This commit adds TLS testing to nbd-tester-client and 'make check'. If TLS is not compiled in, then the test is skipped.
Signed-off-by: Alex Bligh <[email protected]> --- nbd.h | 2 + tests/run/Makefile.am | 13 +++- tests/run/certs/ca-cert.pem | 20 +++++ tests/run/certs/ca-key.pem | 32 ++++++++ tests/run/certs/ca.info | 3 + tests/run/certs/client-cert.pem | 23 ++++++ tests/run/certs/client-key.pem | 32 ++++++++ tests/run/certs/client.info | 8 ++ tests/run/certs/server-cert.pem | 22 ++++++ tests/run/certs/server-key.pem | 32 ++++++++ tests/run/certs/server.info | 5 ++ tests/run/nbd-tester-client.c | 169 +++++++++++++++++++++++++++++++++++++++- tests/run/simple_test | 45 +++++++++++ 13 files changed, 402 insertions(+), 4 deletions(-) create mode 100644 tests/run/certs/ca-cert.pem create mode 100644 tests/run/certs/ca-key.pem create mode 100644 tests/run/certs/ca.info create mode 100644 tests/run/certs/client-cert.pem create mode 100644 tests/run/certs/client-key.pem create mode 100644 tests/run/certs/client.info create mode 100644 tests/run/certs/server-cert.pem create mode 100644 tests/run/certs/server-key.pem create mode 100644 tests/run/certs/server.info diff --git a/nbd.h b/nbd.h index 732c605..90c97a6 100644 --- a/nbd.h +++ b/nbd.h @@ -59,6 +59,8 @@ enum { #define NBD_REPLY_MAGIC 0x67446698 /* Do *not* use magics: 0x12560953 0x96744668. */ +#define NBD_OPT_REPLY_MAGIC 0x3e889045565a9LL + /* * This is the packet used for communication between client and * server. All data are in network byte order. diff --git a/tests/run/Makefile.am b/tests/run/Makefile.am index d1e28ed..050b51d 100644 --- a/tests/run/Makefile.am +++ b/tests/run/Makefile.am @@ -1,11 +1,16 @@ +if GNUTLS +TLSSRC = $(top_srcdir)/crypto-gnutls.c $(top_srcdir)/crypto-gnutls.h $(top_srcdir)/buffer.c $(top_srcdir)/buffer.h +else +TLSSRC = +endif TESTS_ENVIRONMENT=$(srcdir)/simple_test -TESTS = cfg1 cfgmulti cfgnew cfgsize write flush integrity dirconfig list rowrite tree rotree unix #integrityhuge +TESTS = cfg1 cfgmulti cfgnew cfgsize write flush integrity dirconfig list rowrite tree rotree unix tls #integrityhuge tlshuge check_PROGRAMS = nbd-tester-client -nbd_tester_client_SOURCES = nbd-tester-client.c $(top_srcdir)/cliserv.h $(top_srcdir)/netdb-compat.h $(top_srcdir)/cliserv.c $(top_srcdir)/buffer.h $(top_srcdir)/buffer.c $(top_srcdir)/crypto-gnutls.h $(top_srcdir)/crypto-gnutls.c +nbd_tester_client_SOURCES = nbd-tester-client.c $(top_srcdir)/cliserv.h $(top_srcdir)/netdb-compat.h $(top_srcdir)/cliserv.c $(TLSSRC) nbd_tester_client_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ nbd_tester_client_CPPFLAGS = -I$(top_srcdir) nbd_tester_client_LDADD = @GLIB_LIBS@ -EXTRA_DIST = integrity-test.tr integrityhuge-test.tr simple_test +EXTRA_DIST = integrity-test.tr integrityhuge-test.tr simple_test certs/client-key.pem certs/client-cert.pem certs/server-cert.pem