2 sptps_test.c -- Simple Peer-to-Peer Security test program
3 Copyright (C) 2011-2022 Guus Sliepen <guus@tinc-vpn.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include <linux/if_tun.h>
36 #define closesocket(s) close(s)
39 // Symbols necessary to link with logger.o
40 bool send_request(struct connection_t *c, const char *msg, ...) {
46 list_t connection_list;
48 bool send_meta(struct connection_t *c, const void *msg, size_t len) {
55 bool do_detach = false;
61 static bool writeonly;
64 int addressfamily = AF_UNSPEC;
66 static bool send_data(void *handle, uint8_t type, const void *data, size_t len) {
68 char *hex = alloca(len * 2 + 1);
69 bin2hex(data, hex, len);
72 fprintf(stderr, "Sending %lu bytes of data:\n%s\n", (unsigned long)len, hex);
75 const int *sock = handle;
79 ssize_t sent = send(*sock, p, len, 0);
82 fprintf(stderr, "Error sending data: %s\n", strerror(errno));
93 static bool receive_record(void *handle, uint8_t type, const void *data, uint16_t len) {
97 fprintf(stderr, "Received type %d record of %u bytes:\n", type, len);
104 const char *p = data;
107 ssize_t written = write(out, p, len);
110 fprintf(stderr, "Error writing received data: %s\n", strerror(errno));
121 typedef enum option_t {
122 OPT_BAD_OPTION = '?',
127 OPT_QUIT_ON_EOF = 'q',
130 OPT_PACKET_LOSS = 'L',
131 OPT_REPLAY_WINDOW = 'W',
132 OPT_SPECIAL_CHAR = 's',
135 OPT_CIPHER_SUITES = 'M',
136 OPT_PREFERRED_SUITE = 'P',
144 static struct option const long_options[] = {
145 {"datagram", no_argument, NULL, OPT_DATAGRAM},
146 {"quit", no_argument, NULL, OPT_QUIT_ON_EOF},
147 {"readonly", no_argument, NULL, OPT_READONLY},
148 {"writeonly", no_argument, NULL, OPT_WRITEONLY},
149 {"packet-loss", required_argument, NULL, OPT_PACKET_LOSS},
150 {"replay-window", required_argument, NULL, OPT_REPLAY_WINDOW},
151 {"special", no_argument, NULL, OPT_SPECIAL_CHAR},
152 {"tun", no_argument, NULL, OPT_TUN},
153 {"verbose", required_argument, NULL, OPT_VERBOSE},
154 {"cipher-suites", required_argument, NULL, OPT_CIPHER_SUITES},
155 {"preferred-suite", required_argument, NULL, OPT_PREFERRED_SUITE},
156 {"help", no_argument, NULL, OPT_HELP},
160 static void usage(void) {
162 "Usage: %s [options] my_ed25519_key_file his_ed25519_key_file [host] port\n"
164 "Valid options are:\n"
165 " -d, --datagram Enable datagram mode.\n"
166 " -q, --quit Quit when EOF occurs on stdin.\n"
167 " -r, --readonly Only send data from the socket to stdout.\n"
169 " -t, --tun Use a tun device instead of stdio.\n"
171 " -w, --writeonly Only send data from stdin to the socket.\n"
172 " -L, --packet-loss RATE Fake packet loss of RATE percent.\n"
173 " -R, --replay-window N Set replay window to N bytes.\n"
174 " -M, --cipher-suites MASK Set the mask of allowed cipher suites.\n"
175 " -P, --preferred-suite N Set the preferred cipher suite.\n"
176 " -s, --special Enable special handling of lines starting with #, ^ and $.\n"
177 " -v, --verbose Display debug messages.\n"
181 "Report bugs to tinc@tinc-vpn.org.\n",
187 int stdin_sock_fd = -1;
189 // Windows does not allow calling select() on anything but sockets. Therefore,
190 // to keep the same code as on other operating systems, we have to put a
191 // separate thread between the stdin and the sptps loop way below. This thread
192 // reads stdin and sends its content to the main thread through a TCP socket,
193 // which can be properly select()'ed.
