1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <gmssl/oid.h>
15 #include <gmssl/x509.h>
16 #include <gmssl/rand.h>
17 #include <gmssl/error.h>
18 #include <gmssl/tls.h>
19 #include <gmssl/sm3.h>
20 #include <gmssl/sm4.h>
21
test_tls_encode(void)22 static int test_tls_encode(void)
23 {
24 uint8_t a1 = 200;
25 uint16_t a2 = 30000;
26 uint24_t a3 = 4000000;
27 uint32_t a4 = 4000000000;
28 uint8_t data[] = {1, 2, 3, 4, 5, 6, 7, 8};
29
30 uint8_t r1;
31 uint16_t r2;
32 uint24_t r3;
33 uint32_t r4;
34 const uint8_t *pdata;
35 size_t datalen;
36
37 uint8_t buf[256];
38 uint8_t *p = buf;
39 const uint8_t *cp = buf;
40 size_t len = 0;
41
42 tls_uint8_to_bytes(a1, &p, &len);
43 tls_uint16_to_bytes(a2, &p, &len);
44 tls_uint24_to_bytes(a3, &p, &len);
45 tls_uint32_to_bytes(a4, &p, &len);
46 tls_uint8array_to_bytes(data, 5, &p, &len);
47 tls_uint16array_to_bytes(data, 6, &p, &len);
48 tls_uint24array_to_bytes(data, 7, &p, &len);
49
50 if (tls_uint8_from_bytes(&r1, &cp, &len) != 1 || r1 != a1
51 || tls_uint16_from_bytes(&r2, &cp, &len) != 1 || r2 != a2
52 || tls_uint24_from_bytes(&r3, &cp, &len) != 1 || r3 != a3
53 || tls_uint32_from_bytes(&r4, &cp, &len) != 1 || r4 != a4
54 || tls_uint8array_from_bytes(&pdata, &datalen, &cp, &len) != 1 || datalen != 5 || memcmp(pdata, data, 5) != 0
55 || tls_uint16array_from_bytes(&pdata, &datalen, &cp, &len) != 1 || datalen != 6 || memcmp(pdata, data, 6) != 0
56 || tls_uint24array_from_bytes(&pdata, &datalen, &cp, &len) != 1 || datalen != 7 || memcmp(pdata, data, 7) != 0
57 || len > 0) {
58 error_print();
59 return -1;
60 }
61
62 printf("%s() ok\n", __FUNCTION__);
63 return 1;
64 }
65
test_tls_cbc(void)66 static int test_tls_cbc(void)
67 {
68 uint8_t key[32] = {0};
69 SM3_HMAC_CTX hmac_ctx;
70 SM4_KEY sm4_key;
71 uint8_t seq_num[8] = { 0,0,0,0,0,0,0,1 };
72 uint8_t header[5];
73 uint8_t in[] = "hello world";
74 uint8_t out[256];
75 uint8_t buf[256] = {0};
76 size_t len;
77 size_t buflen;
78
79 header[0] = TLS_record_handshake;
80 header[1] = TLS_protocol_tls12 >> 8;
81 header[2] = TLS_protocol_tls12 & 0xff;
82 header[3] = sizeof(in) >> 8;
83 header[4] = sizeof(in) & 0xff;
84
85 sm3_hmac_init(&hmac_ctx, key, 32);
86 sm4_set_encrypt_key(&sm4_key, key);
87 tls_cbc_encrypt(&hmac_ctx, &sm4_key, seq_num, header, in, sizeof(in), out, &len);
88
89 sm3_hmac_init(&hmac_ctx, key, 32);
90 sm4_set_decrypt_key(&sm4_key, key);
91
92 tls_cbc_decrypt(&hmac_ctx, &sm4_key, seq_num, header, out, len, buf, &buflen);
93
94 printf("%s() ok\n", __FUNCTION__);
95 return 1;
96 }
97
test_tls_random(void)98 static int test_tls_random(void)
99 {
100 uint8_t random[32];
101 tls_random_generate(random);
102 tls_random_print(stdout, random, 0, 0);
103
104 printf("%s() ok\n", __FUNCTION__);
105 return 1;
106 }
107
test_tls_client_hello(void)108 static int test_tls_client_hello(void)
109 {
110 uint8_t record[512];
111 size_t recordlen = 0;
112
113 int version = TLS_protocol_tlcp;
114 uint8_t random[32];
115 int cipher_suites[] = {
116 TLS_cipher_ecc_sm4_cbc_sm3,
117 TLS_cipher_ecc_sm4_gcm_sm3,
118 TLS_cipher_ecdhe_sm4_cbc_sm3,
119 TLS_cipher_ecdhe_sm4_gcm_sm3,
120 TLS_cipher_ibsdh_sm4_cbc_sm3,
