diff options
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/Makefile.am | 8 | ||||
-rw-r--r-- | scripts/Makefile.in | 34 | ||||
-rw-r--r-- | scripts/bin2sql.c | 2 | ||||
-rw-r--r-- | scripts/crypt_burn.c | 2 | ||||
-rw-r--r-- | scripts/tls_test.c | 317 |
5 files changed, 348 insertions, 15 deletions
diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 2cd8b499b..5f303be17 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -6,10 +6,10 @@ noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql oid2der \ thread_analysis dh_speed pubkey_speed crypt_burn fetch if USE_TLS - noinst_PROGRAMS += tls_test - tls_test_SOURCES = tls_test.c - tls_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtls/libtls.la + noinst_PROGRAMS += tls_test + tls_test_SOURCES = tls_test.c + tls_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtls/libtls.la endif bin2array_SOURCES = bin2array.c diff --git a/scripts/Makefile.in b/scripts/Makefile.in index b1a790b0e..f16ca8735 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -37,7 +37,9 @@ host_triplet = @host@ noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \ key2keyid$(EXEEXT) keyid2sql$(EXEEXT) oid2der$(EXEEXT) \ thread_analysis$(EXEEXT) dh_speed$(EXEEXT) \ - pubkey_speed$(EXEEXT) crypt_burn$(EXEEXT) fetch$(EXEEXT) + pubkey_speed$(EXEEXT) crypt_burn$(EXEEXT) fetch$(EXEEXT) \ + $(am__EXEEXT_1) +@USE_TLS_TRUE@am__append_1 = tls_test subdir = scripts DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -55,6 +57,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +@USE_TLS_TRUE@am__EXEEXT_1 = tls_test$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) am_bin2array_OBJECTS = bin2array.$(OBJEXT) bin2array_OBJECTS = $(am_bin2array_OBJECTS) @@ -97,6 +100,11 @@ pubkey_speed_DEPENDENCIES = \ am_thread_analysis_OBJECTS = thread_analysis.$(OBJEXT) thread_analysis_OBJECTS = $(am_thread_analysis_OBJECTS) thread_analysis_LDADD = $(LDADD) +am__tls_test_SOURCES_DIST = tls_test.c +@USE_TLS_TRUE@am_tls_test_OBJECTS = tls_test.$(OBJEXT) +tls_test_OBJECTS = $(am_tls_test_OBJECTS) +@USE_TLS_TRUE@tls_test_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \ +@USE_TLS_TRUE@ $(top_builddir)/src/libtls/libtls.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -114,12 +122,12 @@ SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \ $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(fetch_SOURCES) \ $(id2sql_SOURCES) $(key2keyid_SOURCES) $(keyid2sql_SOURCES) \ $(oid2der_SOURCES) $(pubkey_speed_SOURCES) \ - $(thread_analysis_SOURCES) + $(thread_analysis_SOURCES) $(tls_test_SOURCES) DIST_SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \ $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(fetch_SOURCES) \ $(id2sql_SOURCES) $(key2keyid_SOURCES) $(keyid2sql_SOURCES) \ $(oid2der_SOURCES) $(pubkey_speed_SOURCES) \ - $(thread_analysis_SOURCES) + $(thread_analysis_SOURCES) $(am__tls_test_SOURCES_DIST) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -214,6 +222,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -222,6 +233,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -238,11 +250,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -286,6 +300,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ @@ -300,6 +315,10 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtls AM_CFLAGS = \ -DPLUGINS="\"${scripts_plugins}\"" +@USE_TLS_TRUE@tls_test_SOURCES = tls_test.c +@USE_TLS_TRUE@tls_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ +@USE_TLS_TRUE@ $(top_builddir)/src/libtls/libtls.la + bin2array_SOURCES = bin2array.c bin2sql_SOURCES = bin2sql.c id2sql_SOURCES = id2sql.c @@ -395,6 +414,9 @@ pubkey_speed$(EXEEXT): $(pubkey_speed_OBJECTS) $(pubkey_speed_DEPENDENCIES) thread_analysis$(EXEEXT): $(thread_analysis_OBJECTS) $(thread_analysis_DEPENDENCIES) @rm -f thread_analysis$(EXEEXT) $(LINK) $(thread_analysis_OBJECTS) $(thread_analysis_LDADD) $(LIBS) +tls_test$(EXEEXT): $(tls_test_OBJECTS) $(tls_test_DEPENDENCIES) + @rm -f tls_test$(EXEEXT) + $(LINK) $(tls_test_OBJECTS) $(tls_test_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -413,6 +435,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oid2der.