.max_connections = DFL_MAX_CONNECTIONS;
419 opt.session_reuse = DFL_SESSION_REUSE;
420 opt.session_lifetime = DFL_SESSION_LIFETIME;
421 opt.force_cipher[0] = DFL_FORCE_CIPHER;
422
423 for( i = 1; i < argc; i++ )
424 {
425 n = strlen( argv[i] );
426
427 for( j = 0; j < n; j++ )
428 {
429 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
430 argv[i][j] |= 0x20;
431 }
432
433 p = argv[i];
434 if( ( q = strchr( p, '=' ) ) == NULL )
435 continue;
436 *q++ = '\0';
437
438 if( strcmp( p, "opmode" ) == 0 )
439 {
440 if( strcmp( q, "client" ) == 0 )
441 opt.opmode = OPMODE_CLIENT;
442 else
443 if( strcmp( q, "server" ) == 0 )
444 opt.opmode = OPMODE_SERVER;
445 else goto usage;
446 }
447
448 if( strcmp( p, "iomode" ) == 0 )
449 {
450 if( strcmp( q, "block" ) == 0 )
451 opt.iomode = IOMODE_BLOCK;
452 else
453 if( strcmp( q, "nonblock" ) == 0 )
454 opt.iomode = IOMODE_NONBLOCK;
455 else goto usage;
456 }
457
458 if( strcmp( p, "server_name" ) == 0 )
459 opt.server_name = q;
460
461 if( strcmp( p, "server_port" ) == 0 )
462 {
463 opt.server_port = atoi( q );
464 if( opt.server_port < 1 || opt.server_port > 65535 )
465 goto usage;
466 }
467
468 if( strcmp( p, "command" ) == 0 )
469 {
470 if( strcmp( q, "read" ) == 0 )
471 opt.command = COMMAND_READ;
472 else
473 if( strcmp( q, "write" ) == 0 )
474 opt.command = COMMAND_WRITE;
475 else
476 if( strcmp( q, "both" ) == 0 )
477 {
478 opt.iomode = IOMODE_NONBLOCK;
479 opt.command = COMMAND_BOTH;
480 }
481 else goto usage;
482 }
483
484 if( strcmp( p, "buffer_size" ) == 0 )
485 {
486 opt.buffer_size = atoi( q );
487 if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
488 goto usage;
489 }
490
491 if( strcmp( p, "max_bytes" ) == 0 )
492 opt.max_bytes = atoi( q );
493
494 if( strcmp( p, "debug_level" ) == 0 )
495 opt.debug_level = atoi( q );
496
497 if( strcmp( p, "conn_timeout" ) == 0 )
498 opt.conn_timeout = atoi( q );
499
500 if( strcmp( p, "max_connections" ) == 0 )
501 opt.max_connections = atoi( q );
502
503 if( strcmp( p, "session_reuse" ) == 0 )
504 {
505 if( strcmp( q, "on" ) == 0 )
506 opt.session_reuse = 1;
507 else
508 if( strcmp( q, "off" ) == 0 )
509 opt.session_reuse = 0;
510 else
511 goto usage;
512 }
513
514 if( strcmp( p, "session_lifetime" ) == 0 )
515 opt.session_lifetime = atoi( q );
516
517 if( strcmp( p, "force_cipher" ) == 0 )
518 {
519 opt.force_cipher[0] = -1;
520
521 if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
522 opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
523
524 if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
525 opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
526
527 if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
528 opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
529
530 if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
531 opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
532
533 if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
534 opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
535
536 if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
537 opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
538
539 if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
540 opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
541
542 if( opt.force_cipher[0] < 0 )
543 goto usage;
544
545 opt.force_cipher[1] = 0;
546 }
547 }
548
549 switch( opt.opmode )
550 {
551 case OPMODE_CLIENT:
552 break;
553
554 case OPMODE_SERVER:
555 break;
556
557 default:
558 goto usage;
559 }
560
561 nb_conn = 0;
562
563 do {
564 nb_conn++;
565 ret = ssl_test( &opt );
566 if( opt.max_connections != 0 &&
567 opt.max_connections <= nb_conn )
568 break;
569 }
570 while( ret == 0 );
571
572exit:
573
574#ifdef WIN32
575 printf( " Press Enter to exit this program.\n" );
576 fflush( stdout ); getchar();
577#endif
578
579 return( ret );
580}