Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
sslt.c File Reference
#include <prinit.h>
#include <prprf.h>
#include <prsystem.h>
#include <prmem.h>
#include <plstr.h>
#include <prnetdb.h>
#include <prinrval.h>
#include <prmon.h>
#include <prlock.h>
#include "cert.h"
#include "key.h"
#include "secmod.h"
#include "secutil.h"
#include "pk11func.h"
#include "ssl.h"
#include "sslproto.h"
#include "ssls.h"
#include "sslc.h"
#include "sslt.h"
#include "nss.h"

Go to the source code of this file.

Defines

#define VERION_MAJOR   1
#define VERION_MINOR   0
#define VERSION_POINT   7
#define EXIT_OOPS   14
#define dbmsg(x)   if (debug) PR_fprintf x ;
#define INSERT_TABLES
#define ALLOWEDBYPROTOCOL   1
#define ALLOWEDBYPOLICY   2
#define ALLOWEDBYCIPHERSUITE   4
#define SSLT_STATUS_CORRECT   0 /* The status is correct. Continue with test */
#define SSLT_STATUS_WRONG_KEYSIZE   1 /* The reported keysize is incorrect. abort */
#define SSLT_STATUS_WRONG_SKEYSIZE   2 /* The reported secret keysize is incorrect. abort */
#define SSLT_STATUS_WRONG_DESCRIPTION   3 /* The reported description is incorrect. abort*/
#define SSLT_STATUS_WRONG_ERRORCODE   4 /* sec. library error - but wrong one - abort */
#define SSLT_STATUS_CORRECT_ERRORCODE   5 /* security library error - right one - abort with err 99 */

Functions

PRInt32 ServerThread (PRInt32 argc, char **argv)
void ClientThread (void *arg)
void SetupNickNames (void)
int OpenDBs (void)
int ConfigServerSocket (void)
int DoIO (struct ThreadData *)
int Client (void)
int SetClientSecParams (void)
int CreateClientSocket (void)
int Version2Enable (PRFileDesc *s)
int Version3Enable (PRFileDesc *s)
int Version23Clear (PRFileDesc *s)
int AuthCertificate (void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
char * MyPWFunc (void *slot, PRBool retry, void *arg)
int CreateServerSocket (struct ThreadData *td)
PRIntn main (PRIntn ac, char **av, char **ev)
int GetSecStatus (struct ThreadData *td)
int Error (int s)
int VerifyStatus (struct ThreadData *td)
int DoRedoHandshake (struct ThreadData *td)
int NextState (struct ThreadData *td, int finishedReading, int finishedWriting)
int CheckSSLEnabled (int j)
int VerifyBuffer (char *recvbuf, int bufsize, int done, char xor)
void FillBuffer (char *sendbuf, int bufsize, int offset, char xor)
void HandshakeCallback (PRFileDesc *s, void *td)

Variables

char * nicknames []
char * client_nick
char * password
char * nickname
int rc
PRMonitorrcmon
PRInt32 debug = 0
PRInt32 verbose = 0
CERTCertDBHandle * cert_db_handle = NULL

Define Documentation

Definition at line 457 of file sslt.c.

Definition at line 456 of file sslt.c.

Definition at line 455 of file sslt.c.

#define dbmsg (   x)    if (debug) PR_fprintf x ;

Definition at line 73 of file sslt.c.

#define EXIT_OOPS   14

Definition at line 62 of file sslt.c.

Definition at line 126 of file sslt.c.

#define SSLT_STATUS_CORRECT   0 /* The status is correct. Continue with test */
#define SSLT_STATUS_CORRECT_ERRORCODE   5 /* security library error - right one - abort with err 99 */
#define SSLT_STATUS_WRONG_DESCRIPTION   3 /* The reported description is incorrect. abort*/
#define SSLT_STATUS_WRONG_ERRORCODE   4 /* sec. library error - but wrong one - abort */
#define SSLT_STATUS_WRONG_KEYSIZE   1 /* The reported keysize is incorrect. abort */
#define SSLT_STATUS_WRONG_SKEYSIZE   2 /* The reported secret keysize is incorrect. abort */

Definition at line 37 of file sslt.c.

Definition at line 38 of file sslt.c.

