TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e3166ce0404c345f0e7f806fe2588afd5396aa70 / . / programs / test / ssl_test.c
blob: 61aeb9a8f57b163a0585e7b3e269e3c7f2f5726f [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL/TLS stress testing program
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdlib.h>
32#include <stdio.h>
33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#include "polarssl/net.h"
35#include "polarssl/ssl.h"
36#include "polarssl/havege.h"
37#include "polarssl/timing.h"
38#include "polarssl/certs.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]39
40#define OPMODE_NONE 0
41#define OPMODE_CLIENT 1
42#define OPMODE_SERVER 2
43
44#define IOMODE_BLOCK 0
45#define IOMODE_NONBLOCK 1
46
47#define COMMAND_READ 1
48#define COMMAND_WRITE 2
49#define COMMAND_BOTH 3
50
51#define DFL_OPMODE OPMODE_NONE
52#define DFL_IOMODE IOMODE_BLOCK
53#define DFL_SERVER_NAME "localhost"
54#define DFL_SERVER_PORT 4433
55#define DFL_COMMAND COMMAND_READ
56#define DFL_BUFFER_SIZE 1024
57#define DFL_MAX_BYTES 0
58#define DFL_DEBUG_LEVEL 0
59#define DFL_CONN_TIMEOUT 0
60#define DFL_MAX_CONNECTIONS 0
61#define DFL_SESSION_REUSE 1
62#define DFL_SESSION_LIFETIME 86400
63#define DFL_FORCE_CIPHER 0
64
65/*
66 * server-specific data
67 */
68char *dhm_G = "4";
69char *dhm_P =
70"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
71"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
72"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
73"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
74
75int server_fd = -1;
76
77/*
78 * global options
79 */
80struct options
81{
82 int opmode; /* operation mode (client or server) */
83 int iomode; /* I/O mode (blocking or non-blocking) */
84 char *server_name; /* hostname of the server (client only) */
85 int server_port; /* port on which the ssl service runs */
86 int command; /* what to do: read or write operation */
87 int buffer_size; /* size of the send/receive buffer */
88 int max_bytes; /* max. # of bytes before a reconnect */
89 int debug_level; /* level of debugging */
90 int conn_timeout; /* max. delay before a reconnect */
91 int max_connections; /* max. number of reconnections */
92 int session_reuse; /* flag to reuse the keying material */
93 int session_lifetime; /* if reached, session data is expired */
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]94 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]95};
96
97/*
98 * Although this PRNG has good statistical properties (eg. passes
99 * DIEHARD), it is not cryptographically secure.
100 */
101unsigned long int lcppm5( unsigned long int *state )
102{
103 unsigned long int u, v;
104
105 u = v = state[4] ^ 1;
106 state[u & 3] ^= u;
107 u ^= (v << 12) ^ (v >> 12);
108 u ^= v * state[0]; v >>= 8;
109 u ^= v * state[1]; v >>= 8;
110 u ^= v * state[2]; v >>= 8;
111 u ^= v * state[3];
112 u &= 0xFFFFFFFF;
113 state[4] = u;
114
115 return( u );
116}
117
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]118void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]119{
120 if( level < ((struct options *) ctx)->debug_level )
121 fprintf( stderr, "%s", str );
122}
123
124/*
125 * perform a single SSL connection
126 */
127static int ssl_test( struct options *opt )
128{
129 int ret, i;
130 int client_fd;
131 int bytes_to_read;
132 int bytes_to_write;
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]133 int offset_to_read = 0;
134 int offset_to_write = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]135
136 long int nb_read;
137 long int nb_written;
138
139 unsigned long read_state[5];
140 unsigned long write_state[5];
141
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]142 unsigned char *read_buf = NULL;
