projects / strongswan.git / blob
? search:


202f63bb284e739acdd2000f0907ef145fd60d17
[strongswan.git] / scripts / tls_test.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <unistd.h>
17 #include <stdio.h>
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <getopt.h>
21
22 #include <library.h>
23 #include <debug.h>
24 #include <tls_socket.h>
25 #include <utils/host.h>
26 #include <credentials/sets/mem_cred.h>
27
28 /**
29 * Print usage information
30 */
31 static void usage(FILE *out, char *cmd)
32 {
33 fprintf(out, "usage:\n");
34 fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+\n", cmd);
35 fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ --oneshot\n", cmd);
36 }
37
38 /**
39 * Stream between stdio and TLS socket
40 */
41 static int stream(int fd, tls_socket_t *tls)
42 {
43 while (TRUE)
44 {
45 fd_set set;
46 chunk_t data;
47
48 FD_ZERO(&set);
49 FD_SET(fd, &set);
50 FD_SET(0, &set);
51
52 if (select(fd + 1, &set, NULL, NULL, NULL) == -1)
53 {
54 return 1;
55 }
56 if (FD_ISSET(fd, &set))
57 {
58 if (!tls->read(tls, &data))
59 {
60 fprintf(stderr, "TLS read error\n");
61 return 1;
62 }
63 if (data.len)
64 {
65 ignore_result(write(0, data.ptr, data.len));
66 free(data.ptr);
67 }
68 }
69 if (FD_ISSET(0, &set))
70 {
71 char buf[1024];
72 ssize_t len;
73
74 len = read(0, buf, sizeof(buf));
75 if (len == 0)
76 {
77 return 0;
78 }
79 if (len > 0)
80 {
81 if (!tls->write(tls, chunk_create(buf, len)))
82 {
83 fprintf(stderr, "TLS write error\n");
84 return 1;
85 }
86 }
87 }
88 }
89 }
90
91 /**
92 * Client routine
93 */
94 static int client(int fd, host_t *host, identification_t *server)
95 {
96 tls_socket_t *tls;
97 int res;
98
99 if (connect(fd, host->get_sockaddr(host),
100 *host->get_sockaddr_len(host)) == -1)
101 {
102 fprintf(stderr, "connecting to %#H failed: %m\n", host);
103 return 1;
104 }
105 tls = tls_socket_create(FALSE, server, NULL, fd);
106 if (!tls)
107 {
108 return 1;
109 }
110 res = stream(fd, tls);
111 tls->destroy(tls);
112 return res;
113 }
114
115 /**
116 * Server routine
117 */
118 static int serve(int fd, host_t *host, identification_t *server, bool oneshot)
119 {
120 tls_socket_t *tls;
121 int cfd;
122
123 if (bind(fd, host->get_sockaddr(host),
124 *host->get_sockaddr_len(host)) == -1)
125 {
126 fprintf(stderr, "binding to %#H failed: %m\n", host);
127 return 1;
128 }
129 if (listen(fd, 1) == -1)
130 {
131 fprintf(stderr, "listen to %#H failed: %m\n", host);
132 return 1;
133 }
134
135 do
136 {
137 cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
138 if (cfd == -1)
139 {
140 fprintf(stderr, "accept failed: %m\n");
141 return 1;
142 }
143 fprintf(stderr, "%#H connected\n", host);
144
145 tls = tls_socket_create(TRUE, server, NULL, cfd);
146 if (!tls)
147 {
148 return 1;
149 }
150 stream(cfd, tls);
151 fprintf(stderr, "%#H disconnected\n", host);
152 tls->destroy(tls);
153 }
154 while (!oneshot);
155
156 return 0;
157 }
158
159 /**
160 * In-Memory credential set
161 */
162 static mem_cred_t *creds;
163
164 /**
165 * Load certificate from file
166 */
167 static bool load_certificate(char *filename)
168 {
169 certificate_t *cert;
170