194 static DWORD WINAPI stdin_reader_thread(LPVOID arg) {
195 struct sockaddr_in sa;
196 socklen_t sa_size = sizeof(sa);
199 int peer_fd = accept(stdin_sock_fd, (struct sockaddr *) &sa, &sa_size);
202 fprintf(stderr, "accept() failed: %s\n", strerror(errno));
207 fprintf(stderr, "New connection received from :%d\n", ntohs(sa.sin_port));
213 while((nread = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
215 fprintf(stderr, "Read %lld bytes from input\n", nread);
219 ssize_t nleft = nread;
222 ssize_t nsend = send(peer_fd, start, nleft, 0);
225 if(sockwouldblock(sockerrno)) {
237 fprintf(stderr, "Could not send data: %s\n", strerror(errno));
242 fprintf(stderr, "Sent %lld bytes to peer\n", nread);
246 closesocket(peer_fd);
249 closesocket(stdin_sock_fd);
254 static int start_input_reader(void) {
255 if(stdin_sock_fd != -1) {
256 fprintf(stderr, "stdin thread can only be started once.\n");
260 stdin_sock_fd = socket(AF_INET, SOCK_STREAM, 0);
262 if(stdin_sock_fd < 0) {
263 fprintf(stderr, "Could not create server socket: %s\n", strerror(errno));
267 struct sockaddr_in serv_sa;
269 memset(&serv_sa, 0, sizeof(serv_sa));
271 serv_sa.sin_family = AF_INET;
273 serv_sa.sin_addr.s_addr = htonl(0x7f000001); // 127.0.0.1
275 int res = bind(stdin_sock_fd, (struct sockaddr *)&serv_sa, sizeof(serv_sa));
278 fprintf(stderr, "Could not bind socket: %s\n", strerror(errno));
282 if(listen(stdin_sock_fd, 1) < 0) {
283 fprintf(stderr, "Could not listen: %s\n", strerror(errno));
287 struct sockaddr_in connect_sa;
289 socklen_t addr_len = sizeof(connect_sa);
291 if(getsockname(stdin_sock_fd, (struct sockaddr *)&connect_sa, &addr_len) < 0) {
292 fprintf(stderr, "Could not determine the address of the stdin thread socket\n");
297 fprintf(stderr, "stdin thread is listening on :%d\n", ntohs(connect_sa.sin_port));
300 if(!CreateThread(NULL, 0, stdin_reader_thread, NULL, 0, NULL)) {
301 fprintf(stderr, "Could not start reader thread: %d\n", GetLastError());
305 int client_fd = socket(AF_INET, SOCK_STREAM, 0);
308 fprintf(stderr, "Could not create client socket: %s\n", strerror(errno));
312 if(connect(client_fd, (struct sockaddr *)&connect_sa, sizeof(connect_sa)) < 0) {
313 fprintf(stderr, "Could not connect: %s\n", strerror(errno));
314 closesocket(client_fd);
322 if(stdin_sock_fd != -1) {
323 closesocket(stdin_sock_fd);
330 #endif // HAVE_WINDOWS
332 static void print_listening_msg(int sock) {
334 socklen_t salen = sizeof(sa);
337 if(!getsockname(sock, &sa.sa, &salen)) {
338 port = ntohs(sa.in.sin_port);
341 fprintf(stderr, "Listening on %d...\n", port);
345 static int run_test(int argc, char *argv[]) {
346 program_name = argv[0];
347 bool initiator = false;
348 bool datagram = false;
354 int option_index = 0;
356 unsigned long cipher_suites = SPTPS_ALL_CIPHER_SUITES;
357 unsigned long preferred_suite = 0;
359 while((r = getopt_long(argc, argv, "dqrstwL:W:v46", long_options, &option_index)) != EOF) {
360 switch((option_t) r) {
361 case OPT_LONG_OPTION:
372 case OPT_QUIT_ON_EOF:
384 fprintf(stderr, "--tun is only supported on Linux.\n");
394 case OPT_PACKET_LOSS:
395 packetloss = atoi(optarg);
398 case OPT_REPLAY_WINDOW:
399 sptps_replaywin = atoi(optarg);
402 case OPT_CIPHER_SUITES:
403 cipher_suites = strtoul(optarg, NULL, 0);
406 case OPT_PREFERRED_SUITE:
407 preferred_suite = strtoul(optarg, NULL, 0);
414 case OPT_SPECIAL_CHAR:
419 addressfamily = AF_INET;
423 addressfamily = AF_INET6;
438 if(argc < 4 || argc > 5) {
439 fprintf(stderr, "Wrong number of arguments.\n");
451 in = out = open("/dev/net/tun", O_RDWR | O_NONBLOCK);
454 fprintf(stderr, "Could not open tun device: %s\n", strerror(errno));
462 if(ioctl(in, TUNSETIFF, &ifr)) {
463 fprintf(stderr, "Could not configure tun interface: %s\n", strerror(errno));
467 ifr.ifr_name[IFNAMSIZ - 1] = 0;
468 fprintf(stderr, "Using tun interface %s\n", ifr.ifr_name);
474 static struct WSAData wsa_state;
476 if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) {
