Added a TLS debug level option, use debugging hook
[strongswan.git] / scripts / tls_test.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <unistd.h>
17 #include <stdio.h>
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <getopt.h>
21
22 #include <library.h>
23 #include <debug.h>
24 #include <tls_socket.h>
25 #include <utils/host.h>
26 #include <credentials/sets/mem_cred.h>
27
28 /**
29 * Print usage information
30 */
31 static void usage(FILE *out, char *cmd)
32 {
33 fprintf(out, "usage:\n");
34 fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+\n", cmd);
35 fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ --oneshot\n", cmd);
36 }
37
38 /**
39 * Stream between stdio and TLS socket
40 */
41 static int stream(int fd, tls_socket_t *tls)
42 {
43 while (TRUE)
44 {
45 fd_set set;
46 chunk_t data;
47
48 FD_ZERO(&set);
49 FD_SET(fd, &set);
50 FD_SET(0, &set);
51
52 if (select(fd + 1, &set, NULL, NULL, NULL) == -1)
53 {
54 return 1;
55 }
56 if (FD_ISSET(fd, &set))
57 {
58 if (!tls->read(tls, &data))
59 {
60 DBG1(DBG_TLS, "TLS read error/end\n");
61 return 1;
62 }
63 if (data.len)
64 {
65 ignore_result(write(1, data.ptr, data.len));
66 free(data.ptr);
67 }
68 }
69 if (FD_ISSET(0, &set))
70 {
71 char buf[1024];
72 ssize_t len;
73
74 len = read(0, buf, sizeof(buf));
75 if (len == 0)
76 {
77 return 0;
78 }
79 if (len > 0)
80 {
81 if (!tls->write(tls, chunk_create(buf, len)))
82 {
83 DBG1(DBG_TLS, "TLS write error\n");
84 return 1;
85 }
86 }
87 }
88 }
89 }
90
91 /**
92 * Client routine
93 */
94 static int client(int fd, host_t *host, identification_t *server)
95 {
96 tls_socket_t *tls;
97 int res;
98
99 if (connect(fd, host->get_sockaddr(host),
100 *host->get_sockaddr_len(host)) == -1)
101 {
102 DBG1(DBG_TLS, "connecting to %#H failed: %m\n", host);
103 return 1;
104 }
105 tls = tls_socket_create(FALSE, server, NULL, fd);
106 if (!tls)
107 {
108 return 1;
109 }
110 res = stream(fd, tls);
111 tls->destroy(tls);
112 return res;
113 }
114
115 /**
116 * Server routine
117 */
118 static int serve(int fd, host_t *host, identification_t *server, bool oneshot)
119 {
120 tls_socket_t *tls;
121 int cfd;
122
123 if (bind(fd, host->get_sockaddr(host),
124 *host->get_sockaddr_len(host)) == -1)
125 {
126 DBG1(DBG_TLS, "binding to %#H failed: %m\n", host);
127 return 1;
128 }
129 if (listen(fd, 1) == -1)
130 {
131 DBG1(DBG_TLS, "listen to %#H failed: %m\n", host);
132 return 1;
133 }
134
135 do
136 {
137 cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
138 if (cfd == -1)
139 {
140 DBG1(DBG_TLS, "accept failed: %m\n");
141 return 1;
142 }
143 DBG1(DBG_TLS, "%#H connected\n", host);
144
145 tls = tls_socket_create(TRUE, server, NULL, cfd);
146 if (!tls)
147 {
148 return 1;
149 }
150 stream(cfd, tls);
151 DBG1(DBG_TLS, "%#H disconnected\n", host);
152 tls->destroy(tls);
153 }
154 while (!oneshot);
155
156 return 0;
157 }
158
159 /**
160 * In-Memory credential set
161 */
162 static mem_cred_t *creds;
163
164 /**
165 * Load certificate from file
166 */
167 static bool load_certificate(char *filename)
168 {
169 certificate_t *cert;
170
171 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
172 BUILD_FROM_FILE, filename, BUILD_END);
173 if (!cert)
174 {
175 DBG1(DBG_TLS, "loading certificate from '%s' failed\n", filename);
176 return FALSE;
177 }
178 creds->add_cert(creds, TRUE, cert);
179 return TRUE;
180 }
181
182 /**
183 * Load private key from file
184 */
185 static bool load_key(char *filename)
186 {
187 private_key_t *key;
188
189 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
190 BUILD_FROM_FILE, filename, BUILD_END);
191 if (!key)
192 {
193 DBG1(DBG_TLS, "loading key from '%s' failed\n", filename);
194 return FALSE;
195 }
196 creds->add_key(creds, key);
197 return TRUE;
198 }
199
200 /**
201 * TLS debug level
202 */
203 static level_t tls_level = 1;
204
205 static void dbg_tls(debug_t group, level_t level, char *fmt, ...)
