|
1 // Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 /** |
|
17 @file encryptstep.cpp |
|
18 @internalTechnology |
|
19 */ |
|
20 #include "encryptstep.h" |
|
21 |
|
22 #include <tlsprovinterface.h> |
|
23 #include <x509cert.h> |
|
24 #include <asymmetric.h> |
|
25 #include <asymmetrickeys.h> |
|
26 #include <asnpkcs.h> |
|
27 |
|
28 CEncryptStep::CEncryptStep() |
|
29 { |
|
30 SetTestStepName(KEncryptStep); |
|
31 } |
|
32 |
|
33 TVerdict CEncryptStep::doTestStepPreambleL() |
|
34 { |
|
35 ConstructL(); |
|
36 |
|
37 CTlsCryptoAttributes* atts = Provider()->Attributes(); |
|
38 |
|
39 // Reads PSK values if included in INI file. |
|
40 ReadPskToBeUsedL(); |
|
41 |
|
42 // Reads if NULL ciphers suites are to be allowed from INI file. |
|
43 ReadUseNullCipher(); |
|
44 |
|
45 // read the "server" random |
|
46 HBufC8* random = ServerRandomL(); |
|
47 atts->iMasterSecretInput.iServerRandom.Copy(*random); |
|
48 delete random; |
|
49 |
|
50 // and the client random |
|
51 random = ClientRandomL(); |
|
52 atts->iMasterSecretInput.iClientRandom.Copy(*random); |
|
53 delete random; |
|
54 |
|
55 // we only support null compression... |
|
56 atts->iCompressionMethod = ENullCompression; |
|
57 |
|
58 // read the cipher suite for the test |
|
59 atts->iCurrentCipherSuite = CipherSuiteL(); |
|
60 |
|
61 // read the protocol version |
|
62 TTLSProtocolVersion version = ProtocolVersionL(); |
|
63 atts->iNegotiatedProtocol = version; |
|
64 atts->iProposedProtocol = version; |
|
65 |
|
66 // set the session ID and "server" name (localhost) |
|
67 atts->iSessionNameAndID.iSessionId = SessionId(); |
|
68 atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; |
|
69 atts->iSessionNameAndID.iServerName.iPort = 443; |
|
70 atts->idomainName.Copy(DomainNameL()); |
|
71 |
|
72 // If cipher suite under test is uses PSK (Pre Shared Key) |
|
73 if(UsePsk()) |
|
74 { |
|
75 // Populates values for PSK |
|
76 atts->iPskConfigured = true; |
|
77 atts->iPublicKeyParams->iKeyType = EPsk; |
|
78 atts->iPublicKeyParams->iValue4 = PskIdentity(); |
|
79 atts->iPublicKeyParams->iValue5 = PskKey(); |
|
80 } |
|
81 else |
|
82 { |
|
83 // If cipher suite under test is NOT PSK |
|
84 TRAPD(err, ReadDHParamsL()); |
|
85 if (err == KErrNone) |
|
86 { |
|
87 atts->iPublicKeyParams->iKeyType = EDHE; |
|
88 |
|
89 // The params are: |
|
90 // 1 - Prime |
|
91 // 2 - Generator |
|
92 // 3 - generator ^ random mod prime |
|
93 |
|
94 atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); |
|
95 CleanupStack::Pop(atts->iPublicKeyParams->iValue1); |
|
96 |
|
97 atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); |
|
98 CleanupStack::Pop(atts->iPublicKeyParams->iValue2); |
|
99 |
|
100 atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); |
|
101 CleanupStack::Pop(atts->iPublicKeyParams->iValue3); |
|
102 |
|
103 } |
|
104 } |
|
105 |
|
106 // No client authentication or dialogs for this test, please |
|
107 atts->iClientAuthenticate = EFalse; |
|
108 atts->iDialogNonAttendedMode = ETrue; |
|
109 |
|
110 if(UseNullCipher()) |
|
111 { |
|