certs/ca-cert.pem certs/ca.info certs/client.info certs/server-key.pem certs/ca-key.pem certs/server.info cfg1: cfgmulti: cfgnew: @@ -20,3 +25,5 @@ rowrite: tree: rotree: unix: +tls: +tlshuge: diff --git a/tests/run/certs/ca-cert.pem b/tests/run/certs/ca-cert.pem new file mode 100644 index 0000000..a3b8ba0 --- /dev/null +++ b/tests/run/certs/ca-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAgOgAwIBAgIEVwQNzDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwpB +bGV4IEJsaWdoMB4XDTE2MDQwNTE5MTEwOFoXDTE3MDQwNTE5MTEwOFowFTETMBEG +A1UEAxMKQWxleCBCbGlnaDCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggEx +AMTtsWhYOU8iEFlGfkCb+RbqeyansOHjVS90jLNXSmd8GLS9vpfLogR3b4Vc9jCc +aJuQqJhSvhP5JDOuEycEN3u8Yhemi1AEPiF6ZIRczTxw4cWgR6km0g4AoaSFTWD7 +baQkqKFygawYY8rDS0Q7Op+POqpCUz7irRSGbig3FVA3QLoGGBkiY8baB795XP6r +SBmyURWnPNVpsmFf0c5GbLb+CriUkmaR3Hf9cUj/Q2fowRJ3zBSukl4Xiw20Aj6T +PL/k6yFJvqX5j4BtWUNG6aji6ckbtg1gnEW65wPYw1Mzw5wGFA73u+1lT5/vVhmA +CZaCKuu5wKGJe7fHhdvE23BPcJZ699/miRBERLnOVQnO6t3SAgMOS3yQ5TlPczXd +P9GBfnk6FaVjvY98nPgQeAkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV +HQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBS+f9HxvzeLlZ1ubwEC1PC7ZREDnjANBgkq +hkiG9w0BAQsFAAOCATEAvayiGrM7ouetVPZkxKF0qIWMsXh29gNuB7L4iHUTsIQn +3uB/EdrtvWCZw9S++y87XEoxbyBjX4GRJiB2/6+098YGA5QBa2+f2rtZeMbeGsDz +pZmvwXNBJOyZM7GY7c+yvsrPnUdd25cWXFslQAWvvNuRyW/oTbVVlAT36UJaMBDh +uteuQT33AH+RU49ZHZrSEaMeM9mXOPquLkHPsXiG4XHLTBZnVj6Y90iz7SXRRg6s +u2q4kiej8Jy9KlcPKgpbvij3tKmYuBpadQrVGG8U2mRFWuc2561cIWQiLWiRvPM+ +GjlfmyIwkUoLjo54qaCOE6sIKAX1bw/JVZeHrVvvjeEnqCfnnJyfOicdG7eW0BjI +3016pFiSL7Eqiei9ltMFYoag6plz1mAAOudFZUQKhg== +-----END CERTIFICATE----- diff --git a/tests/run/certs/ca-key.pem b/tests/run/certs/ca-key.pem new file mode 100644 index 0000000..ed76fd8 --- /dev/null +++ b/tests/run/certs/ca-key.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFewIBAAKCATEAxO2xaFg5TyIQWUZ+QJv5Fup7Jqew4eNVL3SMs1dKZ3wYtL2+ +l8uiBHdvhVz2MJxom5ComFK+E/kkM64TJwQ3e7xiF6aLUAQ+IXpkhFzNPHDhxaBH +qSbSDgChpIVNYPttpCSooXKBrBhjysNLRDs6n486qkJTPuKtFIZuKDcVUDdAugYY +GSJjxtoHv3lc/qtIGbJRFac81WmyYV/RzkZstv4KuJSSZpHcd/1xSP9DZ+jBEnfM +FK6SXheLDbQCPpM8v+TrIUm+pfmPgG1ZQ0bpqOLpyRu2DWCcRbrnA9jDUzPDnAYU +Dve77WVPn+9WGYAJloIq67nAoYl7t8eF28TbcE9wlnr33+aJEEREuc5VCc7q3dIC +Aw5LfJDlOU9zNd0/0YF+eToVpWO9j3yc+BB4CQIDAQABAoIBMAUzK4yQS88ZnKnm +0R2eoLior2DJa8PDL3Ql1TNFGktaPQLEwdwbPed1SeYRGtUUxDRbYQBIqwk2+mw8 +6/eLRnXHdyWdua7+ta9HnpDaLHcsmeGQhmPiiQhinuILvQvTB8WeTC+bKO5k5Hmt +p3ahQ76D1y44ux79eEmC9TSto6vvEY/36jn7rPvKtQqqxzhYSHqZOUfjlxkheeaG +3xPzL+D2CsU2Qxqv4UwLzO4RcswyI9c1TzOWsXR0N8YRN2eLu+E7KlpXaa9WBBvt +F/LYLM/y8+Wcm5yzUYOcobdnV+Y3zzjxJLg0BNM2NVVa3+W07RpNX+tqfqhCtAaO +suWV0Sk/1XZuPA7bgamVGzJdDY6muBa3kaI/LOTknp41WViQVHz3kiSDvVLoWMGm +pqNxrMECgZkAxZ8eCuUBI0bP5f265nA9/cI0YLYPa2mSqzTwjo2/8FPKzvcefuYo +uQ6oMAezxGD4+PapZUMRD5sWo3Xq1iC2pdHHTdkCz58H7X37VoT0zItaVPC+dv5l +6rJyzIC/gge/JnMOtsv0LQ4qvkSrsgPfiQKfXgUmmypTjfzwSrympJ4AdqEaF0xj +HaENNf8CtTMEONuxJn5WPfkCgZkA/xop3sFKC80+Fgv8wmG66I8DIebVYiSDMy3C +pjSfVXZp/fNgjoywuFyvqcpm21CC7RaRmZ9LkyzTLSqoAKVxpFwc0shNgwr6SYrw ++dhOrFWvea0pu7zR9P3gvJvh5gY/KKC0J9qs2D0pGm0TB0UNEARbx8q8ATiSQdDh +qfz73GlTCaesJGArDhmp5Jv2dSLCY1fw/shhzpECgZgpJf6Nai2YeNAlJXXbMZfW +1K8vS/ld9jeR6o4EQMOseOYLvizdY3MrRUAD8DagN0jgHgwbh6FvzG0kUBM7zsf5 +Mvr63KrXLFfsPYUt+LU4OfPvJ8mg4Uu7WLjKmCxIGPDWQrLXoRQQpZiE0aumf2P2 +FVO1sgDd4ixPrlEiXrGcKUITcWwLWd5xdu1XRuf7bsn8RNJYH4o5kQKBmQCBJiLK +dnrhTLBBAyKc2lOBB14jnLSs8iVGFMW11XBRGRkCC2P35zxUqf/46tJ19+XA2Csw +Zhgh05C6Dh1t7lSBTGz/PY8YZ8dc0i27n4n874heBo/ZTvfQm3NaqWSNSt5Q2EM8 +5hWZiCU2DsCSbp/1Wu+IT5gs2hIZpgGJSN3Nsbjra2rYI6PIiK+dYGQ+2zEkkFIe ++x2hMQKBmBjd7rzaRqEv30lJxTeZgH+P7mKY4gf/WqIh1TPFoMkzn6MNNoMyYNR1 +EOyEPNtoOhqOYPJAZxhHoCkFWX23ftEMi8xTsq8iOMk00mhyjJ6OxPZ66ThKg3Xa +WqIb0AmYc4yEVz7rRuZU8cJ+K29lFekDZceiQ0RX2gKq5UR/EnP9D1sI1oMz4Qeu +H7PSUWdfAo/JvD0lwFx7 +-----END RSA PRIVATE KEY----- diff --git a/tests/run/certs/ca.info b/tests/run/certs/ca.info new file mode 100644 index 0000000..c1dbf84 --- /dev/null +++ b/tests/run/certs/ca.info @@ -0,0 +1,3 @@ +cn = Alex Bligh +ca +cert_signing_key diff --git a/tests/run/certs/client-cert.pem b/tests/run/certs/client-cert.pem new file mode 100644 index 0000000..024627c --- /dev/null +++ b/tests/run/certs/client-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCAoigAwIBAgIEVwQVoTANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwpB +bGV4IEJsaWdoMB4XDTE2MDQwNTE5NDQzM1oXDTE3MDQwNTE5NDQzM1owZzELMAkG +A1UEBhMCR0IxIjAgBgNVBAoTGU5hbWUgb2YgeW91ciBvcmdhbml6YXRpb24xDzAN +BgNVBAcTBkxvbmRvbjEPMA0GA1UECBMGTG9uZG9uMRIwEAYDVQQDEwkxMjcuMC4w +LjEwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCYJV0OtsXmc5uqM7cU +wIg4aiFi1BJrVYf3RuGyrjCYujfc5mRrCEusRnurlpy+oGYNhYcNdb4oqUK1cauG +BHTExcHUtoTjyVIm+S4KeeODxC6l5Mi/1BgTWPv68coSKz337FtXNuxmANjV+Sm6 +ufrj5asuRWNlT2WOUQrN9nLcQOBA01KKd8AlP77p/OCGgb2SbirzHupdr6Kq15t2 +C6cUKnimuGNJ9RZ232X+F5ElepVhSwKx5GnF9KMXyH2IevjLd1EuxUQGkL+qe7eM +FGaJwjEGzF1fk7/H3Q8h4jNN0SDwVXhzQYOUXFGHMkS/pO02Q4NPEbuAu8Bq4R4Y +tsOfOekZNIu7ZDXMF7VcavT8s08Gpox5bbL5GuReiQnKit4j4cwLV4FK2FotcLFn +m9fRAgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIw +DwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUsJtJ3mMm9H0IKchUGLYwOhICHzQw +HwYDVR0jBBgwFoAUvn/R8b83i5Wdbm8BAtTwu2URA54wDQYJKoZIhvcNAQELBQAD +ggExAEIpE28dh1mhVrhYJydawfRasLeVbyDZLXww9ZGgMVzIJL19xYMUjQzoEPQe +H/jHgoDhf5uOxL7FPZ1BxQcnovG/7LSU76uvdQHOB5NLPHpvQ5OhMZvdNT37eaV8 +YDhLDO4M1TLmUu+B7JSZ15GVxN+a+CUy+/mHbywZFZTqeYWZI2vroXYlqYxy6q3W +iJ/2UyhiWHbn//0uOJ8XPD40ZMn3u2DSkdGqOi42KEmYb8fpsMDl4f9IuKqcSxdT +z+XW9DCDB7TSGN+A1OU7XdJM+Z6Ge6XYbQbddU7acjytv7OGeVMQYuG0V6isycUH +JTiXKIzKUfWdj2T2ucMngjljS4L3OxzGTH1f6kk7PChyQBkBb5FnmCjx7juXQza0 +V5ywbG7p3y5WGg9ntQ+cxxUQmA0= +-----END CERTIFICATE----- diff --git a/tests/run/certs/client-key.pem b/tests/run/certs/client-key.pem new file mode 100644 index 0000000..401425c --- /dev/null +++ b/tests/run/certs/client-key.