void mock_client(int writefd, int readfd) { char buffer[0xffff]; struct s2n_connection *conn; int more; /* Give the server a chance to listen */ sleep(1); conn = s2n_connection_new(S2N_CLIENT); s2n_connection_set_read_fd(conn, readfd); s2n_connection_set_write_fd(conn, writefd); s2n_negotiate(conn, &more); for (int i = 1; i < 0xffff; i += 100) { for (int j = 0; j < i; j++) { buffer[j] = 33; } s2n_send(conn, buffer, i, &more); } s2n_shutdown(conn, &more); s2n_connection_free(conn); /* Give the server a chance to a void a sigpipe */ sleep(1); _exit(0); }
int mock_client(int writefd, int readfd, const char **protocols, int count, const char *expected) { char buffer[0xffff]; struct s2n_connection *conn; struct s2n_config *config; s2n_blocked_status blocked; int result = 0; /* Give the server a chance to listen */ sleep(1); conn = s2n_connection_new(S2N_CLIENT); config = s2n_config_new(); s2n_config_set_protocol_preferences(config, protocols, count); s2n_connection_set_config(conn, config); s2n_connection_set_read_fd(conn, readfd); s2n_connection_set_write_fd(conn, writefd); result = s2n_negotiate(conn, &blocked); if (result < 0) { result = 1; } const char *got = s2n_get_application_protocol(conn); if ((got != NULL && expected == NULL) || (got == NULL && expected != NULL) || (got != NULL && expected != NULL && strcmp(expected, got) != 0)) { result = 2; } for (int i = 1; i < 0xffff; i += 100) { for (int j = 0; j < i; j++) { buffer[j] = 33; } s2n_send(conn, buffer, i, &blocked); } s2n_connection_free(conn); /* Give the server a chance to a void a sigpipe */ sleep(1); _exit(result); }
void mock_client(int writefd, int readfd) { char buffer[0xffff]; struct s2n_connection *conn; struct s2n_config *cconfig; s2n_blocked_status blocked; /* Give the server a chance to listen */ sleep(1); conn = s2n_connection_new(S2N_CLIENT); conn->server_protocol_version = S2N_TLS12; conn->client_protocol_version = S2N_TLS12; conn->actual_protocol_version = S2N_TLS12; cconfig = s2n_config_new(); s2n_config_disable_session_tickets(cconfig); s2n_connection_set_config(conn, cconfig); s2n_connection_set_read_fd(conn, readfd); s2n_connection_set_write_fd(conn, writefd); s2n_negotiate(conn, &blocked); for (int i = 1; i < 0xffff; i += 100) { for (int j = 0; j < i; j++) { buffer[j] = 33; } s2n_send(conn, buffer, i, &blocked); } int shutdown_rc = -1; while(shutdown_rc != 0) { shutdown_rc = s2n_shutdown(conn, &blocked); } s2n_connection_free(conn); /* Give the server a chance to a void a sigpipe */ sleep(1); _exit(0); }
int main(int argc, char **argv) { if(argc != 2) { fprintf(stderr,"usage: %s hostname\n", argv[0]); return 1; } signal(SIGINT, sigint_handler); printf("Looking up addresses for %s ...\n", argv[1]); struct addrinfo hints; memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version hints.ai_socktype = SOCK_STREAM; struct addrinfo *dnsres; int status_1 = getaddrinfo(argv[1], PORT, &hints, &dnsres); if(status_1 != 0) { fprintf(stderr, "dns lookup failed: %s\n", gai_strerror(status_1)); return 2; } print_addrinfo(dnsres); printf("Connecting to %s ...\n", "the server"); int sockfd = socket(dnsres->ai_family, dnsres->ai_socktype, dnsres->ai_protocol); if(connect(sockfd, dnsres->ai_addr, dnsres->ai_addrlen) != 0) { perror("connect"); return 3; } printf("Connected.\n"); freeaddrinfo(dnsres); // frees the memory that was dynamically allocated for the linked lists by getaddrinfo s2n_init(); struct s2n_config *config = s2n_config_new(); s2n_status_request_type type = S2N_STATUS_REQUEST_NONE; s2n_config_set_status_request_type(config, type); struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT); s2n_connection_set_config(conn, config); s2n_connection_set_fd(conn, sockfd); s2n_blocked_status blocked; do { if (s2n_negotiate(conn, &blocked) < 0) { fprintf(stderr, "Failed to negotiate: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn)); exit(1); } } while (blocked); int