|
1 // Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 /** |
|
17 @file clientfinishedstep.cpp |
|
18 @internalTechnology |
|
19 */ |
|
20 #include "clientfinishedstep.h" |
|
21 |
|
22 #include <tlsprovinterface.h> |
|
23 |
|
24 CClientFinishedStep::CClientFinishedStep() |
|
25 { |
|
26 SetTestStepName(KClientFinishedStep); |
|
27 } |
|
28 |
|
29 TVerdict CClientFinishedStep::doTestStepPreambleL() |
|
30 { |
|
31 ConstructL(); |
|
32 |
|
33 CTlsCryptoAttributes* atts = Provider()->Attributes(); |
|
34 |
|
35 // Reads PSK values if included in INI file. |
|
36 ReadPskToBeUsedL(); |
|
37 |
|
38 // Reads if NULL ciphers suites are to be allowed from INI file. |
|
39 ReadUseNullCipher(); |
|
40 |
|
41 // read the "server" random |
|
42 HBufC8* random = ServerRandomL(); |
|
43 atts->iMasterSecretInput.iServerRandom.Copy(*random); |
|
44 delete random; |
|
45 |
|
46 // and the client random |
|
47 random = ClientRandomL(); |
|
48 atts->iMasterSecretInput.iClientRandom.Copy(*random); |
|
49 delete random; |
|
50 |
|
51 // we only support null compression... |
|
52 atts->iCompressionMethod = ENullCompression; |
|
53 |
|
54 // read the cipher suite for the test |
|
55 atts->iCurrentCipherSuite = CipherSuiteL(); |
|
56 |
|
57 // read the protocol version |
|
58 TTLSProtocolVersion version = ProtocolVersionL(); |
|
59 atts->iNegotiatedProtocol = version; |
|
60 atts->iProposedProtocol = version; |
|
61 |
|
62 // set the session ID and "server" name (localhost) |
|
63 atts->iSessionNameAndID.iSessionId = SessionId(); |
|
64 atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; |
|
65 atts->iSessionNameAndID.iServerName.iPort = 443; |
|
66 atts->idomainName.Copy(DomainNameL()); |
|
67 |
|
68 // try and read DH params, this section may not exist |
|
69 RInteger gen; |
|
70 CleanupClosePushL(gen); |
|
71 |
|
72 RInteger prime; |
|
73 CleanupClosePushL(prime); |
|
74 |
|
75 // If cipher suite under test is uses PSK (Pre Shared Key) |
|
76 if(UsePsk()) |
|
77 { |
|
78 // Populates values for PSK |
|
79 atts->iPskConfigured = true; |
|
80 atts->iPublicKeyParams->iKeyType = EPsk; |
|
81 atts->iPublicKeyParams->iValue4 = PskIdentity(); |
|
82 atts->iPublicKeyParams->iValue5 = PskKey(); |
|
83 } |
|
84 else |
|
85 { |
|
86 // If cipher suite under test is NOT PSK |
|
87 TRAPD(err, ReadDHParamsL()); |
|
88 if (err == KErrNone) |
|
89 { |
|
90 atts->iPublicKeyParams->iKeyType = EDHE; |
|
91 |
|
92 // The params are: |
|
93 // 1 - Prime |
|
94 // 2 - Generator |
|
95 // 3 - generator ^ random mod prime |
|
96 |
|
97 atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); |
|
98 CleanupStack::Pop(atts->iPublicKeyParams->iValue1); |
|
99 |
|
100 atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); |
|
101 CleanupStack::Pop(atts->iPublicKeyParams->iValue2); |
|
102 |
|
103 atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); |
|
104 CleanupStack::Pop(atts->iPublicKeyParams->iValue3); |
|
105 |
|
106 } |
|
107 } |
|
108 |
|
109 CleanupStack::PopAndDestroy(2, &gen); // prime |
|
110 |
|
111 // No client auth, no dialogs |
|
112 atts->iClientAuthenticate = EFalse; |
|
113 atts->iDialogNonAttendedMode = ETrue; |
|
114 |
|
115 return EPass; |
|
116 } |
|
117 |
|
118 TVerdict CClientFinishedStep::doTestStepL() |
|
119 { |
|
120 INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites.")); |
|
121 |
|
122 // first we have to retrieve the available cipher suites |
|
123 TInt err = GetCipherSuitesL(); |
|
124 |
|
125 if (err != KErrNone) |
|
126 { |
|
127 INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), |
|
128 err); |
|
129 SetTestStepResult(EFail); |
|
130 return TestStepResult(); |
|
131 } |
|
132 |
|
133 // verifies certificate if is not a PSK cipher suite |
|
134 if( !UsePsk() ) |
|
135 { |
|