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFewIBAAKCATEAmCVdDrbF5nObqjO3FMCIOGohYtQSa1WH90bhsq4wmLo33OZk +awhLrEZ7q5acvqBmDYWHDXW+KKlCtXGrhgR0xMXB1LaE48lSJvkuCnnjg8QupeTI +v9QYE1j7+vHKEis99+xbVzbsZgDY1fkpurn64+WrLkVjZU9ljlEKzfZy3EDgQNNS +infAJT++6fzghoG9km4q8x7qXa+iqtebdgunFCp4prhjSfUWdt9l/heRJXqVYUsC +seRpxfSjF8h9iHr4y3dRLsVEBpC/qnu3jBRmicIxBsxdX5O/x90PIeIzTdEg8FV4 +c0GDlFxRhzJEv6TtNkODTxG7gLvAauEeGLbDnznpGTSLu2Q1zBe1XGr0/LNPBqaM +eW2y+RrkXokJyoreI+HMC1eBSthaLXCxZ5vX0QIDAQABAoIBMAD8QL8vLQOd5aex +qP7Kzarw1xOfLATTlsDvpfoY/W/8+Pnx6L8K7cdmtBucbLzxbWbpGQf3isbVlcxh +30jL0iHxW5zWKIkQUmMI2i9HzmeWQ/4MpxH40VcnRzuxMhWiOoVP2EgxHcax/j/l +tKHD5Dyi8Gi6grjXPGEhKVGhfWzP/yE4BqphUX1aG1MP8yNkhYbhwOIvv9B56Wzx +4G4UXMIdAU6TtVbLSJ5OHSWtAZFaHsyZ/TqFqHezfFbegPGGvhsfpYucZGCId5o3 +0AXkvZFBHc/zvjUPkFXOr86nHySNuYBKdcKY9B+zt3HCur7DZPbVUdFxLMTmvbyO +v1QEzoQur5A3+5MwRo7HvE1zZtSozDsRi8/pptgtn2uUxNFUTaFtd3QBJYZUOuWA +kpSAMJkCgZkAwLXSKx6gCAf0nxefhDAruPWzM2JhtTvN2lL5chYxTd+J8EGTw4cG +WaGtJWJuISACoao6GI7ShNDyphH+eeAE4BBB2mAzTB2WNKIv2xC5EkROy1PLOvt4 +6prgb98g1pWMAl0MY6w8h+hADJK7UmhkPMzYGT1MTyGcPgG86OpLDz249saGKE3j +rfrJ2owmZKWy1gGKdFdwQS0CgZkAyh0WFZhumKPIIn9ZaLy9Tm36BOmvB1fF0xi7 +ceX6g4uuQA8Rr7WywUOlTVhlZAUCga0deYsvxTbnEuw8vuYCgMSTq8tFN1dJNeUs +3MkqevFCt0fchkc2peNGUbZl/NwX+UqLukNh9MNInlZZdqjbqQG2XLANMNnKP7JH +Udefmm/c+4Oij9MbLZWTVTH8p12T80tUhclwr7UCgZh8U5FA4mQqaj+GeC4gkRdU +H6e6KemRjAC1rrxhvzGV5PbP+u7CwZT2NJlJOiSE2Gr6M6GBgHsO1uMFAyzjIgTj +LXne0humKpxiXpRzR2mvAES5ZtkBt4V+DedoJVLBPf/y8mbw0wjGQa84rV2Ov+yT +UTDFr8dQcgWj92kR9z3vmkl/Y/rfe8i80MRza+HFIyWqbZoOju7MDQKBmB2/djar +fuu8f4KEV/aQgRSAH2KFuptMEfPmGgDDpsGh133aOfIwviSv/i6KKjI0go/vmP0A +vYE7eXtRhgda91dYl5ubiY6BrGbgWmAMw9HgnL85Nn4VETgNYZY5UH2NL4IjtLkv +ncVW0ONtNjG+3MXdWKf/yZE9HQWPCexD3lvuxwnF8DFXExL8hvjtKJDBtzsCBWjD +o3BZAoGZAIznPEQMvB7oLMcAj9cBM71E9NqTxlQC2VkH4jsEKN7oOMBH12BZO3FP +9Jv/j3M8pnzvElhevEd601542oFo0ovXZf2l9QZJxUwZ+IUd0t4/pr/dc0u3ka/y +0iIKFePsrpsoThCTPGwsrXmoGHP6MIyH6ql6eDdPvcZ21Bu4hIP5n2C/LkvsNmpT +BJ2oRU18SUMAgYFdHXtK +-----END RSA PRIVATE KEY----- diff --git a/tests/run/certs/client.info b/tests/run/certs/client.info new file mode 100644 index 0000000..460a889 --- /dev/null +++ b/tests/run/certs/client.info @@ -0,0 +1,8 @@ +country = GB +state = London +locality = London +organization = Name of your organization +cn = 127.0.0.1 +tls_www_client +encryption_key +signing_key diff --git a/tests/run/certs/server-cert.pem b/tests/run/certs/server-cert.pem new file mode 100644 index 0000000..d1dd018 --- /dev/null +++ b/tests/run/certs/server-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAlqgAwIBAgIEVwQVmDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwpB +bGV4IEJsaWdoMB4XDTE2MDQwNTE5NDQyNFoXDTE3MDQwNTE5NDQyNFowOTEjMCEG +A1UEChMaTmFtZSAgb2YgeW91ciBvcmdhbml6YXRpb24xEjAQBgNVBAMTCTEyNy4w +LjAuMTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExAKEpT/f21OpD/wpJ +JwrK1H4nyptstlyAoM07zGWJ9+aIcuarCoDIH1oElPHHpXMZLuCVrDpDmCV0oSjM +DCOAumLTwXrdz/UoNeYMsVWW1tgbeKeSBr+y4XQ4w9wEwcFaPslRwOqZLfvgoJPu +kIjElDoGKBt+CsDuwfYjtjs1kjh/9mN7gxVVjU4o69wAtB5gyXr0ugd0vVQ7F0m+ +J+nRPmgfmuwAVmAth2mSLV+hcvl1C66RE/PX7OaEH47Yjpai24+dTursh8RfCtrr +/y04z2/4uwg6aF/gByWpUjXxKIv732xKA8Ith53lxfMWwQCcoIZzJEkIhE5Ku1GO +i09e4Tsf1Lc/Ovc/wtHXKs0nKtuZ7GmxwVpy9r87KUnrL3tdWZK0HWv42F9MGmNw +4i+JQz8CAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD +ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRvUFyuBqe0M7QgS7I+UP4sKVkm +RzAfBgNVHSMEGDAWgBS+f9HxvzeLlZ1ubwEC1PC7ZREDnjANBgkqhkiG9w0BAQsF +AAOCATEATsdpapQthnvmrkrsTFcE5yRjLOxFCAkZarxouxVjanEr2oNg3PgB8VFI +wrtqgKuOIqXtEKLjgrzOD2illDOjO+7GDm6TwvrYP0gAulSFntJ/3HIpiD4P0YrB +kQMFpNA18diSqBSF8oh0Utp/errrqje5wSIvZ4160ERiOeb1bZRIP4GjE9SqGM4D +zhSPoxASHMIglFCdkrKRvJBcwbhz90+LJduy5zqxDJzNlQH/nhy4C1vCNYigAFg2 +FiuCozJXfh1xPLP06PNkoQrs8fjLzQ13EvbXo2O/CmGpPwNVM7cguYsUYdXkSUDD +oZ97wlMoi8DtNU9Lqq9RVuHGe79mBARitSKmngm6zaPlJFT0YPpCsc24PkO+l69o +BKSnicqUVnUdM9GOE9e/CgHKxbWCUw== +-----END CERTIFICATE----- diff --git a/tests/run/certs/server-key.pem b/tests/run/certs/server-key.pem new file mode 100644 index 0000000..957227c --- /dev/null +++ b/tests/run/certs/server-key.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFegIBAAKCATEAoSlP9/bU6kP/CkknCsrUfifKm2y2XICgzTvMZYn35ohy5qsK +gMgfWgSU8celcxku4JWsOkOYJXShKMwMI4C6YtPBet3P9Sg15gyxVZbW2Bt4p5IG +v7LhdDjD3ATBwVo+yVHA6pkt++Cgk+6QiMSUOgYoG34KwO7B9iO2OzWSOH/2Y3uD +FVWNTijr3AC0HmDJevS6B3S9VDsXSb4n6dE+aB+a7ABWYC2HaZItX6Fy+XULrpET +89fs5oQfjtiOlqLbj51O6uyHxF8K2uv/LTjPb/i7CDpoX+AHJalSNfEoi/vfbEoD +wi2HneXF8xbBAJyghnMkSQiETkq7UY6LT17hOx/Utz869z/C0dcqzScq25nsabHB +WnL2vzspSesve11ZkrQda/jYX0waY3DiL4lDPwIDAQABAoIBMDXK51FaBzlmltNl +FW4Jw6GUQJFeWQRJPuMiKZhe0+sT8l5CCxBvO9+9FcYaIIRpjHcUHleYRkmCQ2St +rwOOrSfdjIApV4d583ulEvABmBasHLq6CBymZZB4fg+LWuzh5YEnE6B6npmrIY4f +HAk6rEst0OdUS9yYFQ/GXcYnnHXVaHVOPbO6SZ8kE43sgjJ9leK/mvRwJ93cD6Hb +hheLFU9ZTVQpdCmgP5qa7HHI2u6U45kp7BGSVL+dTkfAvM6G9Fhv956NPufleRWd +HveKY3QVK5JZmjKewHZzHAh83TuhunuUiFdgt5W+Jrman7ffj3oP4KqaW8qD1t2k +VpDYIgJMl10nEliR58Z/2iyXdysDdSnVl8VwBYRJls94Y4GgS2FoebPdWDxK+Qcf +ONGosEkCgZkAwK5mdixraTEpqeSBsbRboEOkA8iNdZs6hjbdsobvi1CFFAD8B+7Z +jdgmi7Uby0nw0Ynf9qOfZyQJTERLQia6XGNIqrCK67r+0wKQOm2nyEDzWnjQvQlX +WvAE04dIIdvVu6ZcAwkm0OD6jExD0vuZ/gN2g2FWHsSOJDRHvJnA5SToAT7TI3bY +1psFdyLnw191ALt1irwuK10CgZkA1h9BXadt8dW26eiUC0HqfOlNqD3sFhdStYTW +QJrWNvD8P9eB3n50Y56scWC1OqsiJ9HeoZRolUnhRrlLU4i6JuOeYZzpXxCYDS6I +UcNcCfmgvXiAlaMir4+4lcBSzlxRzcMam/fTONnFHNzkf3OQUzmmeiA7Z9W2nkkc +5r8JRGy6sMFjEwELURTq6wAoSaGhOmxOVsXy20sCgZhDw9JjU2H/X/wANU5rujvT +VJa1ge5GY26kz10PMafDvnDfRS1eeOFoopGD5xE8YOfiOfRboNYqByGCAi7ZuBco +8P4Ykfh5yY1flvI0qmYs5rLvqbf4E/X2FJ4N6vEyf0dfNLX9l1Vgdw+HEjd0V2qk +TIF82VnZflVjZEOqkASoUl+KOJc3TNAcQe8dJFiQfN0Age1n+qDePQKBmDY2aaVd +q8+MDajBcyI6iTUhGMFdFDYvp4g/3sMysMPuVd+QH9iGac+DMCPwmVIGXDp6v4Rn +f+c0cm4mofS/bGpGPSZ3xPqFyAmmW2tgLCB2bIUsSloYmMKcf96ieBS5eRjAqi8N +GxSMxoRdRRkj2EnKEeVf3cqXaIpA9qlRevYxFT+FZyE7pXLc+fGP86NY4epZ26fK +rIdrAoGYEzz8j0mWtvZz5M5kp7g0JnM6O7kb0xUXIoasERACCl5aA+011eGlrN9Y +BjNMLTtosQSveHDEy85VaiVNpEaGYSBBPke8f344y2TVSUFI07bshXOzHW6r7fNu +13VB/a8ca37iSst9GaM8j13PFo9RcMNB9qYgTGvfSjPwHZtkz8WlpuzFdeSc1Wcf +/z8Df34g2rMCqS2nmK0= +-----END RSA PRIVATE KEY----- diff --git a/tests/run/certs/server.info b/tests/run/certs/server.info new file mode 100644 index 0000000..1e02d79 --- /dev/null +++ b/tests/run/certs/server.info @@ -0,0 +1,5 @@ +organization = Name of your organization +cn = 127.0.0.1 +tls_www_server +encryption_key +signing_key diff --git a/tests/run/nbd-tester-client.c b/tests/run/nbd-tester-client.c index ed4d03b..c80204d 100644 --- a/tests/run/nbd-tester-client.c +++ b/tests/run/nbd-tester-client.c @@ -42,6 +42,10 @@ #define MY_NAME "nbd-tester-client" #include "cliserv.h" +#ifdef WITH_GNUTLS +#include "crypto-gnutls.h" +#endif + static gchar errstr[1024]; const static int errstr_len = 1023; @@ -50,6 +54,10 @@ static uint64_t size; static int looseordering = 0; static gchar *transactionlog = "nbd-tester-client.tr"; +static gchar *certfile = NULL; +static gchar *keyfile = NULL; +static gchar *cacertfile = NULL; +static gchar *tlshostname = NULL; typedef enum { CONNECTION_TYPE_NONE, @@ -341,6 +349,24 @@ static inline int write_all(int f, void *buf, size_t len) return retval; } +/** + * Set a socket to blocking or non-blocking + * + * @param fd The socket's FD + * @param nb non-zero to set to non-blocking, else 0 to set to blocking + * @return 0 - OK, -1 failed + */ +int set_nonblocking(int fd, int nb) { + int sf = fcntl (fd, F_GETFL, 0); + if (sf == -1) + return -1; + return fcntl (fd, F_SETFL, nb ? (sf | O_NONBLOCK) : (sf & ~O_NONBLOCK)); +} + +static int tlserrout (void *opaque, const char *format, va_list ap) { + return vfprintf(stderr, format, ap); +} + #define READ_ALL_ERRCHK(f, buf, len, whereto, errmsg...) if((read_all(f, buf, len))<=0) { snprintf(errstr, errstr_len, ##errmsg); goto whereto; } #define READ_ALL_ERR_RT(f, buf, len, whereto, rval, errmsg...) if((read_all(f, buf, len))<=0) { snprintf(errstr, errstr_len, ##errmsg); retval = rval; goto whereto; } @@ -395,9 +421,118 @@ int setup_connection_common(int sock, char *name, CONNECTION_TYPE ctype, /* negotiation flags */ if (handshakeflags & NBD_FLAG_FIXED_NEWSTYLE) negotiationflags |= NBD_FLAG_C_FIXED_NEWSTYLE; + else if (keyfile) { + snprintf(errstr, errstr_len, "Cannot negotiate TLS without NBD_FLAG_FIXED_NEWSTYLE"); + goto err; + } negotiationflags = htonl(negotiationflags); WRITE_ALL_ERRCHK(sock, &negotiationflags, sizeof(negotiationflags), err, "Could not write reserved field: %s", strerror(errno)); +#ifdef WITH_GNUTLS + /* TLS */ + if (keyfile) { + int plainfd[2]; // [0] is used by the proxy, [1] is