--- /dev/null
+/*
+ * sslThrash.cpp
+ *
+ * track down multithread SecureTransport memory smasher - this test
+ * does no network I/O
+ */
+#include "testParams.h"
+#include <Security/cssm.h>
+#include <utilLib/common.h>
+#include <utilLib/cspwrap.h>
+#include <clAppUtils/clutils.h>
+#include <clAppUtils/tpUtils.h>
+#include <security_cdsa_utils/cuFileIo.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <Security/SecureTransport.h>
+
+#define DO_PAUSE 0
+
+#define NUM_INNER_LOOPS 10
+
+
+/*
+ * Derive a symmetric CSSM_KEY from the specified raw key material.
+ */
+static CSSM_RETURN cdsaDeriveKey(
+ CSSM_CSP_HANDLE cspHandle,
+ const void *rawKey,
+ size_t rawKeyLen,
+ CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_AES
+ uint32 keySizeInBits,
+ CSSM_KEY_PTR key)
+{
+ CSSM_RETURN crtn;
+ CSSM_CC_HANDLE ccHand;
+ CSSM_DATA dummyLabel = {8, (uint8 *)"tempKey"};
+ CSSM_DATA saltData = {8, (uint8 *)"someSalt"};
+ CSSM_PKCS5_PBKDF2_PARAMS pbeParams;
+ CSSM_DATA pbeData;
+ CSSM_ACCESS_CREDENTIALS creds;
+
+ memset(key, 0, sizeof(CSSM_KEY));
+ memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
+ crtn = CSSM_CSP_CreateDeriveKeyContext(cspHandle,
+ CSSM_ALGID_PKCS5_PBKDF2,
+ keyAlg,
+ keySizeInBits,
+ &creds,
+ NULL, // BaseKey
+ 1000, // iterationCount, 1000 is the minimum
+ &saltData,
+ NULL, // seed
+ &ccHand);
+ if(crtn) {
+ cssmPerror("CSSM_CSP_CreateDeriveKeyContext", crtn);
+ return crtn;
+ }
+
+ /* this is the caller's raw key bits, typically ASCII (though it
+ * could be anything) */
+ pbeParams.Passphrase.Data = (uint8 *)rawKey;
+ pbeParams.Passphrase.Length = rawKeyLen;
+ /* The only PRF supported by the CSP is HMACSHA1 */
+ pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
+ pbeData.Data = (uint8 *)&pbeParams;
+ pbeData.Length = sizeof(pbeParams);
+ crtn = CSSM_DeriveKey(ccHand,
+ &pbeData,
+ CSSM_KEYUSE_ANY,
+ CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE,
+ &dummyLabel,
+ NULL, // cred and acl
+ key);
+ CSSM_DeleteContext(ccHand); // ignore error here
+ if(crtn) {
+ cssmPerror("CSSM_DeriveKey", crtn);
+ }
+ return crtn;
+}
+
+static CSSM_API_MEMORY_FUNCS memFuncs = {
+ appMalloc,
+ appFree,
+ appRealloc,
+ appCalloc,
+ NULL
+ };
+static CSSM_VERSION vers = {2, 0};
+
+/*
+ * Initialize CDSA and attach to the CSP.
