/* This file is part of libmicrohttpd Copyright (C) 2007 Christian Grothoff libmicrohttpd is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. libmicrohttpd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with libmicrohttpd; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /** * @file tls_test_common.c * @brief Common tls test functions * @author Sagie Amir */ #include "tls_test_common.h" #include "tls_test_keys.h" FILE * setup_ca_cert () { FILE *cert_fd; if (NULL == (cert_fd = fopen (ca_cert_file_name, "wb+"))) { fprintf (stderr, "Error: failed to open `%s': %s\n", ca_cert_file_name, strerror (errno)); return NULL; } if (fwrite (ca_cert_pem, sizeof (char), strlen (ca_cert_pem) + 1, cert_fd) != strlen (ca_cert_pem) + 1) { fprintf (stderr, "Error: failed to write `%s. %s'\n", ca_cert_file_name, strerror (errno)); fclose (cert_fd); return NULL; } if (fflush (cert_fd)) { fprintf (stderr, "Error: failed to flush ca cert file stream. %s\n", strerror (errno)); fclose (cert_fd); return NULL; } return cert_fd; } /* * test HTTPS transfer */ int test_daemon_get (void *cls, const char *cipher_suite, int proto_version, int port, int ver_peer) { CURL *c; struct CBC cbc; CURLcode errornum; char url[255]; size_t len; (void)cls; /* Unused. Silent compiler warning. */ len = strlen (test_data); if (NULL == (cbc.buf = malloc (sizeof (char) * len))) { fprintf (stderr, MHD_E_MEM); return -1; } cbc.size = len; cbc.pos = 0; /* construct url - this might use doc_path */ gen_test_file_url (url, sizeof (url), port); c = curl_easy_init (); #if DEBUG_HTTPS_TEST curl_easy_setopt (c, CURLOPT_VERBOSE, 1); #endif curl_easy_setopt (c, CURLOPT_URL, url); curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_FILE, &cbc); /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version); curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); /* perform peer authentication */ /* TODO merge into send_curl_req */ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, ver_peer); if (ver_peer) curl_easy_setopt (c, CURLOPT_CAINFO, ca_cert_file_name); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); /* NOTE: use of CONNECTTIMEOUT without also setting NOSIGNAL results in really weird crashes on my system! */ curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); if (CURLE_OK != (errornum = curl_easy_perform (c))) { fprintf (stderr, "curl_easy_perform failed: `%s'\n", curl_easy_strerror (errornum)); curl_easy_cleanup (c); free (cbc.buf); return errornum; } curl_easy_cleanup (c); if (memcmp (cbc.buf, test_data, len) != 0) { fprintf (stderr, "Error: local file & received file differ.\n"); free (cbc.buf); return -1; } free (cbc.buf); return 0; } void print_test_result (int test_outcome, char *test_name) { if (test_outcome != 0) fprintf (stderr, "running test: %s [fail: %u]\n", test_name, (unsigned int)test_outcome); #if 0 else fprintf (stdout, "running test: %s [pass]\n", test_name); #endif } size_t copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx) { struct CBC *cbc = ctx; if (cbc->pos + size * nmemb > cbc->size) return 0; /* overflow */ memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb); cbc->pos += size * nmemb; return size * nmemb; } /** * HTTP access handler call back */ int http_ahc (void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **ptr) { static int aptr; struct MHD_Response *response; int ret; (void)cls;(void)url;(void)version; /* Unused. Silent compiler warning. */ (void)upload_data;(void)upload_data_size; /* Unused. Silent compiler warning. */ if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) return MHD_NO; /* unexpected method */ if (&aptr != *ptr) { /* do never respond on first call */ *ptr = &aptr; return MHD_YES; } *ptr = NULL; /* reset when