used by NBD + tlssession_t *s = NULL; + int ret; + + /* magic */ + tmp64 = htonll(opts_magic); + WRITE_ALL_ERRCHK(sock, &tmp64, sizeof(tmp64), err, + "Could not write magic: %s", strerror(errno)); + /* starttls */ + tmp32 = htonl(NBD_OPT_STARTTLS); + WRITE_ALL_ERRCHK(sock, &tmp32, sizeof(tmp32), err, + "Could not write option: %s", strerror(errno)); + /* length of data */ + tmp32 = htonl(0); + WRITE_ALL_ERRCHK(sock, &tmp32, sizeof(tmp32), err, + "Could not write option length: %s", strerror(errno)); + + READ_ALL_ERRCHK(sock, &tmp64, sizeof(tmp64), err, + "Could not read cliserv_magic: %s", strerror(errno)); + tmp64 = ntohll(tmp64); + if (tmp64 != NBD_OPT_REPLY_MAGIC) { + strncpy(errstr, "reply magic does not match", errstr_len); + goto err; + } + READ_ALL_ERRCHK(sock, &tmp32, sizeof(tmp32), err, + "Could not read option type: %s", strerror(errno)); + tmp32 = ntohl(tmp32); + if (tmp32 != NBD_OPT_STARTTLS) { + strncpy(errstr, "Reply to wrong option", errstr_len); + goto err; + } + READ_ALL_ERRCHK(sock, &tmp32, sizeof(tmp32), err, + "Could not read option reply type: %s", strerror(errno)); + tmp32 = ntohl(tmp32); + if (tmp32 != NBD_REP_ACK) { + strncpy(errstr, "Option reply type != NBD_REP_ACK", errstr_len); + goto err; + } + READ_ALL_ERRCHK(sock, &tmp32, sizeof(tmp32), err, + "Could not read option data length: %s", strerror(errno)); + tmp32 = ntohl(tmp32); + if (tmp32 != 0) { + strncpy(errstr, "Option reply data length != 0", errstr_len); + goto err; + } + + s = tlssession_new(FALSE, + keyfile, + certfile, + cacertfile, + tlshostname, + !cacertfile || !tlshostname, // insecure flag +#ifdef DODBG + 1, // debug +#else + 0, // debug +#endif + NULL, // quitfn + tlserrout, // erroutfn + NULL // opaque + ); + if (!s) { + strncpy(errstr, "Cannot establish TLS session", errstr_len); + goto err; + } + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, plainfd) < 0) { + strncpy(errstr, "Cannot get socket pair", errstr_len); + goto err; + } + + if (set_nonblocking(plainfd[0], 0) <0 || + set_nonblocking(plainfd[1], 0) <0 || + set_nonblocking(sock, 0) <0) { + close(plainfd[0]); + close(plainfd[1]); + strncpy(errstr, "Cannot set socket options", errstr_len); + goto err; + } + + ret = fork(); + if (ret < 0) + err("Could not fork"); + else if (ret == 0) { + // we are the child + signal (SIGPIPE, SIG_IGN); + close(plainfd[1]); + tlssession_mainloop(sock, plainfd[0], s); + close(sock); + close(plainfd[0]); + exit(0); + } + close(plainfd[0]); + close(sock); + sock = plainfd[1]; /* use the decrypted FD from now on */ + } +#else + if (keyfile) { + strncpy(errstr, "TLS requested but support not compiled in", errstr_len); + goto err; + } +#endif /* magic */ tmp64 = htonll(opts_magic); WRITE_ALL_ERRCHK(sock, &tmp64, sizeof(tmp64), err, @@ -1495,6 +1630,10 @@ int main(int argc, char **argv) int testflags = 0; testfunc test = throughput_test; +#ifdef