]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sslSession/sslSession.cpp
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / sslSession / sslSession.cpp
1 /*
2 * sslSession.cpp - basic 2-thread SSL server/client session
3 */
4 #include <Security/SecureTransport.h>
5 #include <Security/Security.h>
6 #include <clAppUtils/sslAppUtils.h>
7 #include <clAppUtils/ioSock.h>
8 #include <clAppUtils/sslThreading.h>
9 #include <security_cdsa_utils/cuFileIo.h>
10 #include <utilLib/common.h>
11 #include <security_cdsa_utils/cuPrintCert.h>
12 #include <security_utilities/threading.h>
13 #include <security_utilities/devrandom.h>
14
15 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <unistd.h>
19 #include <string.h>
20 #include <time.h>
21 #include <ctype.h>
22 #include <sys/param.h>
23
24 #define PORT_DEF 4000
25 #define HOST_DEF "localhost"
26 #define DH_PARAMS "dhParams_512.der"
27
28 static void usage(char **argv)
29 {
30 printf("Usage: %s server_kc [options]\n", argv[0]);
31 printf("options:\n");
32 printf(" P=port (default = %d)\n", PORT_DEF);
33 printf(" c=client_kc (default is none)\n");
34 printf(" d (DSA, default is RSA)\n");
35 printf(" f (D-H, default is RSA)\n");
36 printf(" a anchor File for client side (typically, the server's cert)\n");
37 printf(" A anchor file for server side (typically, the client's cert)\n");
38 printf(" h hostname (default is %s)\n", HOST_DEF);
39 printf(" k (skip hostname check)\n");
40 printf(" b (non blocking I/O)\n");
41 printf(" u Require client authentication\n");
42 printf(" x Expect policy verify error on client side\n");
43 printf(" X Expect policy verify error on server side\n");
44 printf(" z=kc_pwd\n");
45 printf(" R (ringBuffer I/O)\n");
46 printf(" l=loops (default 1)\n");
47 printf(" q(uiet)\n");
48 printf(" v(erbose)\n");
49 exit(1);
50 }
51
52 #define IGNORE_SIGPIPE 1
53 #if IGNORE_SIGPIPE
54 #include <signal.h>
55
56 void sigpipe(int sig)
57 {
58 }
59 #endif /* IGNORE_SIGPIPE */
60
61 static SSLCipherSuite ciphers[] = {
62 SSL_RSA_WITH_RC4_128_SHA, SSL_NO_SUCH_CIPHERSUITE
63 };
64
65 /*
66 * Default params for each test. Main() adjust this per cmd line
67 * args.
68 */
69 SslAppTestParams serverDefaults =
70 {
71 "no name here",
72 false, // skipHostNameCHeck
73 PORT_DEF,
74 NULL, NULL, // RingBuffers
75 false, // noProtSpec
76 kTLSProtocol1,
77 NULL, // acceptedProts - not used in this test
78 NULL, // myCerts - const
79 NULL, // password
80 true, // idIsTrustedRoot
81 false, // disableCertVerify
82 NULL, // anchorFile
83 false, // replaceAnchors
84 kNeverAuthenticate,
85 false, // resumeEnable
86 ciphers, // ciphers
87 false, // nonBlocking
88 NULL, // dhParams
89 0, // dhParamsLen
90 noErr, // expectRtn
91 kTLSProtocol1, // expectVersion
92 kSSLClientCertNone,
93 SSL_CIPHER_IGNORE,
94 false, // quiet
95 false, // silent
96 false, // verbose
97 {0}, // lock
98 {0}, // cond
99 false, // serverReady
100 0, // clientDone
101 false, // serverAbort
102 /* returned */
103 kSSLProtocolUnknown,
104 SSL_NULL_WITH_NULL_NULL,
105 kSSLClientCertNone,
106 noHardwareErr
107
108 };
109
110 SslAppTestParams clientDefaults =
111 {
112 HOST_DEF,
113 false, // skipHostNameCHeck
114 PORT_DEF,
115 NULL, NULL, // RingBuffers
116 false, // noProtSpec
117 kTLSProtocol1,
118 NULL, // acceptedProts - not used in this test
119 NULL, // myCerts - const
120 NULL, // password
121 true, // idIsTrustedRoot
122 false, // disableCertVerify
123 NULL, // anchorFile
124 false, // replaceAnchors
125 kNeverAuthenticate,
126 false, // resumeEnable
127 NULL, // ciphers
128 false, // nonBlocking
129 NULL, // dhParams
130 0, // dhParamsLen
131 noErr, // expectRtn
132 kTLSProtocol1, // expectVersion
133 kSSLClientCertNone,
134 SSL_CIPHER_IGNORE,
135 false, // quiet
136 false, // silent
137 false, // verbose
138 {0}, // lock
139 {0}, // cond
140 false, // serverReady
141 0, // clientDone
142 false, // serverAbort
143 /* returned */
144 kSSLProtocolUnknown,
145 SSL_NULL_WITH_NULL_NULL,