Definition at line 39 of file sslt.c.


Function Documentation

int AuthCertificate ( void arg,
PRFileDesc fd,
PRBool  checkSig,
PRBool  isServer 
)

Definition at line 757 of file sslt.c.

                           {
  if (PR_FALSE == REP_SSLVersion2 &&
      PR_FALSE == REP_SSLVersion3) {
    if (( -1 != j ) ||
       (( -1 == j) && (PR_GetError() != SSL_ERROR_SSL_DISABLED))) {
      return 52;
    }
    else return 99;
  }
  else return 0;
}
int Client ( void  )
void ClientThread ( void arg)
int CreateServerSocket ( struct ThreadData td)

Definition at line 155 of file sslt.c.

                                              {
  /* Create server socket s */

  td->fd = PR_NewTCPSocket();
  if (td->fd == NULL) return Error(20);

  td->r = SSL_ImportFD(NULL, td->fd);
  if (td->r == NULL) return Error(21);

  return 0;
} 

Here is the call graph for this function:

int DoIO ( struct ThreadData td)
int DoRedoHandshake ( struct ThreadData td)

Definition at line 596 of file sslt.c.

                                           {
  int r;


  /* figure out if we really should do the RedoHandshake */
  if ((td->client  && (PR_TRUE== REP_ClientRedoHandshake)) ||
       (!td->client && (PR_TRUE== REP_ServerRedoHandshake))) {

    if ((!td->client && (SSLT_CLIENTAUTH_REDO==REP_ServerDoClientAuth))) {
       r = SSL_Enable(td->s, SSL_REQUEST_CERTIFICATE, 1);
    }

    r = SSL_RedoHandshake(td->s);          /* .. and redo the handshake */      
    if (PR_SUCCESS == r) {                  /* If the handshake succeeded,  */
                                            /* make sure that shouldn't have failed... */

       /*** 
          If the server is doing ClientAuth
           and the wrong certificate in the
          client, then the handshake should fail (but it succeeded)
          ***/
      
#if 0
      if (SSLT_CLIENTAUTH_INITIAL == REP_ServerDoClientAuth) {
       if ((CLIENT_CERT_SPARK == REP_ClientCert) ||
           (SERVER_CERT_HARDCOREII_512       == REP_ClientCert) ||
           (NO_CERT                           == REP_ClientCert)
           ) 
         return Error(90);

      }
#endif
      
    }
    
    else {  /* PR_FAILURE:            Make sure the handshake shouldn't have succeeded */
      
      /* First, abort the peer, since it cannot continue */
      r = Error(91);
      if (0==r) return 0;  /* peer aborted first */
      else {
      /***
       If the server is doing clientauth and
       a valid certificate was presented, the handshake
       should have succeeded (but it failed)
       ***/
      
       if (PR_TRUE == REP_ServerDoClientAuth) {
         if ((CLIENT_CERT_HARDCOREII_512         == REP_ClientCert) ||
             (CLIENT_CERT_HARDCOREII_1024        == REP_ClientCert) ||
             (CLIENT_CERT_VERISIGN               == REP_ClientCert) ||
             (SERVER_CERT_HARDCOREII_512         == REP_ClientCert)
             ) 
           return Error(91);
       }
      }
    }
  }
}

Here is the call graph for this function:

int Error ( int  s)

Definition at line 438 of file sslt.c.

{
  int r;

  PR_EnterMonitor(rcmon);
  r = rc;
  if (0 == rc) { 
    rc = s;
  }    
  PR_ExitMonitor(rcmon);

  if (r) return s;
  else return 0;
}

Here is the call graph for this function:

void FillBuffer ( char *  sendbuf,
int  bufsize,
int  offset,
char  xor 
)

Definition at line 1099 of file sslt.c.

                                                                  {
   int done=0,i,j;
   
   while (done < bufsize) {
    i = offset % DATABUFSIZE;
    for (j = i; j < DATABUFSIZE ; j++) {
      *sendbuf = (data[j] ^ xor);
      sendbuf++;
    }
    done += (DATABUFSIZE - i);
    offset += (DATABUFSIZE - i);
   }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

int GetSecStatus ( struct ThreadData td)

Definition at line 414 of file sslt.c.

