]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/regressions/SecureTransportTests/STLegacyTests+session.m
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / regressions / SecureTransportTests / STLegacyTests+session.m
1 #import <Foundation/Foundation.h>
2 #include <AssertMacros.h>
3 #include <Security/SecureTransportPriv.h> /* SSLSetOption */
4 #include <Security/SecureTransport.h>
5 #include <utilities/SecCFRelease.h>
6 #include <Security/SecCertificatePriv.h>
7
8 #import "STLegacyTests.h"
9 static unsigned char cert_der[] = {
10 0x30, 0x82, 0x02, 0x79, 0x30, 0x82, 0x02, 0x23, 0xa0, 0x03, 0x02, 0x01,
11 0x02, 0x02, 0x09, 0x00, 0xc2, 0xa8, 0x3b, 0xaa, 0x40, 0xa4, 0x29, 0x2b,
12 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
13 0x05, 0x05, 0x00, 0x30, 0x5e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
14 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
15 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49,
16 0x6e, 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b,
17 0x13, 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74,
18 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75,
19 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06,
20 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68,
21 0x6f, 0x73, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x39, 0x31,
22 0x35, 0x32, 0x31, 0x35, 0x30, 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x39,
23 0x30, 0x39, 0x31, 0x35, 0x32, 0x31, 0x35, 0x30, 0x35, 0x36, 0x5a, 0x30,
24 0x5e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
25 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
26 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
27 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x70,
28 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
29 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
30 0x69, 0x74, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03,
31 0x13, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30,
32 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
33 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00,
34 0xc0, 0x80, 0x43, 0xf1, 0x4d, 0xdc, 0x9a, 0x24, 0xe7, 0x25, 0x7c, 0x8b,
35 0x8b, 0x65, 0x87, 0x97, 0xed, 0x3f, 0xfa, 0xfe, 0xbe, 0xcb, 0x12, 0x43,
36 0x1f, 0x0c, 0xb5, 0xbf, 0x6b, 0x81, 0xee, 0x1b, 0x46, 0x6a, 0x02, 0x86,
37 0x92, 0xec, 0x8a, 0xb3, 0x65, 0x77, 0x15, 0xd0, 0x49, 0xb4, 0x22, 0x84,
38 0xf4, 0x85, 0x56, 0x53, 0xf5, 0x5a, 0x3b, 0xad, 0x23, 0xa8, 0x0c, 0x24,
39 0xb7, 0xf5, 0xf4, 0xa1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xc3,
40 0x30, 0x81, 0xc0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
41 0x04, 0x14, 0xe3, 0x58, 0xab, 0x35, 0xc0, 0x58, 0xb8, 0x65, 0x40, 0xca,
42 0x9b, 0x6c, 0xeb, 0x2f, 0xf5, 0xbf, 0xbd, 0x0b, 0xf3, 0xa6, 0x30, 0x81,
43 0x90, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x88, 0x30, 0x81, 0x85,
44 0x80, 0x14, 0xe3, 0x58, 0xab, 0x35, 0xc0, 0x58, 0xb8, 0x65, 0x40, 0xca,
45 0x9b, 0x6c, 0xeb, 0x2f, 0xf5, 0xbf, 0xbd, 0x0b, 0xf3, 0xa6, 0xa1, 0x62,
46 0xa4, 0x60, 0x30, 0x5e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
47 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
48 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e,
49 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
50 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
51 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74,
52 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
53 0x55, 0x04, 0x03, 0x13, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