136 // we have to verify the server certificate, to supply the certificate |
|
137 // and its parameters to the TLS provider. |
|
138 |
|
139 INFO_PRINTF1(_L("Calling TLS Provider to verify server certificate.")); |
|
140 |
|
141 CX509Certificate* cert = NULL; |
|
142 |
|
143 err = VerifyServerCertificateL(cert); |
|
144 delete cert; |
|
145 |
|
146 // make sure it completed sucessfully. |
|
147 if (err != KErrNone) |
|
148 { |
|
149 INFO_PRINTF2(_L("Failed! Server Certificate did not verify correctly! (Error %d)"), |
|
150 err); |
|
151 SetTestStepResult(EFail); |
|
152 return TestStepResult(); |
|
153 } |
|
154 |
|
155 } |
|
156 |
|
157 |
|
158 INFO_PRINTF1(_L("Creating TLS Session.")); |
|
159 |
|
160 // now, create a session with the parameters set in the preamble |
|
161 err = CreateSessionL(); |
|
162 |
|
163 // ensure we succeeded |
|
164 if (err != KErrNone) |
|
165 { |
|
166 INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err); |
|
167 SetTestStepResult(EFail); |
|
168 return TestStepResult(); |
|
169 } |
|
170 |
|
171 INFO_PRINTF1(_L("Calling TLS session key exchange.")); |
|
172 |
|
173 HBufC8* keyExMessage = NULL; |
|
174 err = ClientKeyExchange(keyExMessage); |
|
175 |
|
176 if (err != KErrNone) |
|
177 { |
|
178 INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err); |
|
179 delete keyExMessage; |
|
180 SetTestStepResult(EFail); |
|
181 return TestStepResult(); |
|
182 } |
|
183 |
|
184 INFO_PRINTF1(_L("Deriving premaster secret.")); |
|
185 |
|
186 // derive the premaster secret from the key exchange method |
|
187 CleanupStack::PushL(keyExMessage); |
|
188 HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage); |
|
189 CleanupStack::PopAndDestroy(keyExMessage); |
|
190 |
|
191 INFO_PRINTF1(_L("Deriving master secret.")); |
|
192 |
|
193 // compute the master secret from the premaster. |
|
194 CleanupStack::PushL(premaster); |
|
195 HBufC8* master = ComputeMasterSecretL(*premaster); |
|
196 CleanupStack::PopAndDestroy(premaster); |
|
197 CleanupStack::PushL(master); |
|
198 |
|
199 // create a block of random data to represent our handshake messages, |
|
200 // and create hash objects from it. |
|
201 |
|
202 HBufC8* handshake = HBufC8::NewLC(1024); // totally arbitary length... |
|
203 TPtr8 handshakeBuf = handshake->Des(); |
|
204 handshakeBuf.SetLength(1024); |
|
205 TRandom::RandomL(handshakeBuf); |
|
206 |
|
207 CMessageDigest* handshakeSha = CMessageDigestFactory::NewDigestLC(CMessageDigest::ESHA1); |
|
208 CMessageDigest* handshakeMd = CMessageDigestFactory::NewDigestLC(CMessageDigest::EMD5); |
|
209 |
|
210 handshakeSha->Update(handshakeBuf); |
|
211 handshakeMd->Update(handshakeBuf); |
|
212 |
|
213 INFO_PRINTF1(_L("Computing our test finished message.")); |
|
214 |
|
215 // now, calculate our idea of what the finished message should be. |
|
216 HBufC8* ourFinished = ComputeFinishedMessageL(handshakeSha, handshakeMd, *master, ETrue); |
|
217 CleanupStack::PushL(ourFinished); |
|
218 |
|
219 INFO_PRINTF1(_L("Calling TLS Session to generate client finished message.")); |
|
220 |
|
221 // ask TLS provider for our finished message and compare the two. |
|
222 HBufC8* theirFinished = NULL; |
|
223 err = GenerateClientFinishedL(handshakeSha, handshakeMd, theirFinished); |
|
224 if (err != KErrNone || *theirFinished != *ourFinished) |
|
225 { |
|
226 INFO_PRINTF2(_L("Failed! Either client finished message generation failed (Error %d), or finished message malformed!"), |
|
227 err); |
|
228 SetTestStepResult(EFail); |
|
229 } |
|
230 else |
|
231 { |
|
232 INFO_PRINTF1(_L("Test passed.")); |
|
233 SetTestStepResult(EPass); |
|
234 } |
|
235 delete theirFinished; |
|
236 CleanupStack::PopAndDestroy(5, master); // handshake, handshakeSha, handshakeMd, ourFinished |
|
237 |
|
238 return TestStepResult(); |
|
239 } |