• Main Page
• Related Pages
• Namespaces
• Data Structures
• Files
• Examples

00001 /*
00002  * SSL/TLS stress testing program
00003  *
00004  * Copyright (C) 2006-2007 Christophe Devine
00005  *
00006  * This program is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License as published by
00008  * the Free Software Foundation; either version 2 of the License, or
00009  * (at your option) any later version.
00010  *
00011  * This program is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
00014  * GNU General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU General Public License along
00017  * with this program; if not, write to the Free Software Foundation, Inc.,
00018  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00019  */
00020 
00021 #ifndef _CRT_SECURE_NO_DEPRECATE
00022 #define _CRT_SECURE_NO_DEPRECATE 1
00023 #endif
00024 
00025 #include <string.h>
00026 #include <stdlib.h>
00027 #include <stdio.h>
00028 
00029 #include "xyssl/net.h"
00030 #include "xyssl/ssl.h"
00031 #include "xyssl/havege.h"
00032 #include "xyssl/timing.h"
00033 #include "xyssl/certs.h"
00034 
00035 #define OPMODE_NONE 0
00036 #define OPMODE_CLIENT 1
00037 #define OPMODE_SERVER 2
00038 
00039 #define IOMODE_BLOCK 0
00040 #define IOMODE_NONBLOCK 1
00041 
00042 #define COMMAND_READ 1
00043 #define COMMAND_WRITE 2
00044 #define COMMAND_BOTH 3
00045 
00046 #define DFL_OPMODE OPMODE_NONE
00047 #define DFL_IOMODE IOMODE_BLOCK
00048 #define DFL_SERVER_NAME "localhost"
00049 #define DFL_SERVER_PORT 4433
00050 #define DFL_COMMAND COMMAND_READ
00051 #define DFL_BUFFER_SIZE 1024
00052 #define DFL_MAX_BYTES 0
00053 #define DFL_DEBUG_LEVEL 0
00054 #define DFL_CONN_TIMEOUT 0
00055 #define DFL_MAX_CONNECTIONS 0
00056 #define DFL_SESSION_REUSE 1
00057 #define DFL_SESSION_LIFETIME 86400
00058 #define DFL_FORCE_CIPHER 0
00059 
00060 /*
00061  * server-specific data
00062  */
00063 char *dhm_G = "4";
00064 char *dhm_P = 
00065 "E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
00066 "11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
00067 "F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
00068 "01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
00069 
00070 int server_fd = -1;
00071 
00072 /*
00073  * global options
00074  */
00075 struct options
00076 {
00077 int opmode; /* operation mode (client or server) */
00078 int iomode; /* I/O mode (blocking or non-blocking) */
00079 char *server_name; /* hostname of the server (client only) */
00080 int server_port; /* port on which the ssl service runs */
00081 int command; /* what to do: read or write operation */
00082 int buffer_size; /* size of the send/receive buffer */
00083 int max_bytes; /* max. # of bytes before a reconnect */
00084 int debug_level; /* level of debugging */
00085 int conn_timeout; /* max. delay before a reconnect */
00086 int max_connections; /* max. number of reconnections */
00087 int session_reuse; /* flag to reuse the keying material */
00088 int session_lifetime; /* if reached, session data is expired */
00089 int force_cipher[2]; /* protocol/cipher to use, or all */
00090 };
00091 
00092 /*
00093  * Although this PRNG has good statistical properties (eg. passes
00094  * DIEHARD), it is not cryptographically secure.