54 0x73, 0x74, 0x82, 0x09, 0x00, 0xc2, 0xa8, 0x3b, 0xaa, 0x40, 0xa4, 0x29,
55 0x2b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
56 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
57 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x41, 0x40, 0x07,
58 0xde, 0x1f, 0xd0, 0x00, 0x62, 0x75, 0x36, 0xb3, 0x94, 0xa8, 0xac, 0x3b,
59 0x98, 0xbb, 0x28, 0x56, 0xf6, 0x9f, 0xe3, 0x87, 0xd4, 0xa1, 0x7a, 0x85,
60 0xce, 0x40, 0x8a, 0xfd, 0x12, 0xb4, 0x99, 0x8c, 0x1d, 0x05, 0x61, 0xdb,
61 0x35, 0xb8, 0x04, 0x7c, 0xfb, 0xe4, 0x97, 0x88, 0x66, 0xa0, 0x54, 0x7b,
62 0x1c, 0xce, 0x99, 0xd8, 0xd3, 0x99, 0x80, 0x40, 0x9b, 0xa2, 0x73, 0x8b,
63 0xfd
64 };
65 static unsigned int cert_der_len = 637;
66
67 typedef struct {
68 uint32_t session_id;
69 bool is_session_resume;
70 SSLContextRef st;
71 bool is_server;
72 bool is_dtls;
73 SSLAuthenticate client_side_auth;
74 bool dh_anonymous;
75 int comm;
76 CFArrayRef certs;
77 CFArrayRef peer_certs;
78 SSLProtocol proto;
79 uint64_t time; // output
80 } ssl_test_handle;
81
82 #pragma clang diagnostic push
83 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
84
85 @implementation STLegacyTests (session)
86
87 -(void)test_set_protocol_version
88 {
89 SSLContextRef ctx = NULL;
90 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
91 SSLProtocol version;
92 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionMin(ctx, &version));
93 XCTAssertNotEqual(version, kSSLProtocolUnknown);
94 XCTAssertEqual(errSecSuccess, SSLSetProtocolVersionMin(ctx, kTLSProtocol12));
95 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionMin(ctx, &version));
96 XCTAssertEqual(version, kTLSProtocol12);
97
98 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionMax(ctx, &version));
99 XCTAssertEqual(version, kTLSProtocol12);
100 CFReleaseNull(ctx);
101 }
102
103 -(void)test_set_peer_name
104 {
105 SSLContextRef ctx = NULL;
106 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
107 const char *peerName = "localhost";
108 size_t peerNameLen = strlen(peerName);
109 XCTAssertEqual(errSecSuccess, SSLSetPeerDomainName(ctx, peerName, peerNameLen));
110 size_t getPeerNameLen;
111
112 XCTAssertEqual(errSecSuccess, SSLGetPeerDomainNameLength(ctx, &getPeerNameLen));
113 XCTAssertEqual(getPeerNameLen, peerNameLen);
114 char *getPeerName = malloc(getPeerNameLen);
115 XCTAssertEqual(errSecSuccess, SSLGetPeerDomainName(ctx, getPeerName, &getPeerNameLen));
116 free(getPeerName);
117 CFReleaseNull(ctx);
118 }
119
120 -(void)test_set_session_ticket
121 {
122 SSLContextRef ctx = NULL;
123 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
124 XCTAssertEqual(errSecSuccess, SSLSetSessionTicketsEnabled(ctx, true));
125 CFReleaseNull(ctx);
126 }
127
128 -(void)test_set_cert_verify
129 {
130 SSLContextRef ctx;
131 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
132 XCTAssertEqual(errSecSuccess, SSLSetEnableCertVerify(ctx, false));
133 Boolean enableVerify;
134 XCTAssertEqual(errSecSuccess, SSLGetEnableCertVerify(ctx, &enableVerify));
135 XCTAssertEqual(false, enableVerify);
136 CFReleaseNull(ctx);
137 }
138
139 -(void)test_set_any_root
140 {
141 SSLContextRef ctx;
142 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
143 XCTAssertEqual(errSecSuccess, SSLSetAllowsAnyRoot(ctx, false));
144 Boolean anyRoot;
145 XCTAssertEqual(errSecSuccess, SSLGetAllowsAnyRoot(ctx, &anyRoot));
146 XCTAssertEqual(false, anyRoot);
147 CFReleaseNull(ctx);
148 }
149
150 -(void)test_set_ca
151 {
152 SSLContextRef serverCtx, clientCtx;
153 CFMutableArrayRef certList = NULL;
154 XCTAssert(serverCtx = SSLCreateContext(NULL, kSSLServerSide, kSSLStreamType), "SSLNewContext");