121 TLS_cipher_ibsdh_sm4_gcm_sm3,
122 TLS_cipher_ibc_sm4_cbc_sm3,
123 TLS_cipher_ibc_sm4_gcm_sm3,
124 TLS_cipher_rsa_sm4_cbc_sm3,
125 TLS_cipher_rsa_sm4_gcm_sm3,
126 TLS_cipher_rsa_sm4_cbc_sha256,
127 TLS_cipher_rsa_sm4_gcm_sha256,
128 };
129 int comp_meths[] = {0};
130
131 tls_record_set_protocol(record, TLS_protocol_tlcp);
132 if (tls_record_set_handshake_client_hello(record, &recordlen,
133 version,
134 random,
135 NULL, 0,
136 cipher_suites, sizeof(cipher_suites)/sizeof(cipher_suites[0]),
137 NULL, 0) != 1) {
138 error_print();
139 return -1;
140 }
141 tls_client_hello_print(stdout, record + 5 + 4, recordlen - 5 -4, 0, 4);
142
143 printf("%s() ok\n", __FUNCTION__);
144 return 1;
145 }
146
test_tls_server_hello(void)147 static int test_tls_server_hello(void)
148 {
149 uint8_t record[512];
150 size_t recordlen = 0;
151
152 uint8_t random[32];
153 uint16_t cipher_suite = TLS_cipher_ecdhe_sm4_cbc_sm3;
154
155
156 tls_record_set_protocol(record, TLS_protocol_tlcp);
157 if (tls_record_set_handshake_server_hello(record, &recordlen,
158 TLS_protocol_tlcp,
159 random,
160 NULL, 0,
161 cipher_suite,
162 NULL, 0) != 1) {
163 error_print();
164 return -1;
165 }
166 tls_server_hello_print(stdout, record + 5 + 4, recordlen - 5 -4, 0, 0);
167
168 printf("%s() ok\n", __FUNCTION__);
169 return 1;
170 }
171
test_tls_certificate(void)172 static int test_tls_certificate(void)
173 {
174 uint8_t record[1024];
175 size_t recordlen = 0;
176 FILE *fp = NULL;
177
178 // 测试函数不要有外部的依赖
179 // TODO: 输出一些握手过程的record字节数组和handshake字节数组,作为后续测试的测试数据
180
181 /*
182 if (!(fp = fopen("cacert.pem", "r"))) {
183 error_print();
184 return -1;
185 }
186 if (tls_record_set_handshake_certificate_from_pem(record, &recordlen, fp) != 1) {
187 error_print();
188 return -1;
189 }
190 tls_certificate_print(stdout, record + 9, recordlen - 9, 0, 0);
191 */
192
193 printf("%s() ok\n", __FUNCTION__);
194 return 1;
195 }
196
test_tls_server_key_exchange(void)197 static int test_tls_server_key_exchange(void)
198 {
199 uint8_t record[1024];
200 size_t recordlen = 0;
201 uint8_t sig[SM2_MAX_SIGNATURE_SIZE] = {0xAA, 0xBB};
202 const uint8_t *psig;
203 size_t siglen;
204
205 tls_record_set_protocol(record, TLS_protocol_tlcp);
206 if (tlcp_record_set_handshake_server_key_exchange_pke(record, &recordlen, sig, sizeof(sig)) != 1) {
207 error_print();
208 return -1;
209 }
210 if (tlcp_record_get_handshake_server_key_exchange_pke(record, &psig, &siglen) != 1) {
211 error_print();
212 return -1;
213 }
214 format_bytes(stdout, 0, 0, "server_key_exchange siganture", psig, siglen);
215
216 printf("%s() ok\n", __FUNCTION__);
217 return 1;
218 }
219
test_tls_certificate_verify(void)220 static int test_tls_certificate_verify(void)
221 {
222 uint8_t record[1024];
223 size_t recordlen = 0;
224 uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
225 const uint8_t *psig;
226 size_t siglen;
227
228 tls_record_set_protocol(record, TLS_protocol_tls12);
229 if (tls_record_set_handshake_certificate_verify(record, &recordlen, sig, sizeof(sig)) != 1) {
230 error_print();
231 return -1;
232 }
233 if (tls_record_get_handshake_certificate_verify(record, &psig, &siglen) != 1) {