112 // Enables null cipher by setting appropiate parameter |
|
113 atts->iAllowNullCipherSuites = ETrue; |
|
114 } |
|
115 |
|
116 return EPass; |
|
117 } |
|
118 |
|
119 TVerdict CEncryptStep::doTestStepL() |
|
120 { |
|
121 TInt result = CEncryptStep::doTestStepImplL(); |
|
122 |
|
123 Logger().WriteFormat(_L("Test Result Was: %d."), result); |
|
124 |
|
125 TInt expectedResult(KErrNone); |
|
126 GetIntFromConfig(ConfigSection(), KExpectedResult, expectedResult); |
|
127 if (expectedResult != KErrNone) |
|
128 { |
|
129 Logger().WriteFormat(_L("Expected Validation Result Was: %d."), expectedResult); |
|
130 |
|
131 if (result == expectedResult) |
|
132 { |
|
133 Logger().Write(_L("Test step passed.")); |
|
134 SetTestStepResult(EPass); |
|
135 } |
|
136 else |
|
137 { |
|
138 Logger().Write(_L("Test step failed.")); |
|
139 SetTestStepResult(EFail); |
|
140 } |
|
141 } |
|
142 else |
|
143 { |
|
144 SetTestStepResult((result!=KErrNone) ? EFail : EPass); |
|
145 } |
|
146 |
|
147 return TestStepResult(); |
|
148 } |
|
149 |
|
150 TInt CEncryptStep::doTestStepImplL() |
|
151 { |
|
152 INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites.")); |
|
153 |
|
154 // first we have to retrieve the available cipher suites |
|
155 TInt err = GetCipherSuitesL(); |
|
156 |
|
157 if (err != KErrNone) |
|
158 { |
|
159 INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), err); |
|
160 return err; |
|
161 } |
|
162 |
|
163 // verifies certificate if is not a PSK cipher suite |
|
164 if( !UsePsk() ) |
|
165 { |
|
166 // we have to verify the server certificate, to supply the certificate |
|
167 // and its parameters to the TLS provider. |
|
168 |
|
169 INFO_PRINTF1(_L("Calling TLS Provider to verify server certificate.")); |
|
170 |
|
171 CX509Certificate* cert = NULL; |
|
172 |
|
173 err = VerifyServerCertificateL(cert); |
|
174 delete cert; |
|
175 |
|
176 // make sure it completed sucessfully. |
|
177 if (err != KErrNone) |
|
178 { |
|
179 INFO_PRINTF2(_L("Failed! Server Certificate did not verify correctly! (Error %d)"), |
|
180 err); |
|
181 SetTestStepResult(EFail); |
|
182 return TestStepResult(); |
|
183 } |
|
184 |
|
185 } |
|
186 |
|
187 INFO_PRINTF1(_L("Creating TLS Session.")); |
|
188 |
|
189 // now, create a session with the parameters set in the preamble |
|
190 err = CreateSessionL(); |
|
191 |
|
192 // ensure we succeeded |
|
193 if (err != KErrNone) |
|
194 { |
|
195 INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err); |
|
196 return err; |
|
197 } |
|
198 |
|
199 INFO_PRINTF1(_L("Calling TLS session key exchange.")); |
|
200 |
|
201 HBufC8* keyExMessage = NULL; |
|
202 err = ClientKeyExchange(keyExMessage); |
|
203 |
|
204 if (err != KErrNone) |
|
205 { |
|
206 INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err); |
|
207 delete keyExMessage; |
|
208 return err; |
|
209 } |
|
210 |
|
211 INFO_PRINTF1(_L("Deriving premaster secret.")); |
|
212 |
|
213 // derive the premaster secret from the key exchange method |
|
214 CleanupStack::PushL(keyExMessage); |
|
215 HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage); |
