]> git.saurik.com Git - apple/security.git/blobdiff - SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57740.51.3.tar.gz
[apple/security.git] / SecurityTests / cspxutils / ssl2Padding / ssl2Padding.cpp
diff --git a/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp b/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp
deleted file mode 100644 (file)
index 3c842a7..0000000
--- a/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp
+++ /dev/null
@@ -1,394 +0,0 @@
-/* Copyright (c) 2005-2006 Apple Computer, Inc.
- *
- * ssl2Padding.cpp - test CSSM_PADDING_APPLE_SSLv2.
- */
-
- /*
-  * This table illustrates the combinations of:
-  *
-  * -- SSLv2 (v2) and SSLv3/TLSv1 (v3+) enables (0/1) on the client and server side
-  * -- the resulting negotiated protocols (including those forced by a man-in-the-middle 
-  *    attacker, denoted by (m))
-  * -- the padding generated by the client (client pad)
-  * -- the padding style checked by the server (server pad) 
-  * -- and the end results
-  *
-  * client  server 
-  * ------  ------ 
-  * v2 v3+  v2 v3+  negotiate client pad  server pad   result
-  * -- --   -- --   --------- ----------  ----------   ------
-  * 0  0    x  x                                       impossible
-  * x  x    0  0                                       impossible
-  * 0  1    0  1     v3+         PKCS1      PKCS1      normal
-  * 0  1    0  1     v2 (m)                            Attack fails, client rejects server hello
-  * 0  1    1  0     fail                              incompatible
-  * 0  1    1  1     v3+         PKCS1      PKCS1      normal
-  * 0  1    1  1     v2 (m)                            Attack fails, client rejects server hello
-  * 1  0    0  1     fail                              incompatible
-  * 1  0    1  0     v2          PKCS1      PKCS1      normal, both sides are dumb SSL2
-  * 1  0    1  0     v3+                               Attack fails, server rejects client hello
-  * 1  0    1  1     v2          PKCS1      SSLv2      normal, dumb client
-  * 1  0    1  1     v3+ (m)                           Attack fails, client rejects server hello
-  * 1  1    0  1     v3+         PKCS1      PKCS1      normal
-  * 1  1    0  1     v2 (m)                            Attack fails, server rejects SSL2 handshake
-  * 1  1    1  0     v2          SSLv2      PKCS1      normal, dumb server
-  * 1  1    1  0     v3+ (m)                           Attack fails, server rejects SSL3 handshakes
-  * 1  1    1  1     v3+         PKCS1      PKCS1      normal
-  * 1  1    1  1     v2 (m)      SSLv2      SSLv2      Attack fails due to SSLv2 pad detect
-  *
-  * The client generates SSLv2 padding if it's capable of v3+ but is currently operating
-  * in v2 per negotiation. 
-  *
-  * The server checks for SSLv2 padding if it's capable of v3+ but is currently operating
-  * in v2 per negotiation. If SSLv2 padding is seen, fail. 
-  */
-  
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <Security/cssm.h>
-#include "cspwrap.h"
-#include "common.h"
-#include "cspdlTesting.h"
-
-#define USAGE_NAME                     "noUsage"
-#define USAGE_NAME_LEN         (strlen(USAGE_NAME))
-#define LOOPS_DEF                      10
-
-#define KEY_SIZE_DEF           1024
-#define KEY_SIZE_SMALL         512
-
-#define PTEXT_LEN                      32              /* bytes */
-
-static void usage(char **argv)
-{
-       printf("usage: %s [options]\n", argv[0]);
-       printf("   Options:\n");
-       printf("   l=loops (default=%d; 0=forever)\n", LOOPS_DEF);
-       printf("   k=keySizeInBits; default=%d\n", KEY_SIZE_DEF);
-       printf("   D (CSP/DL; default = bare CSP)\n");
-       printf("   p (pause on each loop)\n");
-       printf("   u (quick; small keys)\n");
-       printf("   v(erbose)\n");
-       printf("   q(uiet)\n");
-       printf("   h(elp)\n");
-       exit(1);
-}
-
-/* special-purpose generate-context, encrypt, and decrypt routines just for this test */
-static int genRsaCryptContext(
-       CSSM_CSP_HANDLE         cspHand,
-       CSSM_KEY_PTR            key,
-       CSSM_PADDING            padding,
-       CSSM_BOOL                       quiet,
-       CSSM_CC_HANDLE          &ccHand)                        // RETURNED
-{
-       CSSM_RETURN crtn;
-       CSSM_ACCESS_CREDENTIALS creds;
-       
-       memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-       crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
-               CSSM_ALGID_RSA,
-               &creds,                 // access
-               key,
-               padding,
-               &ccHand);
-       if(crtn) {
-               cssmPerror("CSSM_CSP_CreateAsymmetricContext", crtn);
-               return testError(quiet);
-       }
-       return 0;
-}
-
-static int doRsaEncrypt(
-       CSSM_CSP_HANDLE         cspHand,
-       CSSM_KEY_PTR            key,
-       CSSM_PADDING            padding,
-       CSSM_BOOL                       quiet,
-       CSSM_DATA                       *ptext,
-       CSSM_DATA                       *ctext)
-{
-       CSSM_CC_HANDLE  ccHand;
-       int                             rtn;
-       CSSM_RETURN             crtn;
-       CSSM_SIZE               bytesMoved;
-       CSSM_DATA               remData = {0, NULL};
-       
-       rtn = genRsaCryptContext(cspHand, key, padding, quiet, ccHand);
-       if(rtn) {
-               return rtn;
-       }
-       crtn = CSSM_EncryptData(ccHand,
-               ptext,
-               1,
-               ctext,
-               1,
-               &bytesMoved,
-               &remData);
-       CSSM_DeleteContext(ccHand);
-       if(crtn == CSSM_OK) {
-               /*
-                * Deal with remData - its contents are included in bytesMoved.