00095  */
00096 unsigned long int lcppm5( unsigned long int *state )
00097 {
00098 unsigned long int u, v;
00099 
00100 u = v = state[4] ^ 1;
00101 state[u & 3] ^= u;
00102 u ^= (v << 12) ^ (v >> 12);
00103 u ^= v * state[0]; v >>= 8;
00104 u ^= v * state[1]; v >>= 8;
00105 u ^= v * state[2]; v >>= 8;
00106 u ^= v * state[3];
00107 u &= 0xFFFFFFFF;
00108 state[4] = u;
00109 
00110 return( u );
00111 }
00112 
00113 void my_debug( void *ctx, int level, char *str )
00114 {
00115 if( level < ((struct options *) ctx)->debug_level )
00116 fprintf( stderr, "%s", str );
00117 }
00118 
00119 /*
00120  * perform a single SSL connection
00121  */
00122 static int ssl_test( struct options *opt )
00123 {
00124 int ret, i;
00125 int client_fd;
00126 int bytes_to_read;
00127 int bytes_to_write;
00128 int offset_to_read;
00129 int offset_to_write;
00130 
00131 long int nb_read;
00132 long int nb_written;
00133 
00134 unsigned long read_state[5];
00135 unsigned long write_state[5];
00136 
00137 unsigned char *read_buf;
00138 unsigned char *write_buf;
00139 
00140 struct hr_time t;
00141 havege_state hs;
00142 ssl_context ssl;
00143 ssl_session ssn;
00144 x509_cert srvcert;
00145 rsa_context rsa;
00146 
00147 ret = 1;
00148 
00149 havege_init( &hs );
00150 get_timer( &t, 1 );
00151 
00152 memset( read_state, 0, sizeof( read_state ) );
00153 memset( write_state, 0, sizeof( write_state ) );
00154 
00155 memset( &srvcert, 0, sizeof( x509_cert ) );
00156 memset( &rsa, 0, sizeof( rsa_context ) );
00157 
00158 if( opt->opmode == OPMODE_CLIENT )
00159 {
00160 if( ( ret = net_connect( &client_fd, opt->server_name,
00161 opt->server_port ) ) != 0 )
00162 {
00163 printf( " ! net_connect returned %d\n\n", ret );
00164 return( ret );
00165 }
00166 
00167 if( ( ret = ssl_init( &ssl ) ) != 0 )
00168 {
00169 printf( " ! ssl_init returned %d\n\n", ret );
00170 return( ret );
00171 }
00172 
00173 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
00174 }
00175 
00176 if( opt->opmode == OPMODE_SERVER )
00177 {
00178 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
00179 strlen( test_srv_crt ) );
00180 if( ret != 0 )
00181 {
00182 printf( " ! x509parse_crt returned %d\n\n", ret );
00183 goto exit;
00184 }
00185 
00186 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
00187 strlen( test_ca_crt ) );
00188 if( ret != 0 )
00189 {
00190 printf( " ! x509parse_crt returned %d\n\n", ret );
00191 goto exit;
00192 }
00193 
00194 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
00195 strlen( test_srv_key ), NULL, 0 );
00196 if( ret != 0 )
00197 {
00198 printf( " ! x509parse_key returned %d\n\n", ret );
00199 goto exit;
00200 }
00201 
00202 if( server_fd < 0 )
00203 {
00204 if( ( ret = net_bind( &server_fd, NULL,
00205 opt->server_port ) ) != 0 )
00206 {
00207 printf( " ! net_bind returned %d\n\n", ret );
00208 return( ret );
00209 }
00210 }
00211 
00212 if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
00213 {
00214 printf( " ! net_accept returned %d\n\n", ret );
00215 return( ret );
00216 }
00217 
00218 if( ( ret = ssl_init( &ssl ) ) != 0 )
00219 {
00220 printf( " ! ssl_init returned %d\n\n", ret );
00221 return( ret );
00222 }
00223 
00224 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
00225 ssl_set_dh_param( &ssl, dhm_P, dhm_G );
00226 ssl_set_ca_chain( &ssl, srvcert.next, NULL );
00227 ssl_set_own_cert( &ssl, &srvcert, &rsa );
00228 }
00229 
00230 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
00231 
00232 ssl_set_rng( &ssl, havege_rand, &hs );
00233 ssl_set_dbg( &ssl, my_debug, opt );
00234 ssl_set_bio( &ssl, net_recv, &client_fd,
00235 net_send, &client_fd );
00236 
00237 ssl_set_session( &ssl, opt->session_reuse,
00238 opt->session_lifetime, &ssn );
00239 
00240 if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
00241 ssl_set_ciphers( &ssl, ssl_default_ciphers );
00242 else ssl_set_ciphers( &ssl, opt->force_cipher );
00243 
00244 if( opt->iomode == IOMODE_NONBLOCK )
00245 net_set_nonblock( client_fd );
00246 
00247 read_buf = (unsigned char *) malloc( opt->buffer_size );
00248 write_buf = (unsigned char *) malloc( opt->buffer_size );
00249 
00250 if( read_buf == NULL || write_buf == NULL )
00251 {
00252 printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