|
216 CleanupStack::PopAndDestroy(keyExMessage); |
|
217 |
|
218 INFO_PRINTF1(_L("Deriving master secret.")); |
|
219 |
|
220 // compute the master secret from the premaster. |
|
221 CleanupStack::PushL(premaster); |
|
222 HBufC8* master = ComputeMasterSecretL(*premaster); |
|
223 CleanupStack::PopAndDestroy(premaster); |
|
224 delete master; |
|
225 |
|
226 // Do the main meat of the test |
|
227 VerifyEncryptionL(); |
|
228 |
|
229 return err; |
|
230 } |
|
231 |
|
232 |
|
233 void CEncryptStep::VerifyEncryptionL() |
|
234 { |
|
235 // Read in the parameters we'll use to configure this step... |
|
236 // Record Size - The size of the record to encrypt |
|
237 TInt recordSize(0); |
|
238 if (!GetIntFromConfig(ConfigSection(), KRecordSize, recordSize)) |
|
239 { |
|
240 INFO_PRINTF1(_L("Failed! Could not read test record size from config!")); |
|
241 SetTestStepResult(EFail); |
|
242 return; |
|
243 } |
|
244 |
|
245 // Record type - The type to record in the MAC |
|
246 TInt recordTypeInt(0); |
|
247 if (!GetIntFromConfig(ConfigSection(), KRecordType, recordTypeInt)) |
|
248 { |
|
249 INFO_PRINTF1(_L("Failed! Could not read test record type from config!")); |
|
250 SetTestStepResult(EFail); |
|
251 return; |
|
252 } |
|
253 TRecordProtocol recordType = (TRecordProtocol)recordTypeInt; // cast it to the enum. |
|
254 |
|
255 |
|
256 // Sequence number - The (fake) sequence number this packet is supposed to have arrived in |
|
257 TInt sequenceNumber(0); |
|
258 if (!GetIntFromConfig(ConfigSection(), KSequenceNumber, sequenceNumber)) |
|
259 { |
|
260 INFO_PRINTF1(_L("Failed! Could not read test record sequence number from config!")); |
|
261 SetTestStepResult(EFail); |
|
262 return; |
|
263 } |
|
264 |
|
265 // construct a block of (random) data of the appropriate size |
|
266 HBufC8* record = HBufC8::NewLC(recordSize); |
|
267 TPtr8 ptr = record->Des(); |
|
268 ptr.SetLength(recordSize); |
|
269 TRandom::RandomL(ptr); |
|
270 |
|
271 // Now, ask TLS provider to encrypt the block and put it through our own, and |
|
272 // ensure they agree. |
|
273 |
|
274 INFO_PRINTF1(_L("Calling TLS Session to encrypt test record.")); |
|
275 |
|
276 TInt64 seq = sequenceNumber; |
|
277 HBufC8* tlsProvRecord = NULL; |
|
278 TInt err = Session()->EncryptL(*record, tlsProvRecord, seq, recordType); |
|
279 if (err != KErrNone) |
|
280 { |
|
281 SetTestStepResult(EFail); |
|
282 return; |
|
283 } |
|
284 |
|
285 CleanupStack::PushL(tlsProvRecord); |
|
286 |
|
287 INFO_PRINTF1(_L("Creating our own version of the test record.")); |
|
288 |
|
289 |
|
290 HBufC8* ourRecord = EncryptRecordL(*record, seq, recordType, EFalse); |
|
291 |
|
292 if (*ourRecord == *tlsProvRecord) |
|
293 { |
|
294 INFO_PRINTF1(_L("Test passed.")); |
|
295 SetTestStepResult(EPass); |
|
296 } |
|
297 else |
|
298 { |
|
299 INFO_PRINTF1(_L("Failed! Encrypted record is corrupt!")); |
|
300 SetTestStepResult(EFail); |
|
301 } |
|
302 |
|
303 |
|
304 delete ourRecord; |
|
305 CleanupStack::PopAndDestroy(2, record); // tlsProvRecord |
|
306 } |