-                */
-               if(remData.Length != 0) {
-                       /* malloc and copy a new one */
-                       uint8 *newCdata = (uint8 *)appMalloc(bytesMoved, NULL);
-                       memmove(newCdata, ctext->Data, ctext->Length);
-                       memmove(newCdata+ctext->Length, remData.Data, remData.Length);
-                       CSSM_FREE(ctext->Data);
-                       ctext->Data = newCdata;
-               }
-               ctext->Length = bytesMoved;
-               return 0;
-       }
-       else {
-               cssmPerror("CSSM_EncryptData", crtn);
-               return testError(quiet);
-       }
-}
-
-static int doRsaDecrypt(
-       CSSM_CSP_HANDLE         cspHand,
-       CSSM_KEY_PTR            key,
-       CSSM_PADDING            padding,
-       CSSM_BOOL                       quiet,
-       CSSM_RETURN                     expectRtn,
-       CSSM_DATA                       *ctext,
-       CSSM_DATA                       *rptext)
-{
-       CSSM_CC_HANDLE  ccHand;
-       int                             rtn;
-       CSSM_RETURN             crtn;
-       CSSM_SIZE               bytesMoved;
-       CSSM_DATA               remData = {0, NULL};
-       
-       rtn = genRsaCryptContext(cspHand, key, padding, quiet, ccHand);
-       if(rtn) {
-               return rtn;
-       }
-       crtn = CSSM_DecryptData(ccHand,
-               ctext,
-               1,
-               rptext,
-               1,
-               &bytesMoved,
-               &remData);
-       CSSM_DeleteContext(ccHand);
-       if(crtn != expectRtn) {
-               printf("   CSSM_DecryptData: expect %s\n",      cssmErrToStr(expectRtn));
-               printf("   CSSM_DecryptData: got    %s\n",  cssmErrToStr(crtn));
-               return testError(quiet);
-       }
-       if(crtn) {
-               /* no need to process further */
-               return 0;
-       }
-       if(crtn == CSSM_OK) {
-               /*
-                * Deal with remData - its contents are included in bytesMoved.
-                */
-               if(remData.Length != 0) {
-                       /* malloc and copy a new one */
-                       uint8 *newRpdata = (uint8 *)appMalloc(bytesMoved, NULL);
-                       memmove(newRpdata, rptext->Data, rptext->Length);
-                       memmove(newRpdata+rptext->Length, remData.Data, remData.Length);
-                       CSSM_FREE(rptext->Data);
-                       rptext->Data = newRpdata;
-               }
-               rptext->Length = bytesMoved;
-               return 0;
-       }
-       else {
-               cssmPerror("CSSM_DecryptData", crtn);
-               return testError(quiet);
-       }
-}
-
-/*
- * encrypt with specified pad
- * decrypt with specified pad, verify expected result (which may be failure)
- */
-static int doTest(
-       CSSM_CSP_HANDLE         cspHand,
-       CSSM_KEY_PTR            pubKey,
-       CSSM_KEY_PTR            privKey,
-       CSSM_PADDING            encrPad,
-       CSSM_PADDING            decrPad,
-       CSSM_BOOL                       quiet,
-       CSSM_RETURN                     expectResult)
-{
-       int                             rtn;
-       uint8                   ptext[PTEXT_LEN];
-       CSSM_DATA               ptextData = {PTEXT_LEN, ptext};
-       CSSM_DATA               ctext = {0, NULL};
-       CSSM_DATA               rptext = {0, NULL};
-       
-       simpleGenData(&ptextData, PTEXT_LEN, PTEXT_LEN);
-       rtn = doRsaEncrypt(cspHand, pubKey, encrPad, quiet, &ptextData, &ctext);
-       if(rtn) {
-               goto errOut;
-       }
-       rtn = doRsaDecrypt(cspHand, privKey, decrPad, quiet, expectResult, &ctext, &rptext);
-       if(rtn) {
-               goto errOut;
-       }
-       if(expectResult == CSSM_OK) {
-               if(memcmp(rptext.Data, ptextData.Data, PTEXT_LEN)) {
-                       printf("***Data miscomapare after decrypt\n");
-                       rtn = testError(quiet);
-               }
-       }
-errOut:
-       if(ctext.Data) {
-               CSSM_FREE(ctext.Data);
-       }
-       if(rptext.Data) {
-               CSSM_FREE(rptext.Data);
-       }
-       return rtn;
-}
-
-int main(int argc, char **argv)
-{
-       int                                     arg;
-       char                            *argp;
-       unsigned                        loop;
-       CSSM_CSP_HANDLE         cspHand;
-       int                                     rtn = 0;
-       
-       /*
-        * User-spec'd params
-        */
-       unsigned                        loops = LOOPS_DEF;
-       CSSM_BOOL                       verbose = CSSM_FALSE;
-       CSSM_BOOL                       quiet = CSSM_FALSE;