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_speed.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/thread_analysis.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_test.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -639,11 +662,6 @@ uninstall-am: pdf pdf-am ps ps-am tags uninstall uninstall-am -@USE_TLS_TRUE@ noinst_PROGRAMS += tls_test -@USE_TLS_TRUE@ tls_test_SOURCES = tls_test.c -@USE_TLS_TRUE@ tls_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ -@USE_TLS_TRUE@ $(top_builddir)/src/libtls/libtls.la - key2keyid.o : $(top_builddir)/config.status keyid2sql.o : $(top_builddir)/config.status diff --git a/scripts/bin2sql.c b/scripts/bin2sql.c index 8bc72f842..ce5e600a3 100644 --- a/scripts/bin2sql.c +++ b/scripts/bin2sql.c @@ -6,7 +6,6 @@ */ int main(int argc, char *argv[]) { - int end = 0; unsigned char byte; printf("X'"); @@ -14,7 +13,6 @@ int main(int argc, char *argv[]) { if (fread(&byte, 1, 1, stdin) != 1) { - end = 1; break; } printf("%02x", (unsigned int)byte); diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c index 25f18d47e..5c41b191b 100644 --- a/scripts/crypt_burn.c +++ b/scripts/crypt_burn.c @@ -65,7 +65,7 @@ int main(int argc, char *argv[]) chunk_create(iv, aead->get_iv_size(aead)), NULL)) { fprintf(stderr, "aead integrity check failed!\n"); - return FALSE; + return 1; } if (limit && ++i == limit) { diff --git a/scripts/tls_test.c b/scripts/tls_test.c new file mode 100644 index 000000000..560c4a4ba --- /dev/null +++ b/scripts/tls_test.c @@ -0,0 +1,317 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <unistd.h> +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <getopt.h> +#include <errno.h> +#include <string.h> + +#include <library.h> +#include <debug.h> +#include <tls_socket.h> +#include <utils/host.h> +#include <credentials/sets/mem_cred.h> + +/** + * Print usage information + */ +static void usage(FILE *out, char *cmd) +{ + fprintf(out, "usage:\n"); + fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+ [--times <n>]\n", cmd); + fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd); +} + +/** + * Client routine + */ +static int client(host_t *host, identification_t *server, + int times, tls_cache_t *cache) +{ + tls_socket_t *tls; + int fd, res; + + while (times == -1 || times-- > 0) + { + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd == -1) + { + DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno)); + return 1; + } + if (connect(fd, host->get_sockaddr(host), + *host->get_sockaddr_len(host)) == -1) + { + DBG1(DBG_TLS, "connecting to %#H failed: %s", host, strerror(errno)); + close(fd); + return 1; + } + tls = tls_socket_create(FALSE, server, NULL, fd, cache); + if (!tls) + { + close(fd); + return 1; + } + res = tls->splice(tls, 0, 1) ? 0 : 1; + tls->destroy(tls); + close(fd); + if (res) + { + break; + } + } + return res; +} + +/** + * Server routine + */ +static int serve(host_t *host, identification_t *server, + int times, tls_cache_t *cache) +{ + tls_socket_t *tls; + int fd, cfd; + + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd == -1) + { + DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno)); + return 1; + } + if (bind(fd, host->get_sockaddr(host), + *host->get_sockaddr_len(host)) == -1) + { + DBG1(DBG_TLS, "binding to %#H failed: %s", host, strerror(errno)); + close(fd); + return 1; + } + if (listen(fd, 1) == -1) + { + DBG1(DBG_TLS, "listen to %#H