|
1 // Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 /** |
|
17 @file verifyGetSessionStep.cpp |
|
18 @internalTechnology |
|
19 */ |
|
20 #include "verifyGetSessionstep.h" |
|
21 |
|
22 #include <tlsprovinterface.h> |
|
23 |
|
24 CVerifyGetSessionStep::CVerifyGetSessionStep() |
|
25 { |
|
26 SetTestStepName(KGetSessionStep); |
|
27 } |
|
28 |
|
29 TVerdict CVerifyGetSessionStep::doTestStepPreambleL() |
|
30 { |
|
31 ConstructL(); |
|
32 |
|
33 CTlsCryptoAttributes* atts = Provider()->Attributes(); |
|
34 |
|
35 // read the "server" random |
|
36 HBufC8* random = ServerRandomL(); |
|
37 atts->iMasterSecretInput.iServerRandom.Copy(*random); |
|
38 delete random; |
|
39 |
|
40 // and the client random |
|
41 random = ClientRandomL(); |
|
42 atts->iMasterSecretInput.iClientRandom.Copy(*random); |
|
43 delete random; |
|
44 |
|
45 // we only support null compression... |
|
46 atts->iCompressionMethod = ENullCompression; |
|
47 |
|
48 // read the cipher suite for the test |
|
49 atts->iCurrentCipherSuite = CipherSuiteL(); |
|
50 |
|
51 // read the protocol version |
|
52 TTLSProtocolVersion version = ProtocolVersionL(); |
|
53 atts->iNegotiatedProtocol = version; |
|
54 atts->iProposedProtocol = version; |
|
55 |
|
56 // set the session ID and "server" name (localhost) |
|
57 atts->iSessionNameAndID.iSessionId = SessionId(); |
|
58 atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; |
|
59 atts->iSessionNameAndID.iServerName.iPort = 443; |
|
60 atts->idomainName.Copy(DomainNameL()); |
|
61 |
|
62 // try and read DH params, this section may not exist |
|
63 TRAPD(err, ReadDHParamsL()); |
|
64 if (err == KErrNone) |
|
65 { |
|
66 atts->iPublicKeyParams->iKeyType = EDHE; |
|
67 |
|
68 // The params are: |
|
69 // 1 - Prime |
|
70 // 2 - Generator |
|
71 // 3 - generator ^ random mod prime |
|
72 |
|
73 atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); |
|
74 CleanupStack::Pop(atts->iPublicKeyParams->iValue1); |
|
75 |
|
76 atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); |
|
77 CleanupStack::Pop(atts->iPublicKeyParams->iValue2); |
|
78 |
|
79 atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); |
|
80 CleanupStack::Pop(atts->iPublicKeyParams->iValue3); |
|
81 } |
|
82 |
|
83 // No client authentication or dialogs for this test, please |
|
84 atts->iClientAuthenticate = EFalse; |
|
85 atts->iDialogNonAttendedMode = ETrue; |
|
86 |
|
87 return EPass; |
|
88 } |
|
89 |
|
90 TVerdict CVerifyGetSessionStep::doTestStepL() |
|
91 { |
|
92 INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites.")); |
|
93 |
|
94 // first we have to retrieve the available cipher suites |
|
95 TInt err = GetCipherSuitesL(); |
|
96 |
|
97 if (err != KErrNone) |
|
98 { |
|
99 INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), |
|
100 err); |
|
101 SetTestStepResult(EFail); |
|
102 return TestStepResult(); |
|
103 } |
|
104 |
|
105 // we have to verify the server certificate, to supply the certificate |
|
106 // and its parameters to the TLS provider. |
|
107 |
|
108 INFO_PRINTF1(_L("Calling TLS Provider Verify Certificate.")); |
|
109 |
|
110 CX509Certificate* cert = NULL; |
|
111 err = VerifyServerCertificateL(cert); |
|
112 delete cert; // don't really need the cert |
|
113 |
|
114 TInt expectedResult; |
|
115 |
|
116 if (!GetIntFromConfig(ConfigSection(), KExpectedValue, expectedResult)) |
|
117 { |
|
118 // failed to get expected result from config file... using KErrNone. |
|
119 expectedResult = KErrNone; |
|
120 } |
|
121 |
|
122 if (err != expectedResult) |
|
123 { |
|
124 INFO_PRINTF3(_L("Failed! TLS Provider returned error code %d, expecting %d."), |
|
