|
|
|
@@ -7,21 +7,21 @@ |
|
|
|
|
|
|
|
// Buffer used for read/write tests |
|
|
|
unsigned char rw_buf[BUFFER_SIZE]; |
|
|
|
static const int Curves[1] = {NID_X25519}; |
|
|
|
static const char* DefaultCurves = "CECPQ2b:CECPQ2:X25519"; |
|
|
|
static const uint16_t TLS_PROT_VERSION = TLS1_3_VERSION; |
|
|
|
|
|
|
|
SSL_CTX *setup_client_ctx(void) |
|
|
|
SSL_CTX *setup_client_ctx(const char* curves) |
|
|
|
{ |
|
|
|
SSL_CTX* ctx = NULL; |
|
|
|
|
|
|
|
ctx = SSL_CTX_new(TLS_method()); |
|
|
|
assert(ctx != NULL); |
|
|
|
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); |
|
|
|
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); |
|
|
|
if( SSL_CTX_load_verify_locations(ctx, CACERT, NULL) != 1) { |
|
|
|
ERR("Error loading CA DIR"); |
|
|
|
} |
|
|
|
|
|
|
|
if (SSL_CTX_set1_curves(ctx, Curves, 1) != 1) { |
|
|
|
if (SSL_CTX_set1_curves_list(ctx, curves)!=1) { |
|
|
|
ERR("Can't set SIDH group"); |
|
|
|
} |
|
|
|
|
|
|
|
@@ -52,44 +52,47 @@ int do_client_loop(SSL* ssl) |
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
void test_Handshake(const char* IP, size_t handshake_nb) { |
|
|
|
void test_Handshake(const char* IP, const char* curves, size_t handshake_nb) { |
|
|
|
SSL* ssl; |
|
|
|
SSL_CTX* ctx; |
|
|
|
int err; |
|
|
|
|
|
|
|
init(); |
|
|
|
ctx = setup_client_ctx(); |
|
|
|
ctx = setup_client_ctx(curves); |
|
|
|
|
|
|
|
DBG("Trying to connect"); |
|
|
|
int fd = connect_once(IP); |
|
|
|
|
|
|
|
for (size_t i=0; i<handshake_nb; i++) { |
|
|
|
const int fd = connect_once(IP); |
|
|
|
|
|
|
|
DBG("SSL ctx setup"); |
|
|
|
if (!(ssl = SSL_new(ctx))) { |
|
|
|
ERR("Error creating an SSL context"); |
|
|
|
} |
|
|
|
SSL_set_fd(ssl, fd); |
|
|
|
|
|
|
|
DBG("SSL handshake"); |
|
|
|
// OZAPTF: do handshake thing |
|
|
|
err = SSL_connect(ssl); |
|
|
|
if (err<=0) { |
|
|
|
ERR("Error connecting SSL err=%d", err); |
|
|
|
} |
|
|
|
assert(!SSL_session_reused(ssl)); |
|
|
|
|
|
|
|
assert(SSL_shutdown(ssl) == 0); |
|
|
|
assert(SSL_shutdown(ssl) == 1); |
|
|
|
SSL_free(ssl); |
|
|
|
close(fd); |
|
|
|
} |
|
|
|
|
|
|
|
SSL_CTX_free(ctx); |
|
|
|
close(fd); |
|
|
|
} |
|
|
|
|
|
|
|
void test_Read(const char* IP) { |
|
|
|
void test_Read(const char* IP, const char* curves) { |
|
|
|
int err, nread=0; |
|
|
|
SSL* ssl; |
|
|
|
SSL_CTX* ctx; |
|
|
|
|
|
|
|
init(); |
|
|
|
ctx = setup_client_ctx(); |
|
|
|
ctx = setup_client_ctx(curves); |
|
|
|
|
|
|
|
DBG("Trying to connect"); |
|
|
|
int fd = connect_once(IP); |
|
|
|
@@ -136,13 +139,13 @@ void test_Read(const char* IP) { |
|
|
|
close(fd); |
|
|
|
} |
|
|
|
|
|
|
|
void test_Write(const char* IP) { |
|
|
|
void test_Write(const char* IP, const char* curves) { |
|
|
|
SSL* ssl; |
|
|
|
SSL_CTX* ctx; |
|
|
|
int err,nread=0; |
|
|
|
|
|
|
|
init(); |
|
|
|
ctx = setup_client_ctx(); |
|
|
|
ctx = setup_client_ctx(curves); |
|
|
|
|
|
|
|
DBG("Trying to connect"); |
|
|
|
int fd = connect_once(IP); |
|
|
|
@@ -186,12 +189,19 @@ int main(int argc, char* argv[]) { |
|
|
|
goto usage; |
|
|
|
} |
|
|
|
|
|
|
|
if (!strncmp("test_Handshake", argv[2], strlen("test_Handshake"))) { |
|
|
|
test_Handshake(argv[1], HANDHAKE_REPS); |
|
|
|
const char *curves = NULL; |
|
|
|
if (argc==4) { |
|
|
|
curves = argv[3]; |
|
|
|
} else { |
|
|
|
curves = DefaultCurves; |
|
|
|
} |
|
|
|
|
|
|
|
if (!strncmp("test_Handshake", argv[2], strlen("test_Handshake"))) { |
|
|
|
test_Handshake(argv[1], curves, HANDHAKE_REPS); |
|
|
|
} else if (!strncmp("test_Read", argv[2], strlen("test_Read"))) { |
|
|
|
test_Read(argv[1]); |
|
|
|
test_Read(argv[1], curves); |
|
|
|
} else if (!strncmp("test_Write", argv[2], strlen("test_Write"))) { |
|
|
|
test_Write(argv[1]); |
|
|
|
test_Write(argv[1], curves); |
|
|
|
} else { |
|
|
|
printf("Unknown test"); |
|
|
|
goto usage; |
|
|
|
@@ -202,7 +212,7 @@ exit: |
|
|
|
return 0; |
|
|
|
|
|
|
|
usage: |
|
|
|
ERR("\n\nUsage: %s <host_ip> test_name\nOptions for 'test_name':\n\t" |
|
|
|
ERR("\n\nUsage: %s host_ip test_name [groups]\nOptions for 'test_name':\n\t" |
|
|
|
"test_Handshake\n\ttest_Write\n\ttest_Read\n", argv[0]); |
|
|
|
goto exit; |
|
|
|
} |