171 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
172 BUILD_FROM_FILE, filename, BUILD_END);
173 if (!cert)
174 {
175 fprintf(stderr, "loading certificate from '%s' failed\n", filename);
176 return FALSE;
177 }
178 creds->add_cert(creds, TRUE, cert);
179 return TRUE;
180 }
181
182 /**
183 * Load private key from file
184 */
185 static bool load_key(char *filename)
186 {
187 private_key_t *key;
188
189 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
190 BUILD_FROM_FILE, filename, BUILD_END);
191 if (!key)
192 {
193 fprintf(stderr, "loading key from '%s' failed\n", filename);
194 return FALSE;
195 }
196 creds->add_key(creds, key);
197 return TRUE;
198 }
199
200 /**
201 * Cleanup
202 */
203 static void cleanup()
204 {
205 lib->credmgr->remove_set(lib->credmgr, &creds->set);
206 creds->destroy(creds);
207 library_deinit();
208 }
209
210 /**
211 * Initialize library
212 */
213 static void init()
214 {
215 library_init(NULL);
216 lib->plugins->load(lib->plugins, NULL, PLUGINS);
217
218 creds = mem_cred_create();
219 lib->credmgr->add_set(lib->credmgr, &creds->set);
220
221 atexit(cleanup);
222 }
223
224 int main(int argc, char *argv[])
225 {
226 char *address = NULL;
227 bool listen = FALSE, oneshot = FALSE;
228 int port = 0, fd, res;
229 identification_t *server;
230 host_t *host;
231
232 init();
233
234 while (TRUE)
235 {
236 struct option long_opts[] = {
237 {"help", no_argument, NULL, 'h' },
238 {"connect", required_argument, NULL, 'c' },
239 {"listen", required_argument, NULL, 'l' },
240 {"port", required_argument, NULL, 'p' },
241 {"cert", required_argument, NULL, 'x' },
242 {"key", required_argument, NULL, 'k' },
243 {"oneshot", no_argument, NULL, 'o' },
244 {0,0,0,0 }
245 };
246 switch (getopt_long(argc, argv, "", long_opts, NULL))
247 {
248 case EOF:
249 break;
250 case 'h':
251 usage(stdout, argv[0]);
252 return 0;
253 case 'x':
254 if (!load_certificate(optarg))
255 {
256 return 1;
257 }
258 continue;
259 case 'k':
260 if (!load_key(optarg))
261 {
262 return 1;
263 }
264 continue;
265 case 'l':
266 listen = TRUE;
267 /* fall */
268 case 'c':
269 if (address)
270 {
271 usage(stderr, argv[0]);
272 return 1;
273 }
274 address = optarg;
275 continue;
276 case 'p':
277 port = atoi(optarg);
278 continue;
279 case 'o':
280 oneshot = TRUE;
281 continue;
282 default:
283 usage(stderr, argv[0]);
284 return 1;
285 }
286 break;
287 }
288 if (!port || !address)
289 {
290 usage(stderr, argv[0]);
291 return 1;
292 }
293 if (oneshot && !listen)
294 {
295 usage(stderr, argv[0]);
296 return 1;
297 }
298
299 fd = socket(AF_INET, SOCK_STREAM, 0);
300 if (fd == -1)
301 {
302 fprintf(stderr, "opening socket failed: %m\n");
303 return 1;
304 }
305 host = host_create_from_dns(address, 0, port);
306 if (!host)
307 {
308 fprintf(stderr, "resolving hostname %s failed\n", address);
309 close(fd);
310 return 1;
311 }
312 server = identification_create_from_string(address);
313 if (listen)
314 {
315 res = serve(fd, host, server, oneshot);
316 }
317 else
318 {
319 res = client(fd, host, server);
320 }
321 close(fd);
322 host->destroy(host);
323 server->destroy(server);
324 return res;
325 }
326
strongSwan - IPsec VPN