125 err, expectedResult); |
|
126 SetTestStepResult(EFail); |
|
127 } |
|
128 else |
|
129 { |
|
130 INFO_PRINTF1(_L("Test passed.")); |
|
131 SetTestStepResult(EPass); |
|
132 } |
|
133 |
|
134 err = CreateSessionL(); |
|
135 |
|
136 // ensure we succeeded |
|
137 if (err != KErrNone) |
|
138 { |
|
139 INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err); |
|
140 SetTestStepResult(EFail); |
|
141 } |
|
142 |
|
143 INFO_PRINTF1(_L("Calling TLS session key exchange.")); |
|
144 |
|
145 HBufC8* keyExMessage = NULL; |
|
146 err = ClientKeyExchange(keyExMessage); |
|
147 |
|
148 if (err != KErrNone) |
|
149 { |
|
150 INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err); |
|
151 SetTestStepResult(EFail); |
|
152 } |
|
153 //Check for GetSessionL before caching |
|
154 |
|
155 CTlsCryptoAttributes* tlsCryptoAttributes = Provider()->Attributes(); |
|
156 TPtrC server2; |
|
157 _LIT(KServer2,"server2"); |
|
158 GetStringFromConfig(KServerSection,KServer2,server2); |
|
159 tlsCryptoAttributes->iSessionNameAndID.iServerName.iAddress.Copy( server2 ); |
|
160 |
|
161 TInt sessionIdLength(0) ; |
|
162 CleanupStack::PushL(keyExMessage); |
|
163 err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); |
|
164 |
|
165 if (err != KErrNone) |
|
166 { |
|
167 INFO_PRINTF2(_L("Failed! GetSession failed! Before Caching (Error %d)"), err); |
|
168 SetTestStepResult(EFail); |
|
169 } |
|
170 |
|
171 // Call ServerFinishedStep |
|
172 INFO_PRINTF1(_L("Deriving premaster secret.")); |
|
173 |
|
174 // derive the premaster secret from the key exchange method |
|
175 HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage); |
|
176 CleanupStack::PopAndDestroy(keyExMessage); |
|
177 |
|
178 INFO_PRINTF1(_L("Deriving master secret.")); |
|
179 |
|
180 // compute the master secret from the premaster. |
|
181 CleanupStack::PushL(premaster); |
|
182 HBufC8* master = ComputeMasterSecretL(*premaster); |
|
183 CleanupStack::PopAndDestroy(premaster); |
|
184 CleanupStack::PushL(master); |
|
185 |
|
186 // do the caching |
|
187 ValidateServerFinishL(*master); |
|
188 |
|
189 CleanupStack::PopAndDestroy(master); |
|
190 |
|
191 //TO check for GetSessionL |
|
192 |
|
193 err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); |
|
194 if (err != KErrNone) |
|
195 { |
|
196 INFO_PRINTF2(_L("Failed! GetSession failed! After Caching (Error %d)"), err); |
|
197 SetTestStepResult(EFail); |
|
198 } |
|
199 |
|
200 //Verify GetSessionL for Non-cached Session ( The sessionIdLength has to be of 0 length) |
|
201 TPtrC server3; |
|
202 _LIT(KServer3,"server3"); |
|
203 GetStringFromConfig(KServerSection,KServer3,server3); |
|
204 |
|
205 CTlsCryptoAttributes* tlsCryptAttribs = Provider()->Attributes(); |
|
206 tlsCryptAttribs->iSessionNameAndID.iServerName.iAddress.Copy( server3 ); |
|
207 tlsCryptAttribs->iNegotiatedProtocol.iMajor = 0; |
|
208 tlsCryptAttribs->iNegotiatedProtocol.iMinor = 3; |
|
209 |
|
210 tlsCryptAttribs->iProposedProtocol.iMajor = 0; |
|
211 tlsCryptAttribs->iProposedProtocol.iMinor = 3; |
|
212 |
|
213 err = VerifyGetSessionL(tlsCryptAttribs->iSessionNameAndID.iServerName,sessionIdLength); |
|
214 if (err != KErrNone) |
|
215 { |
|
216 INFO_PRINTF2(_L("Failed! GetSession failed! For Non-cached session(Error %d)"), err); |
|
217 SetTestStepResult(EFail); |
|
218 } |
|
219 else if(sessionIdLength != 0) |
|
220 { |
|
221 INFO_PRINTF2(_L("Failed! CTLSProvider::GetSession - wrong error code returned for non-cached session %d"), err); |
|
222 SetTestStepResult(EFail); |
|
223 |
|
224 } |
|
225 |
|
226 // |
|
227 TTLSSessionNameAndID sessionNameAndId; |
|
228 |
|