143 unsigned char *write_buf = NULL;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]144
145 struct hr_time t;
146 havege_state hs;
147 ssl_context ssl;
148 ssl_session ssn;
149 x509_cert srvcert;
150 rsa_context rsa;
151
152 ret = 1;
153
154 havege_init( &hs );
155 get_timer( &t, 1 );
156
157 memset( read_state, 0, sizeof( read_state ) );
158 memset( write_state, 0, sizeof( write_state ) );
159
160 memset( &srvcert, 0, sizeof( x509_cert ) );
161 memset( &rsa, 0, sizeof( rsa_context ) );
162
163 if( opt->opmode == OPMODE_CLIENT )
164 {
165 if( ( ret = net_connect( &client_fd, opt->server_name,
166 opt->server_port ) ) != 0 )
167 {
168 printf( " ! net_connect returned %d\n\n", ret );
169 return( ret );
170 }
171
172 if( ( ret = ssl_init( &ssl ) ) != 0 )
173 {
174 printf( " ! ssl_init returned %d\n\n", ret );
175 return( ret );
176 }
177
178 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
179 }
180
181 if( opt->opmode == OPMODE_SERVER )
182 {
183 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
184 strlen( test_srv_crt ) );
185 if( ret != 0 )
186 {
187 printf( " ! x509parse_crt returned %d\n\n", ret );
188 goto exit;
189 }
190
191 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
192 strlen( test_ca_crt ) );
193 if( ret != 0 )
194 {
195 printf( " ! x509parse_crt returned %d\n\n", ret );
196 goto exit;
197 }
198
199 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
200 strlen( test_srv_key ), NULL, 0 );
201 if( ret != 0 )
202 {
203 printf( " ! x509parse_key returned %d\n\n", ret );
204 goto exit;
205 }
206
207 if( server_fd < 0 )
208 {
209 if( ( ret = net_bind( &server_fd, NULL,
210 opt->server_port ) ) != 0 )
211 {
212 printf( " ! net_bind returned %d\n\n", ret );
213 return( ret );
214 }
215 }
216
217 if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
218 {
219 printf( " ! net_accept returned %d\n\n", ret );
220 return( ret );
221 }
222
223 if( ( ret = ssl_init( &ssl ) ) != 0 )
224 {
225 printf( " ! ssl_init returned %d\n\n", ret );
226 return( ret );
227 }
228
229 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
230 ssl_set_dh_param( &ssl, dhm_P, dhm_G );
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]231 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]232 ssl_set_own_cert( &ssl, &srvcert, &rsa );
233 }
234
235 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
236
237 ssl_set_rng( &ssl, havege_rand, &hs );
238 ssl_set_dbg( &ssl, my_debug, opt );
239 ssl_set_bio( &ssl, net_recv, &client_fd,
240 net_send, &client_fd );
241
242 ssl_set_session( &ssl, opt->session_reuse,
243 opt->session_lifetime, &ssn );
244
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]245 if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
246 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
247 else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]248
249 if( opt->iomode == IOMODE_NONBLOCK )
250 net_set_nonblock( client_fd );
251
252 read_buf = (unsigned char *) malloc( opt->buffer_size );
253 write_buf = (unsigned char *) malloc( opt->buffer_size );
254
255 if( read_buf == NULL || write_buf == NULL )
256 {
257 printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
258 goto exit;
259 }
260
261 nb_read = bytes_to_read = 0;
262 nb_written = bytes_to_write = 0;
263
264 while( 1 )
265 {
266 if( opt->command & COMMAND_WRITE )
267 {
268 if( bytes_to_write == 0 )
269 {
270 while( bytes_to_write == 0 )
271 bytes_to_write = rand() % opt->buffer_size;
272
273 for( i = 0; i < bytes_to_write; i++ )
274 write_buf[i] = (unsigned char) lcppm5( write_state );
275
276 offset_to_write = 0;
277 }
278
279 ret = ssl_write( &ssl, write_buf + offset_to_write,
280 bytes_to_write );
281
282 if( ret >= 0 )
283 {
284 nb_written += ret;