done */ response = MHD_create_response_from_buffer (strlen (test_data), (void *) test_data, MHD_RESPMEM_PERSISTENT); ret = MHD_queue_response (connection, MHD_HTTP_OK, response); MHD_destroy_response (response); return ret; } /* HTTP access handler call back */ int http_dummy_ahc (void *cls, struct MHD_Connection *connection, const char *url, const char *method, const char *version, const char *upload_data, size_t *upload_data_size, void **ptr) { (void)cls;(void)connection;(void)url;(void)method;(void)version; /* Unused. Silent compiler warning. */ (void)upload_data;(void)upload_data_size;(void)ptr; /* Unused. Silent compiler warning. */ return 0; } /** * send a test http request to the daemon * @param url * @param cbc - may be null * @param cipher_suite * @param proto_version * @return */ /* TODO have test wrap consider a NULL cbc */ int send_curl_req (char *url, struct CBC * cbc, const char *cipher_suite, int proto_version) { CURL *c; CURLcode errornum; c = curl_easy_init (); #if DEBUG_HTTPS_TEST curl_easy_setopt (c, CURLOPT_VERBOSE, CURL_VERBOS_LEVEL); #endif curl_easy_setopt (c, CURLOPT_URL, url); curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); curl_easy_setopt (c, CURLOPT_TIMEOUT, 60L); curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 60L); if (cbc != NULL) { curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_FILE, cbc); } /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version); curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); /* currently skip any peer authentication */ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); /* NOTE: use of CONNECTTIMEOUT without also setting NOSIGNAL results in really weird crashes on my system! */ curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); if (CURLE_OK != (errornum = curl_easy_perform (c))) { fprintf (stderr, "curl_easy_perform failed: `%s'\n", curl_easy_strerror (errornum)); curl_easy_cleanup (c); return errornum; } curl_easy_cleanup (c); return CURLE_OK; } /** * compile test file url pointing to the current running directory path * * @param[out] url - char buffer into which the url is compiled * @param url_len number of bytes available in url * @param port port to use for the test * @return -1 on error */ int gen_test_file_url (char *url, size_t url_len, int port) { int ret = 0; char *doc_path; size_t doc_path_len; /* setup test file path, url */ #ifdef PATH_MAX doc_path_len = PATH_MAX > 4096 ? 4096 : PATH_MAX; #else /* ! PATH_MAX */ doc_path_len = 4096; #endif /* ! PATH_MAX */ #ifdef WINDOWS size_t i; #endif /* ! WINDOWS */ if (NULL == (doc_path = malloc (doc_path_len))) { fprintf (stderr, MHD_E_MEM); return -1; } if (NULL == getcwd (doc_path, doc_path_len)) { fprintf (stderr, "Error: failed to get working directory. %s\n", strerror (errno)); free (doc_path); return -1; } #ifdef WINDOWS for (i = 0; i < doc_path_len; i++) { if (doc_path[i] == 0) break; if (doc_path[i] == '\\') { doc_path[i] = '/'; } if (doc_path[i] != ':') continue; if (i == 0) break; doc_path[i] = doc_path[i - 1]; doc_path[i - 1] = '/'; } #endif /* construct url */ if (snprintf (url, url_len, "%s:%d%s/%s", "https://127.0.0.1", port, doc_path, "urlpath") >= (long long)url_len) ret = -1; free (doc_path); return ret; } /** * test HTTPS file transfer */ int test_https_transfer (void *cls, int port, const char *cipher_suite, int proto_version) { int len; int ret = 0; struct CBC cbc; char url[255]; (void)cls; /* Unused. Silent compiler warning. */ len = strlen (test_data); if (NULL == (cbc.buf = malloc (sizeof (char) * len))) { fprintf (stderr, MHD_E_MEM); return -1; } cbc.size = len; cbc.pos = 0; if (gen_test_file_url (url, sizeof (url), port)) { ret = -1; goto cleanup; } if (CURLE_OK != send_curl_req (url, &cbc, cipher_suite, proto_version)) { ret = -1; goto cleanup; } /* compare test file & daemon responce */ if ( (len != strlen (test_data)) || (memcmp (cbc.buf, test_data, len) != 0) ) { fprintf (stderr, "Error: local file & received file differ.