Blame - programs/test/ssl_test.c - mirror/mbed-tls

blob: 9d06bd1a9176fe4146fb9afa8bfe536eb83eb33f [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* SSL/TLS stress testing program
				3	*
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	4	* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
				5	*
Paul Bakker	27db1f5	2009-01-25 15:27:00 +0000	[diff] [blame]	6	* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	7	*
				8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22
				23	#ifndef _CRT_SECURE_NO_DEPRECATE
				24	#define _CRT_SECURE_NO_DEPRECATE 1
				25	#endif
				26
				27	#include <string.h>
				28	#include <stdlib.h>
				29	#include <stdio.h>
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/net.h"
				32	#include "polarssl/ssl.h"
				33	#include "polarssl/havege.h"
				34	#include "polarssl/timing.h"
				35	#include "polarssl/certs.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	36
				37	#define OPMODE_NONE 0
				38	#define OPMODE_CLIENT 1
				39	#define OPMODE_SERVER 2
				40
				41	#define IOMODE_BLOCK 0
				42	#define IOMODE_NONBLOCK 1
				43
				44	#define COMMAND_READ 1
				45	#define COMMAND_WRITE 2
				46	#define COMMAND_BOTH 3
				47
				48	#define DFL_OPMODE OPMODE_NONE
				49	#define DFL_IOMODE IOMODE_BLOCK
				50	#define DFL_SERVER_NAME "localhost"
				51	#define DFL_SERVER_PORT 4433
				52	#define DFL_COMMAND COMMAND_READ
				53	#define DFL_BUFFER_SIZE 1024
				54	#define DFL_MAX_BYTES 0
				55	#define DFL_DEBUG_LEVEL 0
				56	#define DFL_CONN_TIMEOUT 0
				57	#define DFL_MAX_CONNECTIONS 0
				58	#define DFL_SESSION_REUSE 1
				59	#define DFL_SESSION_LIFETIME 86400
				60	#define DFL_FORCE_CIPHER 0
				61
				62	/*
				63	* server-specific data
				64	*/
				65	char *dhm_G = "4";
				66	char *dhm_P =
				67	"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
				68	"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
				69	"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
				70	"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
				71
				72	int server_fd = -1;
				73
				74	/*
				75	* global options
				76	*/
				77	struct options
				78	{
				79	int opmode; /* operation mode (client or server) */
				80	int iomode; /* I/O mode (blocking or non-blocking) */
				81	char server_name; / hostname of the server (client only) */
				82	int server_port; /* port on which the ssl service runs */
				83	int command; /* what to do: read or write operation */
				84	int buffer_size; /* size of the send/receive buffer */
				85	int max_bytes; /* max. # of bytes before a reconnect */
				86	int debug_level; /* level of debugging */
				87	int conn_timeout; /* max. delay before a reconnect */
				88	int max_connections; /* max. number of reconnections */
				89	int session_reuse; /* flag to reuse the keying material */
				90	int session_lifetime; /* if reached, session data is expired */
				91	int force_cipher[2]; /* protocol/cipher to use, or all */
				92	};
				93
				94	/*
				95	* Although this PRNG has good statistical properties (eg. passes
				96	* DIEHARD), it is not cryptographically secure.
				97	*/
				98	unsigned long int lcppm5( unsigned long int *state )
				99	{
				100	unsigned long int u, v;
				101
				102	u = v = state[4] ^ 1;
				103	state[u & 3] ^= u;
				104	u ^= (v << 12) ^ (v >> 12);
				105	u ^= v * state[0]; v >>= 8;
				106	u ^= v * state[1]; v >>= 8;
				107	u ^= v * state[2]; v >>= 8;
				108	u ^= v * state[3];
				109	u &= 0xFFFFFFFF;
				110	state[4] = u;
				111
				112	return( u );
				113	}
				114
				115	void my_debug( void ctx, int level, char str )
				116	{
				117	if( level < ((struct options *) ctx)->debug_level )
				118	fprintf( stderr, "%s", str );
				119	}
				120
				121	/*
				122	* perform a single SSL connection
				123	*/
				124	static int ssl_test( struct options *opt )
				125	{
				126	int ret, i;
				127	int client_fd;
				128	int bytes_to_read;
				129	int bytes_to_write;
				130	int offset_to_read;
				131	int offset_to_write;
				132
				133	long int nb_read;
				134	long int nb_written;
				135
				136	unsigned long read_state[5];
				137	unsigned long write_state[5];
				138
				139	unsigned char *read_buf;
				140	unsigned char *write_buf;
				141
				142	struct hr_time t;
				143	havege_state hs;
				144	ssl_context ssl;
				145	ssl_session ssn;
				146	x509_cert srvcert;
