summaryrefslogtreecommitdiff
path: root/src/supplemental/tls/tls_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/supplemental/tls/tls_test.c')
-rw-r--r--src/supplemental/tls/tls_test.c311
1 files changed, 310 insertions, 1 deletions
diff --git a/src/supplemental/tls/tls_test.c b/src/supplemental/tls/tls_test.c
index 4a3f6e2d..d4ad2cc4 100644
--- a/src/supplemental/tls/tls_test.c
+++ b/src/supplemental/tls/tls_test.c
@@ -86,7 +86,7 @@ test_tls_large_message(void)
void *t2;
int port;
- NUTS_ENABLE_LOG(NNG_LOG_INFO);
+ NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
// allocate messages
NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
@@ -170,10 +170,319 @@ test_tls_garbled_cert(void)
nng_tls_config_free(c1);
}
+void
+test_tls_psk(void)
+{
+ nng_stream_listener *l;
+ nng_stream_dialer *d;
+ nng_aio *aio1, *aio2;
+ nng_stream *s1;
+ nng_stream *s2;
+ nng_tls_config *c1;
+ nng_tls_config *c2;
+ char addr[32];
+ uint8_t key[32];
+ uint8_t *buf1;
+ uint8_t *buf2;
+ size_t size = 10000;
+ void *t1;
+ void *t2;
+ int port;
+
+ NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
+ // allocate messages
+ NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
+ NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
+
+ for (size_t i = 0; i < sizeof(key); i++) {
+ key[i] = rand() & 0xff;
+ }
+ for (size_t i = 0; i < size; i++) {
+ buf1[i] = rand() & 0xff;
+ }
+
+ NUTS_PASS(nng_aio_alloc(&aio1, NULL, NULL));
+ NUTS_PASS(nng_aio_alloc(&aio2, NULL, NULL));
+ nng_aio_set_timeout(aio1, 5000);
+ nng_aio_set_timeout(aio2, 5000);
+
+ // Allocate the listener first. We use a wild-card port.
+ NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
+ NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
+ NUTS_PASS(nng_tls_config_psk(c1, "identity", key, sizeof(key)));
+ NUTS_PASS(nng_stream_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c1));
+ NUTS_PASS(nng_stream_listener_listen(l));
+ NUTS_PASS(
+ nng_stream_listener_get_int(l, NNG_OPT_TCP_BOUND_PORT, &port));
+ NUTS_TRUE(port > 0);
+ NUTS_TRUE(port < 65536);
+
+ snprintf(addr, sizeof(addr), "tls+tcp://127.0.0.1:%d", port);
+ NUTS_PASS(nng_stream_dialer_alloc(&d, addr));
+ NUTS_PASS(nng_tls_config_alloc(&c2, NNG_TLS_MODE_CLIENT));
+ NUTS_PASS(nng_tls_config_psk(c2, "identity", key, sizeof(key)));
+ NUTS_PASS(nng_tls_config_server_name(c2, "localhost"));
+
+ NUTS_PASS(nng_stream_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c2));
+
+ nng_stream_listener_accept(l, aio1);
+ nng_stream_dialer_dial(d, aio2);
+
+ nng_aio_wait(aio1);
+ nng_aio_wait(aio2);
+
+ NUTS_PASS(nng_aio_result(aio1));
+ NUTS_PASS(nng_aio_result(aio2));
+
+ NUTS_TRUE((s1 = nng_aio_get_output(aio1, 0)) != NULL);
+ NUTS_TRUE((s2 = nng_aio_get_output(aio2, 0)) != NULL);
+
+ t1 = nuts_stream_send_start(s1, buf1, size);
+ t2 = nuts_stream_recv_start(s2, buf2, size);
+
+ NUTS_PASS(nuts_stream_wait(t1));
+ NUTS_PASS(nuts_stream_wait(t2));
+ NUTS_TRUE(memcmp(buf1, buf2, size) == 0);
+
+ nng_free(buf1, size);
+ nng_free(buf2, size);
+ nng_stream_free(s1);
+ nng_stream_free(s2);
+ nng_stream_dialer_free(d);
+ nng_stream_listener_free(l);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+ nng_aio_free(aio1);
+ nng_aio_free(aio2);
+}
+
+void
+test_tls_psk_server_identities(void)
+{
+ nng_stream_listener *l;
+ nng_stream_dialer *d;
+ nng_aio *aio1, *aio2;
+ nng_stream *s1;
+ nng_stream *s2;
+ nng_tls_config *c1;
+ nng_tls_config *c2;
+ char addr[32];
+ uint8_t *buf1;
+ uint8_t *buf2;
+ size_t size = 10000;
+ void *t1;
+ void *t2;
+ int port;
+ char *identity = "test_identity";
+ uint8_t key[32];
+
+ NUTS_ENABLE_LOG(NNG_LOG_INFO);
+ // allocate messages
+ NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
+ NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
+
+ for (size_t i = 0; i < sizeof(key); i++) {
+ key[i] = rand() & 0xff;
+ }
+ for (size_t i = 0; i < size; i++) {
+ buf1[i] = rand() & 0xff;
+ }
+
+ NUTS_PASS(nng_aio_alloc(&aio1, NULL, NULL));
+ NUTS_PASS(nng_aio_alloc(&aio2, NULL, NULL));
+ nng_aio_set_timeout(aio1, 5000);
+ nng_aio_set_timeout(aio2, 5000);
+
+ // Allocate the listener first. We use a wild-card port.
+ NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
+ NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
+ // Replace the identity .. first write one value, then we change it
+ NUTS_PASS(
+ nng_tls_config_psk(c1, "identity2", key + 4, sizeof(key) - 4));
+ NUTS_PASS(nng_tls_config_psk(c1, identity, key + 4, sizeof(key) - 4));
+ NUTS_PASS(nng_tls_config_psk(c1, identity, key, sizeof(key)));
+ NUTS_PASS(nng_stream_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c1));
+ NUTS_PASS(nng_stream_listener_listen(l));
+ NUTS_PASS(
+ nng_stream_listener_get_int(l, NNG_OPT_TCP_BOUND_PORT, &port));
+ NUTS_TRUE(port > 0);
+ NUTS_TRUE(port < 65536);
+
+ snprintf(addr, sizeof(addr), "tls+tcp://127.0.0.1:%d", port);
+ NUTS_PASS(nng_stream_dialer_alloc(&d, addr));
+ NUTS_PASS(nng_tls_config_alloc(&c2, NNG_TLS_MODE_CLIENT));
+ NUTS_PASS(nng_tls_config_psk(c2, identity, key, sizeof(key)));
+ NUTS_PASS(nng_tls_config_server_name(c2, "localhost"));
+
+ NUTS_PASS(nng_stream_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c2));
+
+ nng_stream_listener_accept(l, aio1);
+ nng_stream_dialer_dial(d, aio2);
+
+ nng_aio_wait(aio1);
+ nng_aio_wait(aio2);
+
+ NUTS_PASS(nng_aio_result(aio1));
+ NUTS_PASS(nng_aio_result(aio2));
+
+ NUTS_TRUE((s1 = nng_aio_get_output(aio1, 0)) != NULL);
+ NUTS_TRUE((s2 = nng_aio_get_output(aio2, 0)) != NULL);
+
+ t1 = nuts_stream_send_start(s1, buf1, size);
+ t2 = nuts_stream_recv_start(s2, buf2, size);
+
+ NUTS_PASS(nuts_stream_wait(t1));
+ NUTS_PASS(nuts_stream_wait(t2));
+ NUTS_TRUE(memcmp(buf1, buf2, size) == 0);
+
+ nng_free(buf1, size);
+ nng_free(buf2, size);
+ nng_stream_free(s1);
+ nng_stream_free(s2);
+ nng_stream_dialer_free(d);
+ nng_stream_listener_free(l);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+ nng_aio_free(aio1);
+ nng_aio_free(aio2);
+}
+
+void
+test_tls_psk_bad_identity(void)
+{
+ nng_stream_listener *l;
+ nng_stream_dialer *d;
+ nng_aio *aio1, *aio2;
+ nng_stream *s1;
+ nng_stream *s2;
+ nng_tls_config *c1;
+ nng_tls_config *c2;
+ char addr[32];
+ uint8_t *buf1;
+ uint8_t *buf2;
+ size_t size = 10000;
+ void *t1;
+ void *t2;
+ int port;
+ uint8_t key[32];
+
+ NUTS_ENABLE_LOG(NNG_LOG_INFO);
+ // allocate messages
+ NUTS_ASSERT((buf1 = nng_alloc(size)) != NULL);
+ NUTS_ASSERT((buf2 = nng_alloc(size)) != NULL);
+
+ for (size_t i = 0; i < sizeof(key); i++) {
+ key[i] = rand() & 0xff;
+ }
+ for (size_t i = 0; i < size; i++) {
+ buf1[i] = rand() & 0xff;
+ }
+
+ NUTS_PASS(nng_aio_alloc(&aio1, NULL, NULL));
+ NUTS_PASS(nng_aio_alloc(&aio2, NULL, NULL));
+ nng_aio_set_timeout(aio1, 5000);
+ nng_aio_set_timeout(aio2, 5000);
+
+ // Allocate the listener first. We use a wild-card port.
+ NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
+ NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
+ // Replace the identity .. first write one value, then we change it
+ NUTS_PASS(nng_tls_config_psk(c1, "identity1", key, sizeof(key)));
+ NUTS_PASS(nng_stream_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c1));
+ NUTS_PASS(nng_stream_listener_listen(l));
+ NUTS_PASS(
+ nng_stream_listener_get_int(l, NNG_OPT_TCP_BOUND_PORT, &port));
+ NUTS_TRUE(port > 0);
+ NUTS_TRUE(port < 65536);
+
+ snprintf(addr, sizeof(addr), "tls+tcp://127.0.0.1:%d", port);
+ NUTS_PASS(nng_stream_dialer_alloc(&d, addr));
+ NUTS_PASS(nng_tls_config_alloc(&c2, NNG_TLS_MODE_CLIENT));
+ NUTS_PASS(nng_tls_config_psk(c2, "identity2", key, sizeof(key)));
+ NUTS_PASS(nng_tls_config_server_name(c2, "localhost"));
+
+ NUTS_PASS(nng_stream_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c2));
+
+ nng_stream_listener_accept(l, aio1);
+ nng_stream_dialer_dial(d, aio2);
+
+ nng_aio_wait(aio1);
+ nng_aio_wait(aio2);
+
+ NUTS_PASS(nng_aio_result(aio1));
+ NUTS_PASS(nng_aio_result(aio2));
+
+ NUTS_TRUE((s1 = nng_aio_get_output(aio1, 0)) != NULL);
+ NUTS_TRUE((s2 = nng_aio_get_output(aio2, 0)) != NULL);
+
+ t1 = nuts_stream_send_start(s1, buf1, size);
+ t2 = nuts_stream_recv_start(s2, buf2, size);
+
+ NUTS_FAIL(nuts_stream_wait(t1), NNG_ECRYPTO);
+ NUTS_FAIL(nuts_stream_wait(t2), NNG_ECRYPTO);
+
+ nng_free(buf1, size);
+ nng_free(buf2, size);
+ nng_stream_free(s1);
+ nng_stream_free(s2);
+ nng_stream_dialer_free(d);
+ nng_stream_listener_free(l);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+ nng_aio_free(aio1);
+ nng_aio_free(aio2);
+}
+
+void
+test_tls_psk_key_too_big(void)
+{
+ nng_tls_config *c1;
+ uint8_t key[5000];
+
+ NUTS_ENABLE_LOG(NNG_LOG_INFO);
+
+ // Allocate the listener first. We use a wild-card port.
+ NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_CLIENT));
+ NUTS_FAIL(
+ nng_tls_config_psk(c1, "identity", key, sizeof(key)), NNG_ECRYPTO);
+ nng_tls_config_free(c1);
+}
+
+void
+test_tls_psk_config_busy(void)
+{
+ nng_tls_config *c1;
+ uint8_t key[32];
+ nng_stream_listener *l;
+ nng_aio *aio;
+
+ nng_aio_alloc(&aio, NULL, NULL);
+
+ NUTS_ENABLE_LOG(NNG_LOG_INFO);
+
+ NUTS_PASS(nng_stream_listener_alloc(&l, "tls+tcp://127.0.0.1:0"));
+ NUTS_PASS(nng_tls_config_alloc(&c1, NNG_TLS_MODE_SERVER));
+ NUTS_PASS(nng_tls_config_psk(c1, "identity", key, sizeof(key)));
+ NUTS_PASS(nng_stream_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c1));
+ nng_stream_listener_accept(l, aio);
+ nng_msleep(100);
+ NUTS_FAIL(
+ nng_tls_config_psk(c1, "identity2", key, sizeof(key)), NNG_EBUSY);
+
+ nng_stream_listener_free(l);
+ nng_aio_free(aio);
+ nng_tls_config_free(c1);
+}
+
TEST_LIST = {
{ "tls config version", test_tls_config_version },
{ "tls conn refused", test_tls_conn_refused },
{ "tls large message", test_tls_large_message },
{ "tls garbled cert", test_tls_garbled_cert },
+ { "tls psk", test_tls_psk },
+ { "tls psk server identities", test_tls_psk_server_identities },
+ { "tls psk bad identity", test_tls_psk_bad_identity },
+ { "tls psk key too big", test_tls_psk_key_too_big },
+ { "tls psk key config busy", test_tls_psk_config_busy },
{ NULL, NULL },
};
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-18 07:10:22 +0000