diff -r 000000000000 -r af10295192d8 networksecurity/tlsprovider/Test/tlstest2/encryptstep.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/networksecurity/tlsprovider/Test/tlstest2/encryptstep.cpp Tue Jan 26 15:23:49 2010 +0200 @@ -0,0 +1,306 @@ +// Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// + +/** + @file encryptstep.cpp + @internalTechnology +*/ +#include "encryptstep.h" + +#include +#include +#include +#include +#include + +CEncryptStep::CEncryptStep() + { + SetTestStepName(KEncryptStep); + } + +TVerdict CEncryptStep::doTestStepPreambleL() + { + ConstructL(); + + CTlsCryptoAttributes* atts = Provider()->Attributes(); + + // Reads PSK values if included in INI file. + ReadPskToBeUsedL(); + + // Reads if NULL ciphers suites are to be allowed from INI file. + ReadUseNullCipher(); + + // read the "server" random + HBufC8* random = ServerRandomL(); + atts->iMasterSecretInput.iServerRandom.Copy(*random); + delete random; + + // and the client random + random = ClientRandomL(); + atts->iMasterSecretInput.iClientRandom.Copy(*random); + delete random; + + // we only support null compression... + atts->iCompressionMethod = ENullCompression; + + // read the cipher suite for the test + atts->iCurrentCipherSuite = CipherSuiteL(); + + // read the protocol version + TTLSProtocolVersion version = ProtocolVersionL(); + atts->iNegotiatedProtocol = version; + atts->iProposedProtocol = version; + + // set the session ID and "server" name (localhost) + atts->iSessionNameAndID.iSessionId = SessionId(); + atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; + atts->iSessionNameAndID.iServerName.iPort = 443; + atts->idomainName.Copy(DomainNameL()); + + // If cipher suite under test is uses PSK (Pre Shared Key) + if(UsePsk()) + { + // Populates values for PSK + atts->iPskConfigured = true; + atts->iPublicKeyParams->iKeyType = EPsk; + atts->iPublicKeyParams->iValue4 = PskIdentity(); + atts->iPublicKeyParams->iValue5 = PskKey(); + } + else + { + // If cipher suite under test is NOT PSK + TRAPD(err, ReadDHParamsL()); + if (err == KErrNone) + { + atts->iPublicKeyParams->iKeyType = EDHE; + + // The params are: + // 1 - Prime + // 2 - Generator + // 3 - generator ^ random mod prime + + atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue1); + + atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue2); + + atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue3); + + } + } + + // No client authentication or dialogs for this test, please + atts->iClientAuthenticate = EFalse; + atts->iDialogNonAttendedMode = ETrue; + + if(UseNullCipher()) + { + // Enables null cipher by setting appropiate parameter + atts->iAllowNullCipherSuites = ETrue; + } + + return EPass; + } + +TVerdict CEncryptStep::doTestStepL() + { + TInt result = CEncryptStep::doTestStepImplL(); + + Logger().WriteFormat(_L("Test Result Was: %d."), result); + + TInt expectedResult(KErrNone); + GetIntFromConfig(ConfigSection(), KExpectedResult, expectedResult); + if (expectedResult != KErrNone) + { + Logger().WriteFormat(_L("Expected Validation Result Was: %d."), expectedResult); + + if (result == expectedResult) + { + Logger().Write(_L("Test step passed.")); + SetTestStepResult(EPass); + } + else + { + Logger().Write(_L("Test step failed.")); + SetTestStepResult(EFail); + } + } + else + { + SetTestStepResult((result!