				147	rsa_context rsa;
				148
				149	ret = 1;
				150
				151	havege_init( &hs );
				152	get_timer( &t, 1 );
				153
				154	memset( read_state, 0, sizeof( read_state ) );
				155	memset( write_state, 0, sizeof( write_state ) );
				156
				157	memset( &srvcert, 0, sizeof( x509_cert ) );
				158	memset( &rsa, 0, sizeof( rsa_context ) );
				159
				160	if( opt->opmode == OPMODE_CLIENT )
				161	{
				162	if( ( ret = net_connect( &client_fd, opt->server_name,
				163	opt->server_port ) ) != 0 )
				164	{
				165	printf( " ! net_connect returned %d\n\n", ret );
				166	return( ret );
				167	}
				168
				169	if( ( ret = ssl_init( &ssl ) ) != 0 )
				170	{
				171	printf( " ! ssl_init returned %d\n\n", ret );
				172	return( ret );
				173	}
				174
				175	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
				176	}
				177
				178	if( opt->opmode == OPMODE_SERVER )
				179	{
				180	ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
				181	strlen( test_srv_crt ) );
				182	if( ret != 0 )
				183	{
				184	printf( " ! x509parse_crt returned %d\n\n", ret );
				185	goto exit;
				186	}
				187
				188	ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
				189	strlen( test_ca_crt ) );
				190	if( ret != 0 )
				191	{
				192	printf( " ! x509parse_crt returned %d\n\n", ret );
				193	goto exit;
				194	}
				195
				196	ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
				197	strlen( test_srv_key ), NULL, 0 );
				198	if( ret != 0 )
				199	{
				200	printf( " ! x509parse_key returned %d\n\n", ret );
				201	goto exit;
				202	}
				203
				204	if( server_fd < 0 )
				205	{
				206	if( ( ret = net_bind( &server_fd, NULL,
				207	opt->server_port ) ) != 0 )
				208	{
				209	printf( " ! net_bind returned %d\n\n", ret );
				210	return( ret );
				211	}
				212	}
				213
				214	if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
				215	{
				216	printf( " ! net_accept returned %d\n\n", ret );
				217	return( ret );
				218	}
				219
				220	if( ( ret = ssl_init( &ssl ) ) != 0 )
				221	{
				222	printf( " ! ssl_init returned %d\n\n", ret );
				223	return( ret );
				224	}
				225
				226	ssl_set_endpoint( &ssl, SSL_IS_SERVER );
				227	ssl_set_dh_param( &ssl, dhm_P, dhm_G );
				228	ssl_set_ca_chain( &ssl, srvcert.next, NULL );
				229	ssl_set_own_cert( &ssl, &srvcert, &rsa );
				230	}
				231
				232	ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
				233
				234	ssl_set_rng( &ssl, havege_rand, &hs );
				235	ssl_set_dbg( &ssl, my_debug, opt );
				236	ssl_set_bio( &ssl, net_recv, &client_fd,
				237	net_send, &client_fd );
				238
				239	ssl_set_session( &ssl, opt->session_reuse,
				240	opt->session_lifetime, &ssn );
				241
				242	if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
				243	ssl_set_ciphers( &ssl, ssl_default_ciphers );
				244	else ssl_set_ciphers( &ssl, opt->force_cipher );
				245
				246	if( opt->iomode == IOMODE_NONBLOCK )
				247	net_set_nonblock( client_fd );
				248
				249	read_buf = (unsigned char *) malloc( opt->buffer_size );
				250	write_buf = (unsigned char *) malloc( opt->buffer_size );
				251
				252	if( read_buf == NULL \|\| write_buf == NULL )
				253	{
				254	printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
				255	goto exit;
				256	}
				257
				258	nb_read = bytes_to_read = 0;
				259	nb_written = bytes_to_write = 0;
				260
				261	while( 1 )
				262	{
				263	if( opt->command & COMMAND_WRITE )
				264	{
				265	if( bytes_to_write == 0 )
				266	{
				267	while( bytes_to_write == 0 )
				268	bytes_to_write = rand() % opt->buffer_size;
				269
				270	for( i = 0; i < bytes_to_write; i++ )
				271	write_buf[i] = (unsigned char) lcppm5( write_state );
				272
				273	offset_to_write = 0;
				274	}
				275
				276	ret = ssl_write( &ssl, write_buf + offset_to_write,
				277	bytes_to_write );
				278
				279	if( ret >= 0 )
				280	{
				281	nb_written += ret;
				282	bytes_to_write -= ret;
				283	offset_to_write += ret;
				284	}
				285
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	286	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY \|\|
				287	ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	288	{
				289	ret = 0;
				290	goto exit;
				291	}
				292
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	293	if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	294	{
				295	printf( " ! ssl_write returned %d\n\n", ret );