482 struct addrinfo *ai, hint;
483 memset(&hint, 0, sizeof(hint));
485 hint.ai_family = addressfamily;
486 hint.ai_socktype = datagram ? SOCK_DGRAM : SOCK_STREAM;
487 hint.ai_protocol = datagram ? IPPROTO_UDP : IPPROTO_TCP;
488 hint.ai_flags = initiator ? 0 : AI_PASSIVE;
490 if(getaddrinfo(initiator ? argv[3] : NULL, initiator ? argv[4] : argv[3], &hint, &ai) || !ai) {
491 fprintf(stderr, "getaddrinfo() failed: %s\n", sockstrerror(sockerrno));
495 int sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
498 fprintf(stderr, "Could not create socket: %s\n", sockstrerror(sockerrno));
504 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
507 int res = connect(sock, ai->ai_addr, ai->ai_addrlen);
513 fprintf(stderr, "Could not connect to peer: %s\n", sockstrerror(sockerrno));
517 fprintf(stderr, "Connected\n");
519 int res = bind(sock, ai->ai_addr, ai->ai_addrlen);
525 fprintf(stderr, "Could not bind socket: %s\n", sockstrerror(sockerrno));
530 if(listen(sock, 1)) {
531 fprintf(stderr, "Could not listen on socket: %s\n", sockstrerror(sockerrno));
535 print_listening_msg(sock);
537 sock = accept(sock, NULL, NULL);
540 fprintf(stderr, "Could not accept connection: %s\n", sockstrerror(sockerrno));
544 print_listening_msg(sock);
547 struct sockaddr addr;
548 socklen_t addrlen = sizeof(addr);
550 if(recvfrom(sock, buf, sizeof(buf), MSG_PEEK, &addr, &addrlen) <= 0) {
551 fprintf(stderr, "Could not read from socket: %s\n", sockstrerror(sockerrno));
555 if(connect(sock, &addr, addrlen)) {
556 fprintf(stderr, "Could not accept connection: %s\n", sockstrerror(sockerrno));
561 fprintf(stderr, "Connected\n");
564 FILE *fp = fopen(argv[1], "r");
567 fprintf(stderr, "Could not open %s: %s\n", argv[1], strerror(errno));
571 ecdsa_t *mykey = NULL;
573 if(!(mykey = ecdsa_read_pem_private_key(fp))) {
579 fp = fopen(argv[2], "r");
582 fprintf(stderr, "Could not open %s: %s\n", argv[2], strerror(errno));
587 ecdsa_t *hiskey = NULL;
589 if(!(hiskey = ecdsa_read_pem_public_key(fp))) {
597 fprintf(stderr, "Keys loaded\n");
602 sptps_params_t params = {
604 .initiator = initiator,
605 .datagram = datagram,
608 .label = "sptps_test",
609 .send_data = send_data,
610 .receive_record = receive_record,
611 .cipher_suites = cipher_suites,
612 .preferred_suite = preferred_suite,
615 if(!sptps_start(&s, ¶ms)) {
624 in = start_input_reader();
627 fprintf(stderr, "Could not init stdin reader thread\n");
636 int max_fd = MAX(sock, in);
639 if(writeonly && readonly) {
643 char buf[65535] = "";
644 size_t readsize = datagram ? 1460u : sizeof(buf);
649 if(!readonly && s.instate) {
655 if(select(max_fd + 1, &fds, NULL, NULL, NULL) <= 0) {
661 if(FD_ISSET(in, &fds)) {
663 ssize_t len = recv(in, buf, readsize, 0);
665 ssize_t len = read(in, buf, readsize);
669 fprintf(stderr, "Could not read from stdin: %s\n", strerror(errno));
677 shutdown(in, SD_SEND);
689 if(special && buf[0] == '#') {
690 s.outseqno = atoi(buf + 1);
693 if(special && buf[0] == '^') {
694 sptps_send_record(&s, SPTPS_HANDSHAKE, NULL, 0);
695 } else if(special && buf[0] == '$') {
699 sptps_send_record(&s, 0, buf, len);
701 } else if(!sptps_send_record(&s, buf[0] == '!' ? 1 : 0, buf, (len == 1 && buf[0] == '\n') ? 0 : buf[0] == '*' ? sizeof(buf) : (size_t)len)) {
708 if(FD_ISSET(sock, &fds)) {
709 ssize_t len = recv(sock, buf, sizeof(buf), 0);
712 fprintf(stderr, "Could not read from socket: %s\n", sockstrerror(sockerrno));
719 fprintf(stderr, "Connection terminated by peer.\n");
724 char *hex = alloca(len * 2 + 1);
725 bin2hex(buf, hex, len);
726 fprintf(stderr, "Received %ld bytes of data:\n%s\n", (long)len, hex);
729 if(packetloss && (int)prng(100) < packetloss) {
731 fprintf(stderr, "Dropped.\n");
740 size_t done = sptps_receive_data(&s, bufp, len);
751 len -= (ssize_t) done;
756 bool stopped = sptps_stop(&s);
765 int main(int argc, char *argv[]) {
770 int result = run_test(argc, argv);
projects / tinc / blob