=KErrNone) ? EFail : EPass); + } + + return TestStepResult(); + } + +TInt CEncryptStep::doTestStepImplL() + { + INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites.")); + + // first we have to retrieve the available cipher suites + TInt err = GetCipherSuitesL(); + + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), err); + return err; + } + + // verifies certificate if is not a PSK cipher suite + if( !UsePsk() ) + { + // we have to verify the server certificate, to supply the certificate + // and its parameters to the TLS provider. + + INFO_PRINTF1(_L("Calling TLS Provider to verify server certificate.")); + + CX509Certificate* cert = NULL; + + err = VerifyServerCertificateL(cert); + delete cert; + + // make sure it completed sucessfully. + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Server Certificate did not verify correctly! (Error %d)"), + err); + SetTestStepResult(EFail); + return TestStepResult(); + } + + } + + INFO_PRINTF1(_L("Creating TLS Session.")); + + // now, create a session with the parameters set in the preamble + err = CreateSessionL(); + + // ensure we succeeded + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err); + return err; + } + + INFO_PRINTF1(_L("Calling TLS session key exchange.")); + + HBufC8* keyExMessage = NULL; + err = ClientKeyExchange(keyExMessage); + + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err); + delete keyExMessage; + return err; + } + + INFO_PRINTF1(_L("Deriving premaster secret.")); + + // derive the premaster secret from the key exchange method + CleanupStack::PushL(keyExMessage); + HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage); + CleanupStack::PopAndDestroy(keyExMessage); + + INFO_PRINTF1(_L("Deriving master secret.")); + + // compute the master secret from the premaster. + CleanupStack::PushL(premaster); + HBufC8* master = ComputeMasterSecretL(*premaster); + CleanupStack::PopAndDestroy(premaster); + delete master; + + // Do the main meat of the test + VerifyEncryptionL(); + + return err; + } + + +void CEncryptStep::VerifyEncryptionL() + { + // Read in the parameters we'll use to configure this step... + // Record Size - The size of the record to encrypt + TInt recordSize(0); + if (!GetIntFromConfig(ConfigSection(), KRecordSize, recordSize)) + { + INFO_PRINTF1(_L("Failed! Could not read test record size from config!")); + SetTestStepResult(EFail); + return; + } + + // Record type - The type to record in the MAC + TInt recordTypeInt(0); + if (!GetIntFromConfig(ConfigSection(), KRecordType, recordTypeInt)) + { + INFO_PRINTF1(_L("Failed! Could not read test record type from config!")); + SetTestStepResult(EFail); + return; + } + TRecordProtocol recordType = (TRecordProtocol)recordTypeInt; // cast it to the enum. + + + // Sequence number - The (fake) sequence number this packet is supposed to have arrived in + TInt sequenceNumber(0); + if (!GetIntFromConfig(ConfigSection(), KSequenceNumber, sequenceNumber)) + { + INFO_PRINTF1(_L("Failed! Could not read test record sequence number from config!")); + SetTestStepResult(EFail); + return; + } + + // construct a block of (random) data of the appropriate size + HBufC8* record = HBufC8::NewLC(recordSize); + TPtr8 ptr = record->Des(); + ptr.SetLength(recordSize); + TRandom::RandomL(ptr); + + // Now, ask TLS provider to encrypt the block and put it through our own, and + // ensure they agree. + + INFO_PRINTF1(_L("Calling TLS Session to encrypt test record.")); + + TInt64 seq = sequenceNumber; + HBufC8* tlsProvRecord = NULL; + TInt err = Session()->EncryptL(*record, tlsProvRecord, seq, recordType); + if (err != KErrNone) + { + SetTestStepResult(EFail); + return; + } + + CleanupStack::PushL(tlsProvRecord); + + INFO_PRINTF1(_L("Creating our own version of the test record.")); + + + HBufC8* ourRecord = EncryptRecordL(*record, seq, recordType, EFalse); + + if (*ourRecord == *tlsProvRecord) + { + INFO_PRINTF1(_L("Test passed.")); + SetTestStepResult(EPass); + } + else + { + INFO_PRINTF1(_L("Failed! Encrypted record is corrupt!")); + SetTestStepResult(EFail); + } + + + delete ourRecord; + CleanupStack::PopAndDestroy(2, record); // tlsProvRecord + }