				296	break;
				297	}
				298	}
				299
				300	if( opt->command & COMMAND_READ )
				301	{
				302	if( bytes_to_read == 0 )
				303	{
				304	bytes_to_read = rand() % opt->buffer_size;
				305	offset_to_read = 0;
				306	}
				307
				308	ret = ssl_read( &ssl, read_buf + offset_to_read,
				309	bytes_to_read );
				310
				311	if( ret >= 0 )
				312	{
				313	for( i = 0; i < ret; i++ )
				314	{
				315	if( read_buf[offset_to_read + i] !=
				316	(unsigned char) lcppm5( read_state ) )
				317	{
				318	ret = 1;
				319	printf( " ! plaintext mismatch\n\n" );
				320	goto exit;
				321	}
				322	}
				323
				324	nb_read += ret;
				325	bytes_to_read -= ret;
				326	offset_to_read += ret;
				327	}
				328
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	329	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY \|\|
				330	ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	331	{
				332	ret = 0;
				333	goto exit;
				334	}
				335
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	336	if( ret < 0 && ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	337	{
				338	printf( " ! ssl_read returned %d\n\n", ret );
				339	break;
				340	}
				341	}
				342
				343	ret = 0;
				344
				345	if( opt->max_bytes != 0 &&
				346	( opt->max_bytes <= nb_read \|\|
				347	opt->max_bytes <= nb_written ) )
				348	break;
				349
				350	if( opt->conn_timeout != 0 &&
				351	opt->conn_timeout <= (int) get_timer( &t, 0 ) )
				352	break;
				353	}
				354
				355	exit:
				356
				357	fflush( stdout );
				358
				359	if( read_buf != NULL )
				360	free( read_buf );
				361
				362	if( write_buf != NULL )
				363	free( write_buf );
				364
				365	ssl_close_notify( &ssl );
				366	x509_free( &srvcert );
				367	rsa_free( &rsa );
				368	ssl_free( &ssl );
				369	net_close( client_fd );
				370
				371	return( ret );
				372	}
				373
				374	#define USAGE \
				375	"\n usage: ssl_test opmode=<> command=<>...\n" \
				376	"\n acceptable parameters:\n" \
				377	" opmode=client/server default: <none>\n" \
				378	" iomode=block/nonblock default: block\n" \
				379	" server_name=%%s default: localhost\n" \
				380	" server_port=%%d default: 4433\n" \
				381	" command=read/write/both default: read\n" \
				382	" buffer_size=%%d (bytes) default: 1024\n" \
				383	" max_bytes=%%d (bytes) default: 0 (no limit)\n" \
				384	" debug_level=%%d default: 0 (disabled)\n" \
				385	" conn_timeout=%%d (ms) default: 0 (no timeout)\n" \
				386	" max_connections=%%d default: 0 (no limit)\n" \
				387	" session_reuse=on/off default: on (enabled)\n" \
				388	" session_lifetime=%%d (s) default: 86400\n" \
				389	" force_cipher=<name> default: all enabled\n" \
				390	" acceptable cipher names:\n" \
				391	" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
				392	" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
				393	" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
Paul Bakker	b5ef0ba	2009-01-11 20:25:36 +0000	[diff] [blame]	394	" SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
				395	" SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	396
				397	int main( int argc, char *argv[] )
				398	{
				399	int i, j, n;
				400	int ret = 1;
				401	int nb_conn;
				402	char p, q;
				403	struct options opt;
				404
				405	if( argc == 1 )
				406	{
				407	usage:
				408	printf( USAGE );
				409	goto exit;
				410	}
				411
				412	opt.opmode = DFL_OPMODE;
				413	opt.iomode = DFL_IOMODE;
				414	opt.server_name = DFL_SERVER_NAME;
				415	opt.server_port = DFL_SERVER_PORT;
				416	opt.command = DFL_COMMAND;
				417	opt.buffer_size = DFL_BUFFER_SIZE;
				418	opt.max_bytes = DFL_MAX_BYTES;
				419	opt.debug_level = DFL_DEBUG_LEVEL;
				420	opt.conn_timeout = DFL_CONN_TIMEOUT;
				421	opt.max_connections = DFL_MAX_CONNECTIONS;
				422	opt.session_reuse = DFL_SESSION_REUSE;
				423	opt.session_lifetime = DFL_SESSION_LIFETIME;
				424	opt.force_cipher[0] = DFL_FORCE_CIPHER;
				425
				426	for( i = 1; i < argc; i++ )
				427	{
				428	n = strlen( argv[i] );
				429
				430	for( j = 0; j < n; j++ )
				431	{
				432	if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
				433	argv[i][j] \|= 0x20;
				434	}
				435
				436	p = argv[i];
				437	if( ( q = strchr( p, '=' ) ) == NULL )
				438	continue;
				439	*q++ = '\0';
				440
				441	if( strcmp( p, "opmode" ) == 0 )
				442	{