+ */
+static CSSM_RETURN cdsaCspAttach(
+ CSSM_CSP_HANDLE *cspHandle)
+{
+ CSSM_CSP_HANDLE cspHand;
+ CSSM_RETURN crtn;
+
+ /* Load the CSP bundle into this app's memory space */
+ crtn = CSSM_ModuleLoad(&gGuidAppleCSP,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ return crtn;
+ }
+
+ /* obtain a handle which will be used to refer to the CSP */
+ crtn = CSSM_ModuleAttach (&gGuidAppleCSP,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_CSP,
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &cspHand);
+ if(crtn) {
+ return crtn;
+ }
+ *cspHandle = cspHand;
+ return CSSM_OK;
+}
+
+static bool thrashInit = false;
+static bool doSsl = true;
+static bool doKey = true;
+static bool doAttach = true;
+
+int sslThrashInit(TestParams *testParams)
+{
+ if(thrashInit) {
+ return 0;
+ }
+
+ char *opts = testParams->testOpts;
+ if(opts == NULL) {
+ thrashInit = true;
+ return 0;
+ }
+ while(*opts != '\0') {
+ switch(*opts) {
+ case 'k':
+ doKey = false;
+ printf("...sslThrash: doKey disabled\n");
+ break;
+ case 's':
+ doSsl = false;
+ printf("...sslThrash: doSsl disabled\n");
+ break;
+ case 'a':
+ doAttach = false;
+ printf("...sslThrash: doAttach disabled\n");
+ break;
+ default:
+ /* for other tests */
+ break;
+ }
+ opts++;
+ }
+ thrashInit = true;
+ return 0;
+}
+
+#define FAKE_SSL 0
+#define SSL_CTX_SIZE 600
+#define FAKE_DISPOSE 0
+
+int sslThrash(TestParams *testParams)
+{
+ CSSM_RETURN crtn;
+ unsigned loopNum;
+ SSLContextRef sslCtx;
+ unsigned dex;
+ CSSM_KEY ckey;
+ CSSM_HANDLE cspHand;
+
+ for(loopNum=0; loopNum<testParams->numLoops; loopNum++) {
+ if(testParams->verbose) {
+ printf("sslThrash loop %d\n", loopNum);
+ }
+ else if(!testParams->quiet) {
+ printChar(testParams->progressChar);
+ }
+
+ for(dex=0; dex<NUM_INNER_LOOPS; dex++) {
+ if(doAttach) {
+ crtn = cdsaCspAttach(&cspHand);
+ if(crtn) {
+ printf("cdsaCspAttach error\n");
+ return 1;
+ }
+ }
+ if(doSsl) {
+ #if FAKE_SSL
+ sslCtx = (SSLContext *)malloc(SSL_CTX_SIZE);
+ #else
+ OSStatus ortn = SSLNewContext(false, &sslCtx);
+ if(ortn) {
+ cssmPerror("SSLNewContext", ortn);
+ printf("SSLNewContext error %d\n", (int)ortn);
+ return 1;
+ }
+ #endif
+ }
+ if(doKey) {
+ crtn = cdsaDeriveKey(testParams->cspHand,
+ "some silly string",
+ 17,
+ CSSM_ALGID_AES,
+ 128,
+ &ckey);
+ if(crtn) {
+ printf("cdsaDeriveKey error\n");
+ return 1;
+ }
+ }
+ if(doSsl) {
+ #if FAKE_SSL || FAKE_DISPOSE
+ free(sslCtx);
+ #else
+ OSStatus ortn = SSLDisposeContext(sslCtx);
+ if(ortn) {
+ cssmPerror("SSLDisposeContext", ortn);
+ printf("SSLDisposeContext error %d\n", (int)ortn);
+ return 1;
+ }
+ #endif
+ }
+ if(doKey) {
+ crtn = CSSM_FreeKey(testParams->cspHand,
+ NULL, // access cred
+ &ckey,
+ CSSM_FALSE);
+ if(crtn) {
+ cssmPerror("CSSM_FreeKey", crtn);
+ printf("CSSM_FreeKey error\n");
+ return 1;
+ }
+ }
+ if(doAttach) {
+ crtn = CSSM_ModuleDetach(cspHand);
+ if(crtn) {
+ cssmPerror("CSSM_ModuleDetach", crtn);
+ printf("CSSM_ModuleDetach error\n");
+ return 1;
+ }
+ }
+ randomDelay();
+
+ /* leak debug */
+ #if DO_PAUSE
+ fpurge(stdin);
+ printf("Hit CR to continue: ");
+ getchar();
+ #endif
+ } /* inner loop */
+
+ } /* outer loop */
+ return 0;
+}
projects / apple / security.git / blobdiff