229 sessionNameAndId.iServerName.iAddress.Copy( server2 ); |
|
230 sessionNameAndId.iServerName.iPort = 10; |
|
231 |
|
232 // Increases test code coverage (by using cancellation) |
|
233 err = ClearSessionCacheWithCancelL(sessionNameAndId); |
|
234 if (err != KErrCancel) |
|
235 { |
|
236 INFO_PRINTF2(_L("Failed! ClearSessionCacheL cancelled returned incorrect Error: %d"), |
|
237 err); |
|
238 SetTestStepResult(EFail); |
|
239 return TestStepResult(); |
|
240 } |
|
241 |
|
242 err = ClearSessionCacheL(sessionNameAndId); |
|
243 if (err != KErrNone) |
|
244 { |
|
245 INFO_PRINTF2(_L("Failed! Clear Session Failed! (Error %d)"), err); |
|
246 SetTestStepResult(EFail); |
|
247 } |
|
248 |
|
249 sessionIdLength = 0; |
|
250 err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); |
|
251 if (err != KErrNone) |
|
252 { |
|
253 INFO_PRINTF2(_L("Failed! GetSession failed! After Cache cleaned (Error %d)"), err); |
|
254 SetTestStepResult(EFail); |
|
255 } |
|
256 else if(sessionIdLength != 0) |
|
257 { |
|
258 INFO_PRINTF2(_L("Failed! CTLSProvider::GetSession - wrong error code returned %d"), err); |
|
259 SetTestStepResult(EFail); |
|
260 |
|
261 } |
|
262 |
|
263 CTLSSession* checkSession = Provider()->TlsSessionPtr(); |
|
264 if(checkSession == NULL) |
|
265 { |
|
266 SetTestStepResult(EFail); |
|
267 } |
|
268 |
|
269 return TestStepResult(); |
|
270 } |
|
271 |
|
272 |
|
273 void CVerifyGetSessionStep::ValidateServerFinishL(const TDesC8& aMasterSecret) |
|
274 { |
|
275 // create a block of random data to represent our handshake messages, |
|
276 // and create hash objects from it. |
|
277 |
|
278 HBufC8* handshake = HBufC8::NewLC(1024); // totally arbitary length... |
|
279 TPtr8 handshakeBuf = handshake->Des(); |
|
280 handshakeBuf.SetLength(1024); |
|
281 TRandom::RandomL(handshakeBuf); |
|
282 |
|
283 CMessageDigest* handshakeSha = CMessageDigestFactory::NewDigestLC(CMessageDigest::ESHA1); |
|
284 CMessageDigest* handshakeMd = CMessageDigestFactory::NewDigestLC(CMessageDigest::EMD5); |
|
285 |
|
286 handshakeSha->Update(handshakeBuf); |
|
287 handshakeMd->Update(handshakeBuf); |
|
288 |
|
289 INFO_PRINTF1(_L("Computing our test finished message.")); |
|
290 |
|
291 // now, calculate our idea of what the finished message should be. |
|
292 HBufC8* ourFinished = ComputeFinishedMessageL(handshakeSha, handshakeMd, aMasterSecret, EFalse); |
|
293 CleanupStack::PushL(ourFinished); |
|
294 |
|
295 TInt expectedResult = KErrNone; |
|
296 TBool tamper = EFalse; |
|
297 if (GetBoolFromConfig(ConfigSection(), KTamperHandshakeMessage, tamper) && tamper) |
|
298 { |
|
299 INFO_PRINTF1(_L("Simulating man in the middle handshake tampering.")); |
|
300 |
|
301 // we want to simulate a third party tampering with our handshake |
|
302 expectedResult = KErrBadServerFinishedMsg; |
|
303 TRandom::RandomL(handshakeBuf); |
|
304 |
|
305 handshakeSha->Reset(); |
|
306 handshakeMd->Reset();; |
|
307 handshakeSha->Update(handshakeBuf); |
|
308 handshakeMd->Update(handshakeBuf); |
|
309 } |
|
310 |
|
311 INFO_PRINTF1(_L("Calling TLS Session to verify server finished message.")); |
|
312 |
|
313 // ask TLS provider to verify our finished message |
|
314 TInt err = VerifyServerFinishedL(handshakeSha, handshakeMd, *ourFinished); |
|
315 if (err != expectedResult) |
|
316 { |
|
317 INFO_PRINTF3(_L("Failed! Expecting code %d, actual code %d."), expectedResult, err); |
|
318 SetTestStepResult(EFail); |
|
319 } |
|
320 else |
|
321 { |
|
322 INFO_PRINTF1(_L("Test passed.")); |
|
323 SetTestStepResult(EPass); |
|
324 } |
|
325 CleanupStack::PopAndDestroy(4, handshake); // handshakeSha, handshakeMd, ourFinished |
|
326 |
|
327 } |