void mock_client(int writefd, int readfd)
{
char buffer[0xffff];
struct s2n_connection *conn;
int more;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
s2n_negotiate(conn, &more);
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &more);
}
s2n_shutdown(conn, &more);
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(0);
}
int mock_client(int writefd, int readfd, const char **protocols, int count, const char *expected)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int result = 0;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
config = s2n_config_new();
s2n_config_set_protocol_preferences(config, protocols, count);
s2n_connection_set_config(conn, config);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
result = s2n_negotiate(conn, &blocked);
if (result < 0) {
result = 1;
}
const char *got = s2n_get_application_protocol(conn);
if ((got != NULL && expected == NULL) ||
(got == NULL && expected != NULL) ||
(got != NULL && expected != NULL && strcmp(expected, got) != 0)) {
result = 2;
}
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &blocked);
}
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(result);
}
void mock_client(int writefd, int readfd)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *cconfig;
s2n_blocked_status blocked;
/* Give the server a chance to listen */
sleep(1);
conn = s2n_connection_new(S2N_CLIENT);
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
cconfig = s2n_config_new();
s2n_config_disable_session_tickets(cconfig);
s2n_connection_set_config(conn, cconfig);
s2n_connection_set_read_fd(conn, readfd);
s2n_connection_set_write_fd(conn, writefd);
s2n_negotiate(conn, &blocked);
for (int i = 1; i < 0xffff; i += 100) {
for (int j = 0; j < i; j++) {
buffer[j] = 33;
}
s2n_send(conn, buffer, i, &blocked);
}
int shutdown_rc = -1;
while(shutdown_rc != 0) {
shutdown_rc = s2n_shutdown(conn, &blocked);
}
s2n_connection_free(conn);
/* Give the server a chance to a void a sigpipe */
sleep(1);
_exit(0);
}
int main(int argc, char **argv)
{
if(argc != 2)
{
fprintf(stderr,"usage: %s hostname\n", argv[0]);
return 1;
}
signal(SIGINT, sigint_handler);
printf("Looking up addresses for %s ...\n", argv[1]);
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version
hints.ai_socktype = SOCK_STREAM;
struct addrinfo *dnsres;
int status_1 = getaddrinfo(argv[1], PORT, &hints, &dnsres);
if(status_1 != 0)
{
fprintf(stderr, "dns lookup failed: %s\n", gai_strerror(status_1));
return 2;
}
print_addrinfo(dnsres);
printf("Connecting to %s ...\n", "the server");
int sockfd = socket(dnsres->ai_family, dnsres->ai_socktype, dnsres->ai_protocol);
if(connect(sockfd, dnsres->ai_addr, dnsres->ai_addrlen) != 0)
{
perror("connect");
return 3;
}
printf("Connected.\n");
freeaddrinfo(dnsres); // frees the memory that was dynamically allocated for the linked lists by getaddrinfo
s2n_init();
struct s2n_config *config = s2n_config_new();
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
s2n_config_set_status_request_type(config, type);
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
s2n_connection_set_config(conn, config);
s2n_connection_set_fd(conn, sockfd);
s2n_blocked_status blocked;
do {
if (s2n_negotiate(conn, &blocked) < 0) {
fprintf(stderr, "Failed to negotiate: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn));
exit(1);
}
} while (blocked);
int client_hello_version;
int client_protocol_version;
int server_protocol_version;
int actual_protocol_version;
if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) {
fprintf(stderr, "Could not get client hello version\n");
exit(1);
}
if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get client protocol version\n");
exit(1);
}
if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get server protocol version\n");
exit(1);
}
if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get actual protocol version\n");
exit(1);
}
printf("Client hello version: %d\n", client_hello_version);
printf("Client protocol version: %d\n", client_protocol_version);
printf("Server protocol version: %d\n", server_protocol_version);
printf("Actual protocol version: %d\n", actual_protocol_version);
if (s2n_get_server_name(conn)) {
printf("Server name: %s\n", s2n_get_server_name(conn));
}
if (s2n_get_application_protocol(conn)) {
printf("Application protocol: %s\n", s2n_get_application_protocol(conn));
}
uint32_t length;
const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length);
if (status && length > 0) {
fprintf(stderr, "OCSP response received, length %d\n", length);
}
printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
char buf[BUFFERSIZE + 1];
int bytes_read, bytes_written;
// Make sure stdin is a terminal.
if (!isatty(STDIN_FILENO))
{
fprintf(stderr, "Not a terminal.\n");
exit(EXIT_FAILURE);
}
// Save the terminal attributes so we can restore them later.
tcgetattr(STDIN_FILENO, &saved_attributes);
atexit(reset_input_mode);
// Set the funny terminal modes.
struct termios tattr;
tcgetattr(STDIN_FILENO, &tattr);
tattr.c_lflag &= ~(ICANON | ECHO); // Clear ICANON and ECHO.