206 {
207 if ((group == DBG_TLS && level <= tls_level) || level <= 1)
208 {
209 va_list args;
210
211 va_start(args, fmt);
212 vfprintf(stderr, fmt, args);
213 fprintf(stderr, "\n");
214 va_end(args);
215 }
216 }
217
218 /**
219 * Cleanup
220 */
221 static void cleanup()
222 {
223 lib->credmgr->remove_set(lib->credmgr, &creds->set);
224 creds->destroy(creds);
225 library_deinit();
226 }
227
228 /**
229 * Initialize library
230 */
231 static void init()
232 {
233 library_init(NULL);
234
235 dbg = dbg_tls;
236
237 lib->plugins->load(lib->plugins, NULL, PLUGINS);
238
239 creds = mem_cred_create();
240 lib->credmgr->add_set(lib->credmgr, &creds->set);
241
242 atexit(cleanup);
243 }
244
245 int main(int argc, char *argv[])
246 {
247 char *address = NULL;
248 bool listen = FALSE, oneshot = FALSE;
249 int port = 0, fd, res;
250 identification_t *server;
251 host_t *host;
252
253 init();
254
255 while (TRUE)
256 {
257 struct option long_opts[] = {
258 {"help", no_argument, NULL, 'h' },
259 {"connect", required_argument, NULL, 'c' },
260 {"listen", required_argument, NULL, 'l' },
261 {"port", required_argument, NULL, 'p' },
262 {"cert", required_argument, NULL, 'x' },
263 {"key", required_argument, NULL, 'k' },
264 {"oneshot", no_argument, NULL, 'o' },
265 {"debug", required_argument, NULL, 'd' },
266 {0,0,0,0 }
267 };
268 switch (getopt_long(argc, argv, "", long_opts, NULL))
269 {
270 case EOF:
271 break;
272 case 'h':
273 usage(stdout, argv[0]);
274 return 0;
275 case 'x':
276 if (!load_certificate(optarg))
277 {
278 return 1;
279 }
280 continue;
281 case 'k':
282 if (!load_key(optarg))
283 {
284 return 1;
285 }
286 continue;
287 case 'l':
288 listen = TRUE;
289 /* fall */
290 case 'c':
291 if (address)
292 {
293 usage(stderr, argv[0]);
294 return 1;
295 }
296 address = optarg;
297 continue;
298 case 'p':
299 port = atoi(optarg);
300 continue;
301 case 'o':
302 oneshot = TRUE;
303 continue;
304 case 'd':
305 tls_level = atoi(optarg);
306 continue;
307 default:
308 usage(stderr, argv[0]);
309 return 1;
310 }
311 break;
312 }
313 if (!port || !address)
314 {
315 usage(stderr, argv[0]);
316 return 1;
317 }
318 if (oneshot && !listen)
319 {
320 usage(stderr, argv[0]);
321 return 1;
322 }
323
324 fd = socket(AF_INET, SOCK_STREAM, 0);
325 if (fd == -1)
326 {
327 DBG1(DBG_TLS, "opening socket failed: %m\n");
328 return 1;
329 }
330 host = host_create_from_dns(address, 0, port);
331 if (!host)
332 {
333 DBG1(DBG_TLS, "resolving hostname %s failed\n", address);
334 close(fd);
335 return 1;
336 }
337 server = identification_create_from_string(address);
338 if (listen)
339 {
340 res = serve(fd, host, server, oneshot);
341 }
342 else
343 {
344 res = client(fd, host, server);
345 }
346 close(fd);
347 host->destroy(host);
348 server->destroy(server);
349 return res;
350 }
351