285 bytes_to_write -= ret;
286 offset_to_write += ret;
287 }
288
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]289 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
290 ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]291 {
292 ret = 0;
293 goto exit;
294 }
295
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]296 if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297 {
298 printf( " ! ssl_write returned %d\n\n", ret );
299 break;
300 }
301 }
302
303 if( opt->command & COMMAND_READ )
304 {
305 if( bytes_to_read == 0 )
306 {
307 bytes_to_read = rand() % opt->buffer_size;
308 offset_to_read = 0;
309 }
310
311 ret = ssl_read( &ssl, read_buf + offset_to_read,
312 bytes_to_read );
313
314 if( ret >= 0 )
315 {
316 for( i = 0; i < ret; i++ )
317 {
318 if( read_buf[offset_to_read + i] !=
319 (unsigned char) lcppm5( read_state ) )
320 {
321 ret = 1;
322 printf( " ! plaintext mismatch\n\n" );
323 goto exit;
324 }
325 }
326
327 nb_read += ret;
328 bytes_to_read -= ret;
329 offset_to_read += ret;
330 }
331
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]332 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
333 ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]334 {
335 ret = 0;
336 goto exit;
337 }
338
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]339 if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]340 {
341 printf( " ! ssl_read returned %d\n\n", ret );
342 break;
343 }
344 }
345
346 ret = 0;
347
348 if( opt->max_bytes != 0 &&
349 ( opt->max_bytes <= nb_read ||
350 opt->max_bytes <= nb_written ) )
351 break;
352
353 if( opt->conn_timeout != 0 &&
354 opt->conn_timeout <= (int) get_timer( &t, 0 ) )
355 break;
356 }
357
358exit:
359
360 fflush( stdout );
361
362 if( read_buf != NULL )
363 free( read_buf );
364
365 if( write_buf != NULL )
366 free( write_buf );
367
368 ssl_close_notify( &ssl );
369 x509_free( &srvcert );
370 rsa_free( &rsa );
371 ssl_free( &ssl );
372 net_close( client_fd );
373
374 return( ret );
375}
376
377#define USAGE \
378 "\n usage: ssl_test opmode=<> command=<>...\n" \
379 "\n acceptable parameters:\n" \
380 " opmode=client/server default: <none>\n" \
381 " iomode=block/nonblock default: block\n" \
382 " server_name=%%s default: localhost\n" \
383 " server_port=%%d default: 4433\n" \
384 " command=read/write/both default: read\n" \
385 " buffer_size=%%d (bytes) default: 1024\n" \
386 " max_bytes=%%d (bytes) default: 0 (no limit)\n" \
387 " debug_level=%%d default: 0 (disabled)\n" \
388 " conn_timeout=%%d (ms) default: 0 (no timeout)\n" \
389 " max_connections=%%d default: 0 (no limit)\n" \
390 " session_reuse=on/off default: on (enabled)\n" \
391 " session_lifetime=%%d (s) default: 86400\n" \
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]392 " force_ciphersuite=<name> default: all enabled\n" \
393 " acceptable ciphersuite names:\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]394
395int main( int argc, char *argv[] )
396{
397 int i, j, n;
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]398 const int *list;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]399 int ret = 1;
400 int nb_conn;
401 char *p, *q;
402 struct options opt;
403
404 if( argc == 1 )
405 {
406 usage:
407 printf( USAGE );
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]408
409 list = ssl_list_ciphersuites();
410 while( *list )
411 {
412 printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
413 list++;
414 }
415 printf("\n");
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]416 goto exit;
417 }
418
419 opt.opmode = DFL_OPMODE;
420 opt.iomode = DFL_IOMODE;
421 opt.server_name = DFL_SERVER_NAME;
422 opt.server_port = DFL_SERVER_PORT;
423 opt.command = DFL_COMMAND;
424 opt.buffer_size = DFL_BUFFER_SIZE;