\n"); ret = -1; } cleanup: free (cbc.buf); return ret; } /** * setup test case * * @param d * @param daemon_flags * @param arg_list * @return port number on success or zero on failure */ int setup_testcase (struct MHD_Daemon **d, int port, int daemon_flags, va_list arg_list) { *d = MHD_start_daemon_va (daemon_flags, port, NULL, NULL, &http_ahc, NULL, arg_list); if (*d == NULL) { fprintf (stderr, MHD_E_SERVER_INIT); return 0; } if (0 == port) { const union MHD_DaemonInfo *dinfo; dinfo = MHD_get_daemon_info (*d, MHD_DAEMON_INFO_BIND_PORT); if (NULL == dinfo || 0 == dinfo->port) { MHD_stop_daemon (*d); return 0; } port = (int)dinfo->port; } return port; } void teardown_testcase (struct MHD_Daemon *d) { MHD_stop_daemon (d); } int setup_session (gnutls_session_t * session, gnutls_datum_t * key, gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) { int ret; const char *err_pos; gnutls_certificate_allocate_credentials (xcred); key->size = strlen (srv_key_pem) + 1; key->data = malloc (key->size); if (NULL == key->data) { gnutls_certificate_free_credentials (*xcred); return -1; } memcpy (key->data, srv_key_pem, key->size); cert->size = strlen (srv_self_signed_cert_pem) + 1; cert->data = malloc (cert->size); if (NULL == cert->data) { gnutls_certificate_free_credentials (*xcred); free (key->data); return -1; } memcpy (cert->data, srv_self_signed_cert_pem, cert->size); gnutls_certificate_set_x509_key_mem (*xcred, cert, key, GNUTLS_X509_FMT_PEM); gnutls_init (session, GNUTLS_CLIENT); ret = gnutls_priority_set_direct (*session, "NORMAL", &err_pos); if (ret < 0) { gnutls_deinit (*session); gnutls_certificate_free_credentials (*xcred); free (key->data); return -1; } gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, *xcred); return 0; } int teardown_session (gnutls_session_t session, gnutls_datum_t * key, gnutls_datum_t * cert, gnutls_certificate_credentials_t xcred) { free (key->data); key->data = NULL; key->size = 0; free (cert->data); cert->data = NULL; cert->size = 0; gnutls_deinit (session); gnutls_certificate_free_credentials (xcred); return 0; } /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) */ int test_wrap (const char *test_name, int (*test_function) (void * cls, int port, const char *cipher_suite, int proto_version), void * cls, int port, int daemon_flags, const char *cipher_suite, int proto_version, ...) { int ret; va_list arg_list; struct MHD_Daemon *d; (void)cls; /* Unused. Silent compiler warning. */ va_start (arg_list, proto_version); port = setup_testcase (&d, port, daemon_flags, arg_list); if (0 == port) { va_end (arg_list); fprintf (stderr, "Failed to setup testcase %s\n", test_name); return -1; } #if 0 fprintf (stdout, "running test: %s ", test_name); #endif ret = test_function (NULL, port, cipher_suite, proto_version); #if 0 if (ret == 0) { fprintf (stdout, "[pass]\n"); } else { fprintf (stdout, "[fail]\n"); } #endif teardown_testcase (d); va_end (arg_list); return ret; } int testsuite_curl_global_init (void) { CURLcode res; #if LIBCURL_VERSION_NUM >= 0x073800 if (CURLSSLSET_OK != curl_global_sslset(CURLSSLBACKEND_GNUTLS, NULL, NULL)) { if (CURLSSLSET_TOO_LATE == curl_global_sslset(CURLSSLBACKEND_OPENSSL, NULL, NULL)) fprintf (stderr, "WARNING: libcurl was already initialised.\n"); } #endif /* LIBCURL_VERSION_NUM >= 0x07380 */ res = curl_global_init (CURL_GLOBAL_ALL); if (CURLE_OK != res) { fprintf (stderr, "libcurl initialisation error: %s\n", curl_easy_strerror(res)); return 0; } return 1; }