				443	if( strcmp( q, "client" ) == 0 )
				444	opt.opmode = OPMODE_CLIENT;
				445	else
				446	if( strcmp( q, "server" ) == 0 )
				447	opt.opmode = OPMODE_SERVER;
				448	else goto usage;
				449	}
				450
				451	if( strcmp( p, "iomode" ) == 0 )
				452	{
				453	if( strcmp( q, "block" ) == 0 )
				454	opt.iomode = IOMODE_BLOCK;
				455	else
				456	if( strcmp( q, "nonblock" ) == 0 )
				457	opt.iomode = IOMODE_NONBLOCK;
				458	else goto usage;
				459	}
				460
				461	if( strcmp( p, "server_name" ) == 0 )
				462	opt.server_name = q;
				463
				464	if( strcmp( p, "server_port" ) == 0 )
				465	{
				466	opt.server_port = atoi( q );
				467	if( opt.server_port < 1 \|\| opt.server_port > 65535 )
				468	goto usage;
				469	}
				470
				471	if( strcmp( p, "command" ) == 0 )
				472	{
				473	if( strcmp( q, "read" ) == 0 )
				474	opt.command = COMMAND_READ;
				475	else
				476	if( strcmp( q, "write" ) == 0 )
				477	opt.command = COMMAND_WRITE;
				478	else
				479	if( strcmp( q, "both" ) == 0 )
				480	{
				481	opt.iomode = IOMODE_NONBLOCK;
				482	opt.command = COMMAND_BOTH;
				483	}
				484	else goto usage;
				485	}
				486
				487	if( strcmp( p, "buffer_size" ) == 0 )
				488	{
				489	opt.buffer_size = atoi( q );
				490	if( opt.buffer_size < 1 \|\| opt.buffer_size > 1048576 )
				491	goto usage;
				492	}
				493
				494	if( strcmp( p, "max_bytes" ) == 0 )
				495	opt.max_bytes = atoi( q );
				496
				497	if( strcmp( p, "debug_level" ) == 0 )
				498	opt.debug_level = atoi( q );
				499
				500	if( strcmp( p, "conn_timeout" ) == 0 )
				501	opt.conn_timeout = atoi( q );
				502
				503	if( strcmp( p, "max_connections" ) == 0 )
				504	opt.max_connections = atoi( q );
				505
				506	if( strcmp( p, "session_reuse" ) == 0 )
				507	{
				508	if( strcmp( q, "on" ) == 0 )
				509	opt.session_reuse = 1;
				510	else
				511	if( strcmp( q, "off" ) == 0 )
				512	opt.session_reuse = 0;
				513	else
				514	goto usage;
				515	}
				516
				517	if( strcmp( p, "session_lifetime" ) == 0 )
				518	opt.session_lifetime = atoi( q );
				519
				520	if( strcmp( p, "force_cipher" ) == 0 )
				521	{
				522	opt.force_cipher[0] = -1;
				523
				524	if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
				525	opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
				526
				527	if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
				528	opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
				529
				530	if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
				531	opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
				532
				533	if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
				534	opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
				535
				536	if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
				537	opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
				538
				539	if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
				540	opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
				541
				542	if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
				543	opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
				544
Paul Bakker	b5ef0ba	2009-01-11 20:25:36 +0000	[diff] [blame]	545	if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
				546	opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
				547
				548	if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
				549	opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
				550
				551	if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
				552	opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
				553
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	554	if( opt.force_cipher[0] < 0 )
				555	goto usage;
				556
				557	opt.force_cipher[1] = 0;
				558	}
				559	}
				560
				561	switch( opt.opmode )
				562	{
				563	case OPMODE_CLIENT:
				564	break;
				565
				566	case OPMODE_SERVER:
				567	break;
				568
				569	default:
				570	goto usage;
				571	}
				572
				573	nb_conn = 0;
				574
				575	do {
				576	nb_conn++;
				577	ret = ssl_test( &opt );
				578	if( opt.max_connections != 0 &&
				579	opt.max_connections <= nb_conn )
				580	break;
				581	}
				582	while( ret == 0 );
				583
				584	exit:
				585
				586	#ifdef WIN32
				587	printf( " Press Enter to exit this program.\n" );
				588	fflush( stdout ); getchar();
				589	#endif
				590
				591	return( ret );
				592	}