                                        {
  int r;

  r = SSL_SecurityStatus(td->s,
                      &td->status_on,
                      &td->status_cipher,
                      &td->status_keysize,
                      &td->status_skeysize,
                      &td->status_issuer,
                      &td->status_subject
                      );

  return r;
  /* SSL_PeerCertificate(); */

}

Here is the call graph for this function:

void HandshakeCallback ( PRFileDesc s,
void td 
)

Definition at line 1125 of file sslt.c.

                                                   {
   int r;

   /*   1. Get status of connection */

   r = GetSecStatus(td);
   if (PR_SUCCESS != r) {
     /* Abort */
   }
   else {

   /*   2. Verify status of connection */

#if 0   
  r =VerifyStatus(td); 
     if (PR_SUCCESS != r) {
       /* Abort */
     }
#endif
   }

 }

Here is the call graph for this function:

PRIntn main ( PRIntn  ac,
char **  av,
char **  ev 
)

Definition at line 197 of file sslt.c.

                                             {
  int r;
  extern char *optarg;      
  extern int optind;
  int c;
  

  if( ac == 1 ) {
     PR_fprintf(PR_STDERR,
"\nSSL Test Suite Version %d.%d.%d\n\
All Rights Reserved\n\
Usage: sslt [-c client_nickname] [-n server_nickname] [-p passwd] [-d] testid\n",
VERION_MAJOR, VERION_MINOR, VERSION_POINT);

    exit(0);
  }

  for (c = 1; c<ac; c++) {
       if (!PL_strcmp(av[c],"-c")) {
       
                c++;
                if (c < ac) {
                     client_nick = av[c];
                }
                else {
                       PR_fprintf(PR_STDOUT,"must supply argument for -c\n");
                       exit(0);
                }
       }

       else if (!PL_strcmp(av[c],"-n")) {
       
                c++;
                if (c < ac) {
                     nickname = av[c];
                }
                else {
                       PR_fprintf(PR_STDOUT,"must supply argument for -n\n");
                       exit(0);
                }
      }
         else if (!PL_strcmp(av[c],"-p")) {

                c++;
                if (c < ac) {
                     password = av[c];
                }
                else {
                       PR_fprintf(PR_STDOUT,"must supply argument for -p\n");
                       exit(0);
                }
      }
       else if (!PL_strcmp(av[c],"-d")) {
                c++;
                debug++;
      }
       else 
              testId = atoi(av[c]);
  }



#ifdef XP_PC
    __try {
#endif
 
  r = PR_Initialize(ServerThread,ac,av,400);         /* is 400 enough? */

  /* returncode 99 means 'no error' */
  if (99 == r)  r = 0;

#ifdef XP_PC
    } __except( PR_fprintf(PR_STDERR, "\nCERT-TEST crashed\n"), EXCEPTION_EXECUTE_HANDLER ) {
        r = 255;
    }
#endif

  return r;

}

Here is the call graph for this function:

char* MyPWFunc ( void slot,
PRBool  retry,
void arg 
)
int NextState ( struct ThreadData td,
int  finishedReading,
int  finishedWriting 
)

Definition at line 691 of file sslt.c.

                                   {
  int r;



  /* if we were in STATE_BEFORE_INITIAL_HANDSHAKE, and we came here, we must
     have just completed a handshake, so we can get status and move on
     to next state.  */

  if (STATE_BEFORE_INITIAL_HANDSHAKE == td->state ) {
    
    td->state = STATE_BEFORE_REDO_HANDSHAKE;  /* first set next state */
    
    r = GetSecStatus(td);
    if (PR_SUCCESS != r) {
      return Error(80);
    }
    
#if 0
    r = VerifyStatus(td);   /* Call VerifyStatus to make sure that the connection is
                            what was expected */
    if (PR_SUCCESS != r) return r;
#endif

