/* Main routine. Initialize SSL keys and structures, and make two SSL connections, the first with a blank session Id, and the second with a session ID populated during the first connection to do a much faster session resumption connection the second time. */ int32 main(int32 argc, char **argv) { int32 rc; sslKeys_t *keys; sslSessionId_t sid; #ifdef WIN32 WSADATA wsaData; WSAStartup(MAKEWORD(1, 1), &wsaData); #endif if ((rc = matrixSslOpen()) < 0) { _psTrace("MatrixSSL library init failure. Exiting\n"); return rc; } if (matrixSslNewKeys(&keys) < 0) { _psTrace("MatrixSSL library key init failure. Exiting\n"); return -1; } #ifdef USE_HEADER_KEYS /* In-memory based keys */ if ((rc = matrixSslLoadRsaKeysMem(keys, NULL, 0, NULL, 0, RSA1024CA, sizeof(RSA1024CA))) < 0) { _psTrace("No certificate material loaded. Exiting\n"); matrixSslDeleteKeys(keys); matrixSslClose(); return rc; } #else /* USE_HEADER_KEYS */ /* File based keys */ if ((rc = matrixSslLoadRsaKeys(keys, NULL, NULL, NULL, rsaCAFile)) < 0){ _psTrace("No certificate material loaded. Exiting\n"); matrixSslDeleteKeys(keys); matrixSslClose(); return rc; } #endif /* USE_HEADER_KEYS */ matrixSslInitSessionId(sid); _psTrace("=== INITIAL CLIENT SESSION ===\n"); httpsClientConnection(keys, &sid); _psTrace("\n=== CLIENT SESSION WITH CACHED SESSION ID ===\n"); httpsClientConnection(keys, &sid); matrixSslDeleteKeys(keys); matrixSslClose(); #ifdef WIN32 _psTrace("Press any key to close"); getchar(); #endif return 0; }
int main(int argc, char **argv) { int32 id; sslConn_t *svrConn, *clnConn; #ifdef ENABLE_PERF_TIMING int32 perfIter; uint32 clnTime, svrTime; #endif /* ENABLE_PERF_TIMING */ if (matrixSslOpen() < 0) { fprintf(stderr, "matrixSslOpen failed, exiting..."); } svrConn = psMalloc(PEERSEC_NO_POOL, sizeof(sslConn_t)); clnConn = psMalloc(PEERSEC_NO_POOL, sizeof(sslConn_t)); memset(svrConn, 0, sizeof(sslConn_t)); memset(clnConn, 0, sizeof(sslConn_t)); for (id = 0; ciphers[id].cipherId > 0; id++) { matrixSslInitSessionId(clientSessionId); _psTraceStr("Testing %s suite\n", ciphers[id].name); /* Standard Handshake */ _psTrace(" Standard handshake test\n"); #ifdef ENABLE_PERF_TIMING /* Each matrixSsl call in the handshake is wrapped by a timer. The data exchange phase is not being included in the time */ clnTime = svrTime = 0; for (perfIter = 0; perfIter < CONN_ITER; perfIter++) { #endif /* ENABLE_PERF_TIMING */ if (initializeHandshake(clnConn, svrConn, ciphers[id], &clientSessionId) < 0) { _psTrace(" FAILED: initializing Standard handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Standard handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Standard handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } #ifdef ENABLE_PERF_TIMING clnTime += clnConn->runningTime; svrTime += svrConn->runningTime; /* Have to reset conn for full handshake... except last time through */ if (perfIter + 1 != CONN_ITER) { matrixSslDeleteSession(clnConn->ssl); matrixSslDeleteSession(svrConn->ssl); matrixSslInitSessionId(clientSessionId); } } /* iteration loop close */ _psTraceInt("CLIENT: %d " TIME_UNITS, (int32)clnTime/CONN_ITER); _psTraceInt("SERVER: %d " TIME_UNITS, (int32)svrTime/CONN_ITER); // _psTrace("Press any key to continue tests"); _psTrace("\n==========\n"); // getchar(); #endif /* ENABLE_PERF_TIMING */ #ifdef SSL_REHANDSHAKES_ENABLED /* Re-Handshake (full handshake over existing connection) */ _psTrace(" Re-handshake test (client-initiated)\n"); if (initializeReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: initializing Re-handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } #else _psTrace(" Re-handshake tests are disabled (ENABLE_SECURE_REHANDSHAKES)\n"); #endif /* Resumed handshake (fast handshake over new connection) */ _psTrace(" Resumed handshake test (new connection)\n"); #ifdef ENABLE_PERF_TIMING clnTime = svrTime = 0; for (perfIter = 0; perfIter < CONN_ITER; perfIter++) { #endif /* ENABLE_PERF_TIMING */ if (initializeResumedHandshake(clnConn, svrConn, ciphers[id]) < 0) { _psTrace(" FAILED: initializing Resumed handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Resumed handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Resumed handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } #ifdef ENABLE_PERF_TIMING clnTime += clnConn->runningTime; svrTime += svrConn->runningTime; /* Have to reset conn for full handshake */ } /* iteration loop */ _psTraceInt("CLIENT: %d " TIME_UNITS, (int32)clnTime/CONN_ITER); _psTraceInt("SERVER: %d " TIME_UNITS, (int32)svrTime/CONN_ITER); _psTrace("Press any key to continue tests"); _psTrace("\n==========\n"); // getchar(); #endif /* ENABLE_PERF_TIMING */ #ifdef SSL_REHANDSHAKES_ENABLED /* Re-handshake initiated by server (full handshake over existing conn) */ _psTrace(" Re-handshake test (server initiated)\n"); if (initializeServerInitiatedReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: initializing Re-handshake\n"); goto LBL_FREE; } if (performHandshake(svrConn, clnConn) < 0) { _psTrace(" FAILED: Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } /* Resumed re-handshake (fast handshake over existing connection) */ _psTrace(" Resumed Re-handshake test (client initiated)\n"); if (initializeResumedReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: initializing Resumed Re-handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Resumed Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Resumed Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } /* Resumed re-handshake initiated by server (fast handshake over conn) */ _psTrace(" Resumed Re-handshake test (server initiated)\n"); if (initializeServerInitiatedResumedReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: initializing Resumed Re-handshake\n"); goto LBL_FREE; } if (performHandshake(svrConn, clnConn) < 0) { _psTrace(" FAILED: Resumed Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Resumed Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } /* Re-handshaking with "upgraded" parameters */ _psTrace(" Change cert callback Re-handshake test\n"); if (initializeUpgradeCertCbackReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: init upgrade certCback Re-handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Upgrade cert callback Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Upgrade cert callback Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } /* Upgraded keys */ _psTrace(" Change keys Re-handshake test\n"); if (initializeUpgradeKeysReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: init upgrade keys Re-handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Upgrade keys Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Upgrade keys Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } /* Change cipher spec test. Changing to a hardcoded RSA suite so this will not work on suites that don't have RSA material loaded */ if (ciphers[id].rsa == 1) { _psTrace(" Change cipher suite Re-handshake test\n"); if (initializeChangeCipherReHandshake(clnConn, svrConn, ciphers[id].cipherId) < 0) { _psTrace(" FAILED: init change cipher Re-handshake\n"); goto LBL_FREE; } if (performHandshake(clnConn, svrConn) < 0) { _psTrace(" FAILED: Change cipher suite Re-handshake\n"); goto LBL_FREE; } else { testTrace(" PASSED: Change cipher suite Re-handshake"); if (exchangeAppData(clnConn, svrConn) < 0) { _psTrace(" but FAILED to exchange application data\n"); } else { testTrace("\n"); } } } #endif /* !SSL_REHANDSHAKES_ENABLED */ LBL_FREE: freeSessionAndConnection(svrConn); freeSessionAndConnection(clnConn); } psFree(svrConn); psFree(clnConn); matrixSslClose(); #ifdef WIN32 _psTrace("Press any key to close"); getchar(); #endif return PS_SUCCESS; }