client_hello_version; int client_protocol_version; int server_protocol_version; int actual_protocol_version; if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) { fprintf(stderr, "Could not get client hello version\n"); exit(1); } if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get client protocol version\n"); exit(1); } if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get server protocol version\n"); exit(1); } if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get actual protocol version\n"); exit(1); } printf("Client hello version: %d\n", client_hello_version); printf("Client protocol version: %d\n", client_protocol_version); printf("Server protocol version: %d\n", server_protocol_version); printf("Actual protocol version: %d\n", actual_protocol_version); if (s2n_get_server_name(conn)) { printf("Server name: %s\n", s2n_get_server_name(conn)); } if (s2n_get_application_protocol(conn)) { printf("Application protocol: %s\n", s2n_get_application_protocol(conn)); } uint32_t length; const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length); if (status && length > 0) { fprintf(stderr, "OCSP response received, length %d\n", length); } printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn)); char buf[BUFFERSIZE + 1]; int bytes_read, bytes_written; // Make sure stdin is a terminal. if (!isatty(STDIN_FILENO)) { fprintf(stderr, "Not a terminal.\n"); exit(EXIT_FAILURE); } // Save the terminal attributes so we can restore them later. tcgetattr(STDIN_FILENO, &saved_attributes); atexit(reset_input_mode); // Set the funny terminal modes. struct termios tattr; tcgetattr(STDIN_FILENO, &tattr); tattr.c_lflag &= ~(ICANON | ECHO); // Clear ICANON and ECHO. tattr.c_cc[VMIN] = 1; tattr.c_cc[VTIME] = 0; tcsetattr(STDIN_FILENO, TCSAFLUSH, &tattr); fd_set master, readfds; FD_ZERO(&master); FD_SET(STDIN_FILENO, &master); FD_SET(sockfd, &master); for(;;) { readfds = master; select(sockfd + 1, &readfds, NULL, NULL, NULL); if(FD_ISSET(STDIN_FILENO, &readfds)) { bytes_read = read(STDIN_FILENO, buf, BUFFERSIZE); if(bytes_read < 1) break; char *buf_ptr = buf; int bytes_available = bytes_read; do { bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked); if(bytes_written < 0) break; bytes_available -= bytes_written; buf_ptr += bytes_written; } while(bytes_available || blocked); } if(FD_ISSET(sockfd, &readfds)) { do { bytes_read = s2n_recv(conn, buf, BUFFERSIZE, &blocked); if(bytes_read < 1) break; write(STDOUT_FILENO, buf, bytes_read); } while(blocked); } //if(nbytes != mbytes) printf("nbytes [%d] != mbytes [%d] \n", nbytes, mbytes); } close(sockfd); s2n_connection_free(conn); s2n_config_free(config); s2n_cleanup(); printf("\nBYE!\n"); return 0; }
int main(int argc, char **argv) { uint8_t data[10000000]; uint8_t *ptr = data; struct s2n_connection *conn; struct s2n_config *config; s2n_blocked_status blocked; int status; pid_t pid; int server_to_client[2]; int client_to_server[2]; struct s2n_blob blob = {.data = data, .size = sizeof(data)}; BEGIN_TEST(); EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); EXPECT_NOT_NULL(config = s2n_config_new()); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key)); EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams)); /* Get some random data to send/receive */ EXPECT_SUCCESS(s2n_get_urandom_data(&blob)); /* Create a pipe */ EXPECT_SUCCESS(pipe(server_to_client)); EXPECT_SUCCESS(pipe(client_to_server)); /* Create a child process */ pid = fork(); if (pid == 0) { /* This is the child process, close the read end of the pipe */ EXPECT_SUCCESS(close(client_to_server[0])); EXPECT_SUCCESS(close(server_to_client[1])); /* Run the client */ mock_client(client_to_server[1], server_to_client[0], data, sizeof(data)); } /* This is the parent */ EXPECT_SUCCESS(close(client_to_server[1])); EXPECT_SUCCESS(close(server_to_client[0])); EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER)); EXPECT_SUCCESS(s2n_connection_set_config(conn, config)); /* Set