      
  }
  
  if (STATE_BEFORE_REDO_HANDSHAKE == td->state) {
    /* If we're not going to do a redohandshake, we can just skip over this state */
    if (td->client) {
      if (PR_FALSE  == REP_ClientRedoHandshake) td->state = STATE_STATUS_COLLECTED;
    }
    else {
      if (PR_FALSE == REP_ServerRedoHandshake) td->state = STATE_STATUS_COLLECTED;
    }
    r = DoRedoHandshake(td);
    if (PR_SUCCESS != r) return r;
    td->state = STATE_STATUS_COLLECTED;
  }
                

  switch (td->state) {
  case STATE_STATUS_COLLECTED:
    if (finishedWriting) td->state = STATE_DONE_WRITING;
    if (finishedReading) td->state = STATE_DONE_READING;
    break;
  case STATE_DONE_WRITING:
    if (finishedReading) td->state = STATE_DONE;
    break;
  case STATE_DONE_READING:
    if (finishedWriting) td->state = STATE_DONE;
    break;
  default:
    return PR_SUCCESS;
  }
}

Here is the call graph for this function:

int OpenDBs ( void  )
PRInt32 ServerThread ( PRInt32  argc,
char **  argv 
)

Definition at line 196 of file sslc.c.

                      {
  nicknames[CLIENT_CERT_VERISIGN]        = "CLIENT_CERT_VERISIGN";
  nicknames[CLIENT_CERT_HARDCOREII_1024] = "CLIENT_CERT_HARDCOREII_1024";
  nicknames[CLIENT_CERT_HARDCOREII_512]  = "CLIENT_CERT_HARDCOREII_512";
  nicknames[CLIENT_CERT_SPARK]           = "CLIENT_CERT_SPARK";
  nicknames[SERVER_CERT_HARDCOREII_512]  = nickname;
  /* nicknames[SERVER_CERT_HARDCOREII_512]  = "SERVER_CERT_HARDCOREII_512"; */
  nicknames[SERVER_CERT_VERISIGN_REGULAR]= "SERVER_CERT_VERISIGN_REGULAR";
  nicknames[SERVER_CERT_VERISIGN_STEPUP] = "SERVER_CERT_VERISIGN_STEPUP";
  nicknames[SERVER_CERT_SPARK]           = "SERVER_CERT_SPARK";
}

Here is the caller graph for this function:

int VerifyBuffer ( char *  recvbuf,
int  bufsize,
int  done,
char  xor 
)

Definition at line 1072 of file sslt.c.

                                                                {
  int i,j,k;

  while (bufsize) {
    i = done % DATABUFSIZE;

    k = DATABUFSIZE;
    if (bufsize < k) {
      k = bufsize;
    }
    for (j = i; j < k ; j++) {
      if ((data[j] ^ xor) != (*recvbuf)) {
       return 71;
      }
      
      recvbuf++;
    }
    done += k-i;
    bufsize -= (k - i);
    if (bufsize < 0) return 73;
  }
  return (0);
}

Here is the caller graph for this function:

int VerifyStatus ( struct ThreadData td)

Definition at line 462 of file sslt.c.

{
  int i,j;
  int matched =0;

  /* Go through all the ciphers until we find the first one that satisfies */
  /* all the criteria. The ciphers are listed in preferred order. So, the first */
  /* that matches should be the one. */

  /* because of bug 107086, I have to fudge this. If it weren't for this
     bug, SSL2 ciphers may get chosen in preference to SSL3 cipher,
     if they were stronger */


  for (i=0;i<cipher_array_size;i++) {

  /* IF */

    if (

       /* bug 107086. If SSL2 and SSL3 are enabled, ignore the SSL2 ciphers */
       (!( /* see above */
         (REP_SSLVersion2 && REP_SSLVersion3) && cipher_array[i].sslversion == 2)
        )

       &&


       (  /* Cipher is the right kind for the protocol? */
        ((cipher_array[i].sslversion == 2) && REP_SSLVersion2) ||
        ((cipher_array[i].sslversion == 3) && REP_SSLVersion3) 
        )
       
       &&  /* Cipher is switched on */

       ((cipher_array[i].on == 1) ||
        ((cipher_array[i].on == 2) &&
         (REP_ServerCert == SERVER_CERT_VERISIGN_STEPUP)))

       &&  /* Is this cipher enabled under this policy */
    
       (
        (REP_Policy == POLICY_DOMESTIC) ||
        ((REP_Policy == POLICY_EXPORT)  && 
         (cipher_array[i].exportable == SSL_ALLOWED)))
       )