-       uint32                          keySizeInBits = KEY_SIZE_DEF;
-       CSSM_BOOL                       bareCsp = CSSM_TRUE;
-       CSSM_BOOL                       doPause = CSSM_FALSE;
-       
-       for(arg=1; arg<argc; arg++) {
-               argp = argv[arg];
-               switch(argp[0]) {
-                   case 'l':
-                               loops = atoi(&argp[2]);
-                               break;
-                       case 'k':
-                               keySizeInBits = atoi(&argv[arg][2]);
-                               break;
-                       case 'D':
-                               bareCsp = CSSM_FALSE;
-                               break;
-                       case 'u':
-                               keySizeInBits = KEY_SIZE_SMALL;
-                               break;
-                   case 'v':
-                       verbose = CSSM_TRUE;
-                               break;
-                   case 'p':
-                       doPause = CSSM_TRUE;
-                               break;
-                   case 'q':
-                       quiet = CSSM_TRUE;
-                               break;
-                   case 'h':
-                   default:
-                               usage(argv);
-               }
-       }
-       
-       testStartBanner("ssl2Padding", argc, argv);
-
-       cspHand = cspDlDbStartup(bareCsp, NULL);
-       if(cspHand == 0) {
-               exit(1);
-       }
-       CSSM_KEY pubKey;
-       CSSM_KEY privKey;
-       
-       CSSM_RETURN crtn = cspGenKeyPair(cspHand, CSSM_ALGID_RSA,
-               USAGE_NAME, USAGE_NAME_LEN,
-               keySizeInBits,
-               &pubKey, CSSM_TRUE /* ref */, CSSM_KEYUSE_ANY, CSSM_KEYBLOB_RAW_FORMAT_NONE,
-               &privKey, CSSM_TRUE /* ref */, CSSM_KEYUSE_ANY, CSSM_KEYBLOB_RAW_FORMAT_NONE,
-               CSSM_FALSE);
-       if(crtn) {
-               printf("***Error generating key pair. Aborting.\n");
-               exit(1);
-       }
-       for(loop=1; ; loop++) {
-               if(doPause) {
-                       fpurge(stdin);
-                       printf("Top of loop; hit CR to proceed: ");
-                       getchar();
-               }
-               
-               /* encrypt by client, decrypt by server. */
-               
-               /*
-                * SSLv3+ negotiated, normal case, or
-                * both sides support SSLv2 only
-                */
-               if(!quiet) {
-                       printf("...loop %u\n", loop);
-                       printf("   encrPad PKCS1 decrPad PKCS1\n");
-               }
-               rtn = doTest(cspHand, &pubKey, &privKey, 
-                       CSSM_PADDING_PKCS1, CSSM_PADDING_PKCS1,
-                       quiet, CSSM_OK);
-               if(rtn) {
-                       break;
-               }
-               
-               /* 
-                * Server supports SSLv2 and SSLv3+, client supports SSLv2 only
-                */
-               if(!quiet) {
-                       printf("   encrPad PKCS1 decrPad SSLv2\n");
-               }
-               rtn = doTest(cspHand, &pubKey, &privKey, 
-                       CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2,
-                       quiet, CSSM_OK);
-               if(rtn) {
-                       break;
-               }
-                
-               /*
-                * Server supports SSLv2 only, client supports SSLv2 and SSLv3+
-                */
-               if(!quiet) {
-                       printf("   encrPad SSLv2 decrPad PKCS1\n");
-               }
-               rtn = doTest(cspHand, &pubKey, &privKey, 
-                       CSSM_PADDING_APPLE_SSLv2, CSSM_PADDING_PKCS1,
-                       quiet, CSSM_OK);
-               if(rtn) {
-                       break;
-               }
-                
-               /*
-                * Both sides support SSLv3+ but a man in the middle has forced the 
-                * negotiated protocol down to SSLv2 
-                */
-               if(!quiet) {
-                       printf("   encrPad SSLv2 decrPad SSLv2, expect failure\n");
-               }
-               rtn = doTest(cspHand, &pubKey, &privKey, 
-                       CSSM_PADDING_APPLE_SSLv2, CSSM_PADDING_APPLE_SSLv2,
-                       quiet, CSSMERR_CSP_APPLE_SSLv2_ROLLBACK);
-               if(rtn) {
-                       break;
-               }
-
-               if(loops && (loop == loops)) {
-                       break;
-               }
-       }       /* for loop */
-
-       CSSM_ModuleDetach(cspHand);
-       if((rtn == 0) && !quiet) {
-               printf("%s test complete\n", argv[0]);
-       }
-       return rtn;
-}
mirror of Security