234 error_print();
235 return -1;
236 }
237 tls_certificate_verify_print(stdout, psig, siglen, 0, 0);
238
239 printf("%s() ok\n", __FUNCTION__);
240 return 1;
241 }
242
test_tls_finished(void)243 static int test_tls_finished(void)
244 {
245 uint8_t record[1024];
246 size_t recordlen = 0;
247 uint8_t verify_data[12];
248 const uint8_t *verify_data_ptr;
249 size_t verify_data_len;
250
251 if (tls_record_set_handshake_finished(record, &recordlen, verify_data, sizeof(verify_data)) != 1) {
252 error_print();
253 return -1;
254 }
255 if (tls_record_get_handshake_finished(record, &verify_data_ptr, &verify_data_len) != 1) {
256 error_print();
257 return -1;
258 }
259 tls_finished_print(stdout, verify_data_ptr, verify_data_len, 0, 0);
260
261 printf("%s() ok\n", __FUNCTION__);
262 return 1;
263 }
264
test_tls_alert(void)265 static int test_tls_alert(void)
266 {
267 uint8_t record[1024];
268 size_t recordlen = 0;
269 int level;
270 int reason;
271
272 if (tls_record_set_alert(record, &recordlen, TLS_alert_level_fatal, TLS_alert_close_notify) != 1) {
273 error_print();
274 return -1;
275 }
276 if (tls_record_get_alert(record, &level, &reason) != 1) {
277 error_print();
278 return -1;
279 }
280 tls_alert_print(stdout, record + 5, recordlen - 5, 0, 0);
281
282 printf("%s() ok\n", __FUNCTION__);
283 return 1;
284 }
285
test_tls_change_cipher_spec(void)286 static int test_tls_change_cipher_spec(void)
287 {
288 uint8_t record[1024];
289 size_t recordlen = 0;
290
291 if (tls_record_set_change_cipher_spec(record, &recordlen) != 1) {
292 error_print();
293 return -1;
294 }
295 if (tls_record_get_change_cipher_spec(record) != 1) {
296 error_print();
297 return -1;
298 }
299 tls_change_cipher_spec_print(stdout, record + 5, recordlen - 5, 0, 0);
300
301 printf("%s() ok\n", __FUNCTION__);
302 return 1;
303 }
304
test_tls_application_data(void)305 static int test_tls_application_data(void)
306 {
307 uint8_t record[1024];
308 size_t recordlen = 0;
309 uint8_t data[88];
310 const uint8_t *p;
311 size_t len;
312
313 if (tls_record_set_application_data(record, &recordlen, data, sizeof(data)) != 1) {
314 error_print();
315 return -1;
316 }
317 if (tls_record_get_application_data(record, &p, &len) != 1) {
318 error_print();
319 return -1;
320 }
321 tls_application_data_print(stdout, p, len, 0, 0);
322
323 printf("%s() ok\n", __FUNCTION__);
324 return 1;
325 }
326
main(void)327 int main(void)
328 {
329 if (test_tls_encode() != 1) goto err;
330 if (test_tls_cbc() != 1) goto err;
331 if (test_tls_random() != 1) goto err;
332 if (test_tls_client_hello() != 1) goto err;
333 if (test_tls_server_hello() != 1) goto err;
334 if (test_tls_certificate() != 1) goto err;
335 if (test_tls_server_key_exchange() != 1) goto err;
336 if (test_tls_certificate_verify() != 1) goto err;
337 if (test_tls_finished() != 1) goto err;
338 if (test_tls_alert() != 1) goto err;
339 if (test_tls_change_cipher_spec() != 1) goto err;
340 if (test_tls_application_data() != 1) goto err;
341 printf("%s all tests passed\n", __FILE__);
342 return 0;
343 err:
344 error_print();
345 return -1;
346 }
347