155 XCTAssert(clientCtx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
156 SecCertificateRef cert = SecCertificateCreateWithBytes(kCFAllocatorDefault,
157 cert_der, cert_der_len);
158
159 XCTAssertEqual(errSecParam, SSLSetCertificateAuthorities(clientCtx, cert, true));
160 XCTAssertEqual(errSecSuccess, SSLSetCertificateAuthorities(serverCtx, cert, true));
161
162 certList = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
163 CFArrayAppendValue(certList, cert);
164 XCTAssertEqual(errSecSuccess, SSLSetCertificateAuthorities(serverCtx, certList, true));
165
166 CFArrayRef inputCertList = NULL;
167 XCTAssertEqual(errSecSuccess, SSLCopyCertificateAuthorities(serverCtx, &inputCertList));
168 CFReleaseNull(inputCertList);
169 CFReleaseNull(certList);
170 CFReleaseNull(cert);
171 CFReleaseNull(serverCtx);
172 CFReleaseNull(clientCtx);
173
174 }
175
176 -(void)test_set_psk_identity
177 {
178 SSLContextRef ctx;
179 const uint8_t *pskIdentity;
180 size_t pskIdentityLen;
181 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
182 XCTAssertEqual(errSecSuccess, SSLSetPSKIdentity(ctx, "Client_identity", 15), "Set PSK Identity");
183 XCTAssertEqual(errSecSuccess, SSLSetPSKIdentity(ctx, "Client_identity2", 16), "Set PSK Identity");
184 XCTAssertEqual(errSecSuccess, SSLGetPSKIdentity(ctx, (void*)&pskIdentity, &pskIdentityLen), "Get PSK Identity");
185 CFReleaseNull(ctx);
186 }
187
188 -(void)test_get_set_ec_curves
189 {
190 SSLContextRef ctx;
191 unsigned int numCurves;
192 SSL_ECDSA_NamedCurve ecCurve = SSL_Curve_secp256r1;
193 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
194 XCTAssertEqual(errSecSuccess, SSLSetECDSACurves(ctx, &ecCurve, 1), "Set EC Curve");
195 XCTAssertEqual(errSecSuccess, SSLGetNumberOfECDSACurves(ctx, &numCurves), "Get number of EC curves");
196 XCTAssertEqual(numCurves, 1);
197 SSL_ECDSA_NamedCurve *namedCurves = malloc(numCurves * sizeof(SSL_ECDSA_NamedCurve));
198 SSLGetECDSACurves(ctx, namedCurves, &numCurves);
199 XCTAssertEqual(*namedCurves, ecCurve);
200 CFReleaseNull(ctx);
201 }
202
203 -(void)test_set_protocol_version_deprecated
204 {
205 SSLContextRef ctx;
206 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
207 XCTAssertEqual(errSecSuccess, SSLSetProtocolVersionEnabled(ctx, kSSLProtocolAll, true));
208 Boolean enabled;
209 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionEnabled(ctx, kTLSProtocol12, &enabled));
210 XCTAssertEqual(enabled, true);
211 XCTAssertEqual(errSecSuccess, SSLSetProtocolVersion(ctx, kTLSProtocol12));
212 SSLProtocol protocol;
213 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersion(ctx, &protocol));
214 XCTAssertEqual(protocol, kSSLProtocolAll);
215 XCTAssertEqual(errSecSuccess, SSLSetProtocolVersionEnabled(ctx, kTLSProtocol12, true));
216 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionEnabled(ctx, kTLSProtocol12, &enabled));
217 XCTAssertEqual(enabled, true);
218 XCTAssertEqual(errSecSuccess, SSLSetProtocolVersionEnabled(ctx, kTLSProtocol1, false));
219 XCTAssertEqual(errSecSuccess, SSLGetProtocolVersionEnabled(ctx, kTLSProtocol1, &enabled));
220 XCTAssertEqual(enabled, false);
221 CFReleaseNull(ctx);
222 }
223
224 -(void)test_ssl_error_session
225 {
226 SSLContextRef ctx;
227 XCTAssert(ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType), "SSLNewContext");
228 XCTAssertEqual(errSecSuccess, SSLSetError(ctx, errSecCertificateRevoked));
229 XCTAssertEqual(errSecSuccess, SSLHandshake(ctx));
230 CFReleaseNull(ctx);
231 }
232
233 @end
234
235 #pragma clang diagnostic pop