  /* THEN */
      {
       /* This is the cipher the SSL library should have chosen */
       
       matched = 1;
       break; 
      }
  }

GetSecStatus(td);


#define SSLT_STATUS_CORRECT           0 /* The status is correct. Continue with test */
#define SSLT_STATUS_WRONG_KEYSIZE     1 /* The reported keysize is incorrect. abort */
#define SSLT_STATUS_WRONG_SKEYSIZE    2 /* The reported secret keysize is incorrect. abort */
#define SSLT_STATUS_WRONG_DESCRIPTION 3 /* The reported description is incorrect. abort*/
#define SSLT_STATUS_WRONG_ERRORCODE   4 /* sec. library error - but wrong one - abort */
#define SSLT_STATUS_CORRECT_ERRORCODE 5 /* security library error - right one - abort with err 99 */

  if (matched) {
    if (td->status_keysize  != cipher_array[i].ks) {
      PR_fprintf(PR_STDERR,"wrong keysize. seclib: %d,  expected %d\n",
               td->status_keysize,cipher_array[i].ks);
      return  SSLT_STATUS_WRONG_KEYSIZE;
    }
    if (td->status_skeysize != cipher_array[i].sks) return SSLT_STATUS_WRONG_SKEYSIZE;
    if (PL_strcmp(td->status_cipher,cipher_array[i].name)) {
      PR_fprintf(PR_STDERR,"wrong cipher description.  seclib: %s, expected: %s\n",
            td->status_cipher,cipher_array[i].name);
      return SSLT_STATUS_WRONG_DESCRIPTION;
    }

    /* Should also check status_issuer and status_subject */
  
    return SSLT_STATUS_CORRECT;
  }

  else {
    /* if SSL wasn't enabled, security library should have returned a failure with
       SSL_ERROR_SSL_DISABLED 
       */

    /* Since we cannot set the client and server ciphersuites independently,
       there's not point in checking for NO_CYPHER_OVERLAP. That's why some
       of this is commented out.
       */

#if 0
       if (PR_FALSE == REP_SSLVersion2 &&
           PR_FALSE == REP_SSLVersion3)
{
if ( (td->secerr_flag == PR_FALSE ) ||
          ((td->secerr_flag == PR_TRUE) && 
            !((td->secerr == SSL_ERROR_SSL_DISABLED) ||
             (td->secerr == SSL_ERROR_NO_CYPHER_OVERLAP))
       )) {
       return SSLT_STATUS_WRONG_ERRORCODE;
     }
     else
  return SSLT_STATUS_CORRECT_ERRORCODE;
   }

       else {

         /* If SSL was enabled, and we get here, then no ciphers were compatible
            (matched == 0). So, security library should have returned the error
            SSL_ERROR_NO_CYPHER_OVERLAP */

         if ((td->secerr_flag == PR_FALSE) ||
             ((td->secerr_flag == PR_TRUE) && (td->secerr != SSL_ERROR_NO_CYPHER_OVERLAP))) {
           return SSLT_STATUS_WRONG_ERRORCODE;
         }
         else return SSLT_STATUS_CORRECT_ERRORCODE;
       }
#endif
  }
       return SSLT_STATUS_CORRECT_ERRORCODE;
}

Here is the call graph for this function:

Definition at line 186 of file sslc.c.

                                  {
  if (SSL_Enable(s,SSL_ENABLE_SSL2,0) <0) return Error(40);
  if (SSL_Enable(s,SSL_ENABLE_SSL3,0) <0) return Error(41);
  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 181 of file sslc.c.

                                  {
    if (SSL_Enable(s, SSL_ENABLE_SSL3, 1) <0) return Error(42);
    else return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

CERTCertDBHandle* cert_db_handle = NULL

Definition at line 115 of file sslt.c.

char* client_nick

Definition at line 55 of file sslc.c.

Definition at line 113 of file sslt.c.

char * nickname

Definition at line 54 of file sslc.c.

char* nicknames[]

Definition at line 194 of file sslc.c.

char* password

Definition at line 59 of file signtool.c.

Definition at line 107 of file sslt.c.

Definition at line 108 of file sslt.c.

Definition at line 114 of file sslt.c.