WITH_GNUTLS + tlssession_init(); +#endif + /* Ignore SIGPIPE as we want to pick up the error from write() */ signal(SIGPIPE, SIG_IGN); @@ -1511,7 +1650,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } logging(MY_NAME); - while ((c = getopt(argc, argv, "-FN:t:owfilu:")) >= 0) { + while ((c = getopt(argc, argv, "-FN:t:owfilu:C:K:A:H:")) >= 0) { switch (c) { case 1: handle_nonopt(optarg, &hostname, &p); @@ -1546,6 +1685,28 @@ int main(int argc, char **argv) case 'u': unixsock = g_strdup(optarg); break; +#ifdef WITH_GNUTLS + case 'C': + certfile=g_strdup(optarg); + break; + case 'K': + keyfile=g_strdup(optarg); + break; + case 'A': + cacertfile=g_strdup(optarg); + break; + case 'H': + tlshostname=g_strdup(optarg); + break; +#else + case 'C': + case 'K': + case 'H': + case 'A': + g_warning("TLS support not compiled in"); + /* Do not change this - looked for by test suite */ + exit(77); +#endif } } @@ -1553,6 +1714,12 @@ int main(int argc, char **argv) handle_nonopt(argv[optind++], &hostname, &p); } + if (keyfile && !certfile) + certfile = g_strdup(keyfile); + + if (!tlshostname && hostname) + tlshostname = g_strdup(hostname); + if (test(hostname, unixsock, (int)p, name, sock, FALSE, TRUE, testflags) < 0) { g_warning("Could not run test: %s", errstr); diff --git a/tests/run/simple_test b/tests/run/simple_test index 0c05ea1..80b99dc 100755 --- a/tests/run/simple_test +++ b/tests/run/simple_test @@ -284,6 +284,51 @@ EOF ./nbd-tester-client -N export1 -u ${tmpdir}/unix.sock retval=$? ;; + */tls) + # TLS test + certdir=`pwd`/certs + cat >${conffile} <<EOF +[generic] + certfile = $certdir/server-cert.pem + keyfile = $certdir/server-key.pem + cacertfile = $certdir/ca-cert.pem +[export1] + exportname = $tmpnam + flush = true + fua = true + rotational = true + filesize = 52428800 + temporary = true +EOF + ../../nbd-server -C ${conffile} -p ${pidfile} & + PID=$! + sleep 1 + ./nbd-tester-client -N export1 -i -t "${mydir}/integrity-test.tr" -C "${certdir}/client-cert.pem" -K "${certdir}/client-key.pem" -A "${certdir}/ca-cert.pem" -H 127.0.0.1 localhost + retval=$? + ;; + */tlshuge) + # TLS test with big operations + # takes a while + certdir=`pwd`/certs + cat >${conffile} <<EOF +[generic] + certfile = $certdir/server-cert.pem + keyfile = $certdir/server-key.pem + cacertfile = $certdir/ca-cert.pem +[export1] + exportname = $tmpnam + flush = true + fua = true + rotational = true + filesize = 52428800 + temporary = true +EOF + ../../nbd-server -C ${conffile} -p ${pidfile} & + PID=$! + sleep 1 + ./nbd-tester-client -N export1 -i -t "${mydir}/integrityhuge-test.tr" -C "${certdir}/client-cert.pem" -K "${certdir}/client-key.pem" -A "${certdir}/ca-cert.pem" -H 127.0.0.1 localhost + retval=$? + ;; *) echo "E: unknown test $1" exit 1 -- 1.9.1 ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532 _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