tattr.c_cc[VMIN] = 1;
tattr.c_cc[VTIME] = 0;
tcsetattr(STDIN_FILENO, TCSAFLUSH, &tattr);
fd_set master, readfds;
FD_ZERO(&master);
FD_SET(STDIN_FILENO, &master);
FD_SET(sockfd, &master);
for(;;)
{
readfds = master;
select(sockfd + 1, &readfds, NULL, NULL, NULL);
if(FD_ISSET(STDIN_FILENO, &readfds))
{
bytes_read = read(STDIN_FILENO, buf, BUFFERSIZE);
if(bytes_read < 1) break;
char *buf_ptr = buf;
int bytes_available = bytes_read;
do
{
bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked);
if(bytes_written < 0) break;
bytes_available -= bytes_written;
buf_ptr += bytes_written;
} while(bytes_available || blocked);
}
if(FD_ISSET(sockfd, &readfds))
{
do
{
bytes_read = s2n_recv(conn, buf, BUFFERSIZE, &blocked);
if(bytes_read < 1) break;
write(STDOUT_FILENO, buf, bytes_read);
} while(blocked);
}
//if(nbytes != mbytes) printf("nbytes [%d] != mbytes [%d] \n", nbytes, mbytes);
}
close(sockfd);
s2n_connection_free(conn);
s2n_config_free(config);
s2n_cleanup();
printf("\nBYE!\n");
return 0;
}
int main(int argc, char **argv)
{
uint8_t data[10000000];
uint8_t *ptr = data;
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
struct s2n_blob blob = {.data = data, .size = sizeof(data)};
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
/* Get some random data to send/receive */
EXPECT_SUCCESS(s2n_get_urandom_data(&blob));
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Run the client */
mock_client(client_to_server[1], server_to_client[0], data, sizeof(data));
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Pause the child process by sending it SIGSTP */
EXPECT_SUCCESS(kill(pid, SIGSTOP));
/* Make our pipes non-blocking */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) | O_NONBLOCK), -1);
/* Try to all 10MB of data, should be enough to fill PIPEBUF, so
we'll get blocked at some point */
uint32_t remaining = sizeof(data);
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
if (blocked) {
/* We reached a blocked state */
break;
}
continue;
}
remaining -= r;
ptr += r;
}
/* Remaining shouldn't have progressed at all */
EXPECT_EQUAL(remaining, sizeof(data));
/* Wake the child process by sending it SIGCONT */
EXPECT_SUCCESS(kill(pid, SIGCONT));
/* Make our sockets blocking again */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) ^ O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) ^ O_NONBLOCK), -1);
/* Actually send the remaining data */
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
continue;
}
remaining -= r;
ptr += r;
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
EXPECT_SUCCESS(s2n_config_free(config));
END_TEST();
return 0;
}
int echo(struct s2n_connection *conn, int sockfd)
{
struct pollfd readers[2];
readers[0].fd = sockfd;
readers[0].events = POLLIN;
readers[1].fd = STDIN_FILENO;
readers[1].events = POLLIN;
/* Act as a simple proxy between stdin and the SSL connection */
int p;
s2n_blocked_status blocked;
do {
while ((p = poll(readers, 2, -1)) > 0) {
char buffer[10240];
int bytes_read, bytes_written;
if (readers[0].revents & POLLIN) {
do {
bytes_read = s2n_recv(conn, buffer, 10240, &blocked);
if (bytes_read == 0) {
return 0;
}
if (bytes_read < 0) {
fprintf(stderr, "Error reading from connection: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn));
exit(1);
}
bytes_written = write(STDOUT_FILENO, buffer, bytes_read);
if (bytes_written <= 0) {
fprintf(stderr, "Error writing to stdout\n");
exit(1);
}
} while (blocked);
}
if (readers[1].revents & POLLIN) {
int bytes_available;
if (ioctl(STDIN_FILENO, FIONREAD, &bytes_available) < 0) {
bytes_available = 1;
}
if (bytes_available > sizeof(buffer)) {
bytes_available = sizeof(buffer);
}
/* Read as many bytes as we think we can */
do {
errno = 0;
bytes_read = read(STDIN_FILENO, buffer, bytes_available);
if(bytes_read < 0 && errno != EINTR){
fprintf(stderr, "Error reading from stdin\n");
exit(1);
}
} while (bytes_read < 0);
if (bytes_read == 0) {
/* Exit on EOF */
return 0;
}
char *buf_ptr = buffer;
do {
bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked);
if (bytes_written < 0) {
fprintf(stderr, "Error writing to connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
bytes_available -= bytes_written;
buf_ptr += bytes_written;
} while (bytes_available || blocked);
}
if (readers[1].revents & POLLHUP) {
/* The stdin pipe hanged up, and we've handled all read from it above */
return 0;
}
if (readers[0].revents & (POLLERR | POLLHUP | POLLNVAL)) {
fprintf(stderr, "Error polling from socket: err=%d hup=%d nval=%d\n",
(readers[0].revents & POLLERR ) ? 1 : 0,
(readers[0].revents & POLLHUP ) ? 1 : 0,
(readers[0].revents & POLLNVAL ) ? 1 : 0);
return -1;
}
if (readers[1].revents & (POLLERR | POLLNVAL)) {
fprintf(stderr, "Error polling from socket: err=%d nval=%d\n",
(readers[1].revents & POLLERR ) ? 1 : 0,
(readers[1].revents & POLLNVAL ) ? 1 : 0);
return -1;
}
}
} while (p < 0 && errno == EINTR);
return 0;
}
