/* * Copyright (C) 2016 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * GnuTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H #include #endif /* This program tests the MTU calculation in various cipher/mac algorithm combinations * in gnutls */ #include #include #include #include #include #include #include "eagain-common.h" #include "cert-common.h" #include "utils.h" #include #define myfail(fmt, ...) \ fail("%s: "fmt, name, ##__VA_ARGS__) static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); } static void dtls_mtu_try(const char *name, const char *client_prio, unsigned link_mtu, unsigned tunnel_mtu) { int ret; /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; /* Client stuff. */ gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; unsigned dmtu; unsigned i; /* General init. */ gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); reset_buffers(); /* Init server */ assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); assert(gnutls_certificate_set_x509_key_mem(serverx509cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM) >= 0); assert(gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK) >= 0); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); assert(gnutls_priority_set_direct(server, "NORMAL:+ANON-ECDH:+ANON-DH:+3DES-CBC:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+SHA256:+CURVE-X25519", NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); gnutls_transport_set_ptr(server, server); /* Init client */ ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK); if (ret < 0) exit(1); assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM)>=0); assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred) >= 0); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); gnutls_transport_set_ptr(client, client); ret = gnutls_priority_set_direct(client, client_prio, NULL); if (ret < 0) { fail("%s: error in priority setting\n", name); exit(1); } success("negotiating %s\n", name); HANDSHAKE_DTLS(client, server); gnutls_dtls_set_mtu(client, link_mtu); dmtu = gnutls_dtls_get_data_mtu(client); if (dmtu != tunnel_mtu) { fail("%s: Calculated MTU (%d) does not match expected (%d)\n", name, dmtu, tunnel_mtu); } { char *msg = gnutls_malloc(dmtu+1); assert(msg); memset(msg, 1, dmtu+1); ret = gnutls_record_send(client, msg, dmtu+1); if (ret != (int)GNUTLS_E_LARGE_PACKET) { myfail("could send larger packet than MTU (%d), ret: %d\n", dmtu, ret); } ret = gnutls_record_send(client, msg, dmtu); if (ret != (int)dmtu) { myfail("could not send %d bytes (sent %d)\n", dmtu, ret); } memset(msg, 2, dmtu); ret = gnutls_record_recv(server, msg, dmtu); if (ret != (int)dmtu) { myfail("could not receive %d bytes (received %d)\n", dmtu, ret); } for (i=0;i