up the connection to read from the fd */ EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0])); EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1])); /* Negotiate the handshake. */ EXPECT_SUCCESS(s2n_negotiate(conn, &blocked)); /* Pause the child process by sending it SIGSTP */ EXPECT_SUCCESS(kill(pid, SIGSTOP)); /* Make our pipes non-blocking */ EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) | O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) | O_NONBLOCK), -1); /* Try to all 10MB of data, should be enough to fill PIPEBUF, so we'll get blocked at some point */ uint32_t remaining = sizeof(data); while (remaining) { int r = s2n_send(conn, ptr, remaining, &blocked); if (r < 0) { if (blocked) { /* We reached a blocked state */ break; } continue; } remaining -= r; ptr += r; } /* Remaining shouldn't have progressed at all */ EXPECT_EQUAL(remaining, sizeof(data)); /* Wake the child process by sending it SIGCONT */ EXPECT_SUCCESS(kill(pid, SIGCONT)); /* Make our sockets blocking again */ EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) ^ O_NONBLOCK), -1); EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) ^ O_NONBLOCK), -1); /* Actually send the remaining data */ while (remaining) { int r = s2n_send(conn, ptr, remaining, &blocked); if (r < 0) { continue; } remaining -= r; ptr += r; } EXPECT_SUCCESS(s2n_shutdown(conn, &blocked)); EXPECT_SUCCESS(s2n_connection_free(conn)); /* Clean up */ EXPECT_EQUAL(waitpid(-1, &status, 0), pid); EXPECT_EQUAL(status, 0); EXPECT_SUCCESS(s2n_config_free(config)); END_TEST(); return 0; }
int echo(struct s2n_connection *conn, int sockfd) { struct pollfd readers[2]; readers[0].fd = sockfd; readers[0].events = POLLIN; readers[1].fd = STDIN_FILENO; readers[1].events = POLLIN; /* Act as a simple proxy between stdin and the SSL connection */ int p; s2n_blocked_status blocked; do { while ((p = poll(readers, 2, -1)) > 0) { char buffer[10240]; int bytes_read, bytes_written; if (readers[0].revents & POLLIN) { do { bytes_read = s2n_recv(conn, buffer, 10240, &blocked); if (bytes_read == 0) { return 0; } if (bytes_read < 0) { fprintf(stderr, "Error reading from connection: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn)); exit(1); } bytes_written = write(STDOUT_FILENO, buffer, bytes_read); if (bytes_written <= 0) { fprintf(stderr, "Error writing to stdout\n"); exit(1); } } while (blocked); } if (readers[1].revents & POLLIN) { int bytes_available; if (ioctl(STDIN_FILENO, FIONREAD, &bytes_available) < 0) { bytes_available = 1; } if (bytes_available > sizeof(buffer)) { bytes_available = sizeof(buffer); } /* Read as many bytes as we think we can */ do { errno = 0; bytes_read = read(STDIN_FILENO, buffer, bytes_available); if(bytes_read < 0 && errno != EINTR){ fprintf(stderr, "Error reading from stdin\n"); exit(1); } } while (bytes_read < 0); if (bytes_read == 0) { /* Exit on EOF */ return 0; } char *buf_ptr = buffer; do { bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked); if (bytes_written < 0) { fprintf(stderr, "Error writing to connection: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } bytes_available -= bytes_written; buf_ptr += bytes_written; } while (bytes_available || blocked); } if (readers[1].revents & POLLHUP) { /* The stdin pipe hanged up, and we've handled all read from it above */ return 0; } if (readers[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { fprintf(stderr, "Error polling from socket: err=%d hup=%d nval=%d\n", (readers[0].revents & POLLERR ) ? 1 : 0, (readers[0].revents & POLLHUP ) ? 1 : 0, (readers[0].revents & POLLNVAL ) ? 1 : 0); return -1; } if (readers[1].revents & (POLLERR | POLLNVAL)) { fprintf(stderr, "Error polling from socket: err=%d nval=%d\n", (readers[1].revents & POLLERR ) ? 1 : 0, (readers[1].revents & POLLNVAL ) ? 1 : 0); return -1; } } } while (p < 0 && errno == EINTR); return 0; }