failed: %m", host, strerror(errno)); + close(fd); + return 1; + } + + while (times == -1 || times-- > 0) + { + cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host)); + if (cfd == -1) + { + DBG1(DBG_TLS, "accept failed: %s", strerror(errno)); + close(fd); + return 1; + } + DBG1(DBG_TLS, "%#H connected", host); + + tls = tls_socket_create(TRUE, server, NULL, cfd, cache); + if (!tls) + { + close(fd); + return 1; + } + tls->splice(tls, 0, 1); + DBG1(DBG_TLS, "%#H disconnected", host); + tls->destroy(tls); + } + close(fd); + + return 0; +} + +/** + * In-Memory credential set + */ +static mem_cred_t *creds; + +/** + * Load certificate from file + */ +static bool load_certificate(char *filename) +{ + certificate_t *cert; + + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, filename, BUILD_END); + if (!cert) + { + DBG1(DBG_TLS, "loading certificate from '%s' failed", filename); + return FALSE; + } + creds->add_cert(creds, TRUE, cert); + return TRUE; +} + +/** + * Load private key from file + */ +static bool load_key(char *filename) +{ + private_key_t *key; + + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_FROM_FILE, filename, BUILD_END); + if (!key) + { + DBG1(DBG_TLS, "loading key from '%s' failed", filename); + return FALSE; + } + creds->add_key(creds, key); + return TRUE; +} + +/** + * TLS debug level + */ +static level_t tls_level = 1; + +static void dbg_tls(debug_t group, level_t level, char *fmt, ...) +{ + if ((group == DBG_TLS && level <= tls_level) || level <= 1) + { + va_list args; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } +} + +/** + * Cleanup + */ +static void cleanup() +{ + lib->credmgr->remove_set(lib->credmgr, &creds->set); + creds->destroy(creds); + library_deinit(); +} + +/** + * Initialize library + */ +static void init() +{ + library_init(NULL); + + dbg = dbg_tls; + + lib->plugins->load(lib->plugins, NULL, PLUGINS); + + creds = mem_cred_create(); + lib->credmgr->add_set(lib->credmgr, &creds->set); + + atexit(cleanup); +} + +int main(int argc, char *argv[]) +{ + char *address = NULL; + bool listen = FALSE; + int port = 0, times = -1, res; + identification_t *server; + tls_cache_t *cache; + host_t *host; + + init(); + + while (TRUE) + { + struct option long_opts[] = { + {"help", no_argument, NULL, 'h' }, + {"connect", required_argument, NULL, 'c' }, + {"listen", required_argument, NULL, 'l' }, + {"port", required_argument, NULL, 'p' }, + {"cert", required_argument, NULL, 'x' }, + {"key", required_argument, NULL, 'k' }, + {"times", required_argument, NULL, 't' }, + {"debug", required_argument, NULL, 'd' }, + {0,0,0,0 } + }; + switch (getopt_long(argc, argv, "", long_opts, NULL)) + { + case EOF: + break; + case 'h': + usage(stdout, argv[0]); + return 0; + case 'x': + if (!load_certificate(optarg)) + { + return 1; + } + continue; + case 'k': + if (!load_key(optarg)) + { + return 1; + } + continue; + case 'l': + listen = TRUE; + /* fall */ + case 'c': + if (address) + { + usage(stderr, argv[0]); + return 1; + } + address = optarg; + continue; + case 'p': + port = atoi(optarg); + continue; + case 't': + times = atoi(optarg); + continue; + case 'd': + tls_level = atoi(optarg); + continue; + default: + usage(stderr, argv[0]); + return 1; + } + break; + } + if (!port || !address) + { + usage(stderr, argv[0]); + return 1; + } + host = host_create_from_dns(address, 0, port); + if (!host) + { + DBG1(DBG_TLS, "resolving hostname %s failed", address); + return 1; + } + server = identification_create_from_string(address); + cache = tls_cache_create(100, 30); + if (listen) + { + res = serve(host, server, times, cache); + } + else + { + res = client(host, server, times, cache); + } + cache->destroy(cache); + host->destroy(host); + server->destroy(server); + return res; +} + |