146 kSSLClientCertNone,
147 noHardwareErr
148
149 };
150
151 int main(int argc, char **argv)
152 {
153 int ourRtn = 0;
154 char *argp;
155 bool dhEnable = false;
156 unsigned loop;
157 unsigned loops = 1;
158 bool ringBufferIo = false;
159 RingBuffer serverToClientRing;
160 RingBuffer clientToServerRing;
161
162 if(argc < 2) {
163 usage(argv);
164 }
165 serverDefaults.myCertKcName = argv[1];
166 for(int arg=2; arg<argc; arg++) {
167 argp = argv[arg];
168 switch(argp[0]) {
169 case 'c':
170 clientDefaults.myCertKcName = &argp[2];
171 case 'q':
172 serverDefaults.quiet = clientDefaults.quiet = true;
173 break;
174 case 'v':
175 serverDefaults.verbose = clientDefaults.verbose = true;
176 break;
177 case 'p':
178 serverDefaults.port = clientDefaults.port = atoi(&argp[2]);
179 break;
180 case 'b':
181 serverDefaults.nonBlocking = clientDefaults.nonBlocking =
182 true;
183 break;
184 case 'd':
185 ciphers[0] = SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA;
186 dhEnable = true;
187 break;
188 case 'f':
189 ciphers[0] = SSL_DH_anon_WITH_RC4_128_MD5;
190 dhEnable = true;
191 break;
192 case 'h':
193 if(++arg == argc) {
194 usage(argv);
195 }
196 clientDefaults.hostName=argv[arg];
197 break;
198 case 'k':
199 clientDefaults.skipHostNameCheck = true;
200 break;
201 case 'a':
202 if(++arg == argc) {
203 usage(argv);
204 }
205 clientDefaults.anchorFile = serverDefaults.anchorFile = argv[arg];
206 break;
207 case 'A':
208 if(++arg == argc) {
209 usage(argv);
210 }
211 serverDefaults.anchorFile = argv[arg];
212 break;
213 case 'z':
214 serverDefaults.password = &argp[2];
215 break;
216 case 'P':
217 serverDefaults.port = clientDefaults.port = atoi(&argp[2]);
218 break;
219 case 'u':
220 serverDefaults.authenticate = kAlwaysAuthenticate;
221 if(serverDefaults.expectCertState == kSSLClientCertNone) {
222 serverDefaults.expectCertState = kSSLClientCertSent;
223 }
224 /* else it was set by 'X' option */
225 if(clientDefaults.expectCertState == kSSLClientCertNone) {
226 clientDefaults.expectCertState = kSSLClientCertSent;
227 }
228 /* else...ditto */
229 break;
230 case 'x':
231 /* server side has bad cert */
232 clientDefaults.expectRtn = errSSLXCertChainInvalid;
233 serverDefaults.expectRtn = errSSLPeerCertUnknown;
234 break;
235 case 'X':
236 /* client side has bad cert */
237 serverDefaults.expectRtn = errSSLXCertChainInvalid;
238 clientDefaults.expectRtn = errSSLPeerCertUnknown;
239 serverDefaults.expectCertState = kSSLClientCertRejected;
240 clientDefaults.expectCertState = kSSLClientCertRejected;
241 break;
242 case 'R':
243 ringBufferIo = true;
244 break;
245 case 'l':
246 loops = atoi(&argp[2]);
247 break;
248 default:
249 usage(argv);
250 }
251 }
252
253 #if IGNORE_SIGPIPE
254 signal(SIGPIPE, sigpipe);
255 #endif
256
257 if(ringBufferIo) {
258 /* set up ring buffers */
259 ringBufSetup(&serverToClientRing, "serveToClient", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
260 ringBufSetup(&clientToServerRing, "clientToServe", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
261 serverDefaults.serverToClientRing = &serverToClientRing;
262 serverDefaults.clientToServerRing = &clientToServerRing;
263 clientDefaults.serverToClientRing = &serverToClientRing;
264 clientDefaults.clientToServerRing = &clientToServerRing;
265 }
266 if(dhEnable) {
267 /* snag D-H params */
268 if(readFile(DH_PARAMS, (unsigned char **)&serverDefaults.dhParams,
269 &serverDefaults.dhParamsLen)) {
270 printf("***Error reading Diffie-Hellman params."
271 " Patience, grasshopper.\n");
272 }
273 }
274 testStartBanner("sslSession", argc, argv);
275 for(loop=0; loop<loops; loop++) {
276 ourRtn = sslRunSession(&serverDefaults, &clientDefaults, NULL);
277 if(ourRtn) {
278 break;
279 }
280 }
281 if(!clientDefaults.quiet) {
282 if(ourRtn == 0) {
283 if(!serverDefaults.quiet) {
284 printf("===== %s test PASSED =====\n", argv[0]);
285 }
286 }
287 else {
288 printf("****FAIL: %d errors detected\n", ourRtn);
289 }
290 }
291
292 return ourRtn;
293 }