425 opt.max_bytes = DFL_MAX_BYTES;
426 opt.debug_level = DFL_DEBUG_LEVEL;
427 opt.conn_timeout = DFL_CONN_TIMEOUT;
428 opt.max_connections = DFL_MAX_CONNECTIONS;
429 opt.session_reuse = DFL_SESSION_REUSE;
430 opt.session_lifetime = DFL_SESSION_LIFETIME;
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]431 opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432
433 for( i = 1; i < argc; i++ )
434 {
435 n = strlen( argv[i] );
436
437 for( j = 0; j < n; j++ )
438 {
439 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
440 argv[i][j] |= 0x20;
441 }
442
443 p = argv[i];
444 if( ( q = strchr( p, '=' ) ) == NULL )
445 continue;
446 *q++ = '\0';
447
448 if( strcmp( p, "opmode" ) == 0 )
449 {
450 if( strcmp( q, "client" ) == 0 )
451 opt.opmode = OPMODE_CLIENT;
452 else
453 if( strcmp( q, "server" ) == 0 )
454 opt.opmode = OPMODE_SERVER;
455 else goto usage;
456 }
457
458 if( strcmp( p, "iomode" ) == 0 )
459 {
460 if( strcmp( q, "block" ) == 0 )
461 opt.iomode = IOMODE_BLOCK;
462 else
463 if( strcmp( q, "nonblock" ) == 0 )
464 opt.iomode = IOMODE_NONBLOCK;
465 else goto usage;
466 }
467
468 if( strcmp( p, "server_name" ) == 0 )
469 opt.server_name = q;
470
471 if( strcmp( p, "server_port" ) == 0 )
472 {
473 opt.server_port = atoi( q );
474 if( opt.server_port < 1 || opt.server_port > 65535 )
475 goto usage;
476 }
477
478 if( strcmp( p, "command" ) == 0 )
479 {
480 if( strcmp( q, "read" ) == 0 )
481 opt.command = COMMAND_READ;
482 else
483 if( strcmp( q, "write" ) == 0 )
484 opt.command = COMMAND_WRITE;
485 else
486 if( strcmp( q, "both" ) == 0 )
487 {
488 opt.iomode = IOMODE_NONBLOCK;
489 opt.command = COMMAND_BOTH;
490 }
491 else goto usage;
492 }
493
494 if( strcmp( p, "buffer_size" ) == 0 )
495 {
496 opt.buffer_size = atoi( q );
497 if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
498 goto usage;
499 }
500
501 if( strcmp( p, "max_bytes" ) == 0 )
502 opt.max_bytes = atoi( q );
503
504 if( strcmp( p, "debug_level" ) == 0 )
505 opt.debug_level = atoi( q );
506
507 if( strcmp( p, "conn_timeout" ) == 0 )
508 opt.conn_timeout = atoi( q );
509
510 if( strcmp( p, "max_connections" ) == 0 )
511 opt.max_connections = atoi( q );
512
513 if( strcmp( p, "session_reuse" ) == 0 )
514 {
515 if( strcmp( q, "on" ) == 0 )
516 opt.session_reuse = 1;
517 else
518 if( strcmp( q, "off" ) == 0 )
519 opt.session_reuse = 0;
520 else
521 goto usage;
522 }
523
524 if( strcmp( p, "session_lifetime" ) == 0 )
525 opt.session_lifetime = atoi( q );
526
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]527 if( strcmp( p, "force_ciphersuite" ) == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]528 {
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]529 opt.force_ciphersuite[0] = -1;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]530
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]531 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]532
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]533 if( opt.force_ciphersuite[0] <= 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]534 goto usage;
535
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame^]536 opt.force_ciphersuite[1] = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]537 }
538 }
539
540 switch( opt.opmode )
541 {
542 case OPMODE_CLIENT:
543 break;
544
545 case OPMODE_SERVER:
546 break;
547
548 default:
549 goto usage;
550 }
551
552 nb_conn = 0;
553
554 do {
555 nb_conn++;
556 ret = ssl_test( &opt );
557 if( opt.max_connections != 0 &&
558 opt.max_connections <= nb_conn )
559 break;
560 }
561 while( ret == 0 );
562
563exit:
564
565#ifdef WIN32
566 printf( " Press Enter to exit this program.\n" );
567 fflush( stdout ); getchar();
568#endif
569
570 return( ret );
571}