00253 goto exit;
00254 }
00255 
00256 nb_read = bytes_to_read = 0;
00257 nb_written = bytes_to_write = 0;
00258 
00259 while( 1 )
00260 {
00261 if( opt->command & COMMAND_WRITE )
00262 {
00263 if( bytes_to_write == 0 )
00264 {
00265 while( bytes_to_write == 0 )
00266 bytes_to_write = rand() % opt->buffer_size;
00267 
00268 for( i = 0; i < bytes_to_write; i++ )
00269 write_buf[i] = (unsigned char) lcppm5( write_state );
00270 
00271 offset_to_write = 0;
00272 }
00273 
00274 ret = ssl_write( &ssl, write_buf + offset_to_write,
00275 bytes_to_write );
00276 
00277 if( ret >= 0 )
00278 {
00279 nb_written += ret;
00280 bytes_to_write -= ret;
00281 offset_to_write += ret;
00282 }
00283 
00284 if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
00285 ret == XYSSL_ERR_NET_CONN_RESET )
00286 {
00287 ret = 0;
00288 goto exit;
00289 }
00290 
00291 if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
00292 {
00293 printf( " ! ssl_write returned %d\n\n", ret );
00294 break;
00295 }
00296 }
00297 
00298 if( opt->command & COMMAND_READ )
00299 {
00300 if( bytes_to_read == 0 )
00301 {
00302 bytes_to_read = rand() % opt->buffer_size;
00303 offset_to_read = 0;
00304 }
00305 
00306 ret = ssl_read( &ssl, read_buf + offset_to_read,
00307 bytes_to_read );
00308 
00309 if( ret >= 0 )
00310 {
00311 for( i = 0; i < ret; i++ )
00312 {
00313 if( read_buf[offset_to_read + i] !=
00314 (unsigned char) lcppm5( read_state ) )
00315 {
00316 ret = 1;
00317 printf( " ! plaintext mismatch\n\n" );
00318 goto exit;
00319 }
00320 }
00321 
00322 nb_read += ret;
00323 bytes_to_read -= ret;
00324 offset_to_read += ret;
00325 }
00326 
00327 if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ||
00328 ret == XYSSL_ERR_NET_CONN_RESET )
00329 {
00330 ret = 0;
00331 goto exit;
00332 }
00333 
00334 if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN )
00335 {
00336 printf( " ! ssl_read returned %d\n\n", ret );
00337 break;
00338 }
00339 }
00340 
00341 ret = 0;
00342 
00343 if( opt->max_bytes != 0 &&
00344 ( opt->max_bytes <= nb_read ||
00345 opt->max_bytes <= nb_written ) )
00346 break;
00347 
00348 if( opt->conn_timeout != 0 &&
00349 opt->conn_timeout <= (int) get_timer( &t, 0 ) )
00350 break;
00351 }
00352 
00353 exit:
00354 
00355 fflush( stdout );
00356 
00357 if( read_buf != NULL )
00358 free( read_buf );
00359 
00360 if( write_buf != NULL )
00361 free( write_buf );
00362 
00363 ssl_close_notify( &ssl );
00364 x509_free( &srvcert );
00365 rsa_free( &rsa );
00366 ssl_free( &ssl );
00367 net_close( client_fd );
00368 
00369 return( ret );
00370 }
00371 
00372 #define USAGE \
00373  "\n usage: ssl_test opmode=<> command=<>...\n" \
00374  "\n acceptable parameters:\n" \
00375  " opmode=client/server default: <none>\n" \
00376  " iomode=block/nonblock default: block\n" \
00377  " server_name=%%s default: localhost\n" \
00378  " server_port=%%d default: 4433\n" \
00379  " command=read/write/both default: read\n" \
00380  " buffer_size=%%d (bytes) default: 1024\n" \
00381  " max_bytes=%%d (bytes) default: 0 (no limit)\n" \
00382  " debug_level=%%d default: 0 (disabled)\n" \
00383  " conn_timeout=%%d (ms) default: 0 (no timeout)\n" \
00384  " max_connections=%%d default: 0 (no limit)\n" \
00385  " session_reuse=on/off default: on (enabled)\n" \
00386  " session_lifetime=%%d (s) default: 86400\n" \
00387  " force_cipher=<name> default: all enabled\n" \
00388  " acceptable cipher names:\n" \
00389  " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
00390  " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
00391  " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
00392  " SSL_RSA_AES_256_SHA\n\n"
00393 
00394 int main( int argc, char *argv[] )
00395 {
00396 int i, j, n;
00397 int ret = 1;
00398 int nb_conn;
00399 char *p, *q;
00400 struct options opt;
00401 
00402 if( argc == 1 )
00403 {
00404 usage:
00405 printf( USAGE );
00406 goto exit;
00407 }
00408 
00409 opt.opmode = DFL_OPMODE;
00410 opt.iomode = DFL_IOMODE;
00411 opt.server_name = DFL_SERVER_NAME;
00412 opt.server_port = DFL_SERVER_PORT;
00413 opt.command = DFL_COMMAND;
00414 opt.buffer_size = DFL_BUFFER_SIZE;
00415 opt.max_bytes = DFL_MAX_BYTES;
00416 opt.debug_level = DFL_DEBUG_LEVEL;
00417 opt.conn_timeout = DFL_CONN_TIMEOUT;
00418 opt.max_connections = DFL_MAX_CONNECTIONS;
00419 opt.session_reuse = DFL_SESSION_REUSE;
00420 opt.session_lifetime = DFL_SESSION_LIFETIME;
00421 opt.force_cipher[0] = DFL_FORCE_CIPHER;
00422 
00423 for( i = 1; i < argc; i++ )
00424 {
00425 n = strlen( argv[i] );
00426 
00427 for( j = 0; j < n; j++ )
00428 {
00429 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
00430 argv[i][j] |= 0x20;
00431 }
00432 
00433 p = argv[i];
00434 if( ( q = strchr( p, '=' ) ) == NULL )
00435 continue;
00436 *q++ = '0円';
00437 
00438 if( strcmp( p, "opmode" ) == 0 )
00439 {
00440 if( strcmp( q, "client" ) == 0 )
00441 opt.opmode = OPMODE_CLIENT;
00442 else
00443 if( strcmp( q, "server" ) == 0 )
00444 opt.opmode = OPMODE_SERVER;
00445 else goto usage;
00446 }
00447 
00448 if( strcmp( p, "iomode" ) == 0 )
00449 {
00450 if( strcmp( q, "block" ) == 0 )
00451 opt.iomode = IOMODE_BLOCK;
00452 else
00453 if( strcmp( q, "nonblock" ) == 0 )
00454 opt.iomode = IOMODE_NONBLOCK;
00455 else goto usage;
00456 }
00457 
00458 if( strcmp( p, "server_name" ) == 0 )
00459 opt.server_name = q;
00460 
00461 if( strcmp( p, "server_port" ) == 0 )
00462 {
00463 opt.server_port = atoi( q );
00464 if( opt.server_port < 1 || opt.server_port > 65535 )
00465 goto usage;
00466 }
00467 
00468 if( strcmp( p, "command" ) == 0 )
00469 {
00470 if( strcmp( q, "read" ) == 0 )
00471 opt.command = COMMAND_READ;
00472 else
00473 if( strcmp( q, "write" ) == 0 )
00474 opt.command = COMMAND_WRITE;
00475 else
00476 if( strcmp( q, "both" ) == 0 )
00477 {
00478 opt.iomode = IOMODE_NONBLOCK;
00479 opt.command = COMMAND_BOTH;
00480 }
00481 else goto usage;
00482 }
00483 
00484 if( strcmp( p, "buffer_size" ) == 0 )
00485 {
00486 opt.buffer_size = atoi( q );
00487 if( opt.buffer_size < 1 || opt.buffer_size > 1048576 )
00488 goto usage;
00489 }
00490 
00491 if( strcmp( p, "max_bytes" ) == 0 )
00492 opt.max_bytes = atoi( q );
00493 
00494 if( strcmp( p, "debug_level" ) == 0 )
00495 opt.debug_level = atoi( q );
00496 
00497 if( strcmp( p, "conn_timeout" ) == 0 )
00498 opt.conn_timeout = atoi( q );
00499 
00500 if( strcmp( p, "max_connections" ) == 0 )
00501 opt.max_connections = atoi( q );
00502 
00503 if( strcmp( p, "session_reuse" ) == 0 )
00504 {
00505 if( strcmp( q, "on" ) == 0 )
00506 opt.session_reuse = 1;
00507 else
00508 if( strcmp( q, "off" ) == 0 )
00509 opt.session_reuse = 0;
00510 else
00511 goto usage;
00512 }
00513 
00514 if( strcmp( p, "session_lifetime" ) == 0 )
00515 opt.session_lifetime = atoi( q );
00516 
00517 if( strcmp( p, "force_cipher" ) == 0 )
00518 {
00519 opt.force_cipher[0] = -1;
00520 
00521 if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
00522 opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
00523 
00524 if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
00525 opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
00526 
00527 if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
00528 opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
00529 
00530 if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
00531 opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
00532 
00533 if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
00534 opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
00535 
00536 if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
00537 opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
00538 
00539 if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
00540 opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
00541 
00542 if( opt.force_cipher[0] < 0 )
00543 goto usage;
00544 
00545 opt.force_cipher[1] = 0;
00546 }
00547 }
00548 
00549 switch( opt.opmode )
00550 {
00551 case OPMODE_CLIENT:
00552 break;
00553 
00554 case OPMODE_SERVER:
00555 break;
00556 
00557 default:
00558 goto usage;
00559 }
00560 
00561 nb_conn = 0;
00562 
00563 do {
00564 nb_conn++;
00565 ret = ssl_test( &opt );
00566 if( opt.max_connections != 0 &&
00567 opt.max_connections <= nb_conn )
00568 break;
00569 }
00570 while( ret == 0 );
00571 
00572 exit:
00573 
00574 #ifdef WIN32
00575 printf( " Press Enter to exit this program.\n" );
00576 fflush( stdout ); getchar();
00577 #endif
00578 
00579 return( ret );
00580 }