diff -r 000000000000 -r af10295192d8 networksecurity/tlsprovider/Test/tlstest2/verifyGetSessionstep.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/networksecurity/tlsprovider/Test/tlstest2/verifyGetSessionstep.cpp Tue Jan 26 15:23:49 2010 +0200 @@ -0,0 +1,327 @@ +// Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// + +/** + @file verifyGetSessionStep.cpp + @internalTechnology +*/ +#include "verifyGetSessionstep.h" + +#include + +CVerifyGetSessionStep::CVerifyGetSessionStep() + { + SetTestStepName(KGetSessionStep); + } + +TVerdict CVerifyGetSessionStep::doTestStepPreambleL() + { + ConstructL(); + + CTlsCryptoAttributes* atts = Provider()->Attributes(); + + // read the "server" random + HBufC8* random = ServerRandomL(); + atts->iMasterSecretInput.iServerRandom.Copy(*random); + delete random; + + // and the client random + random = ClientRandomL(); + atts->iMasterSecretInput.iClientRandom.Copy(*random); + delete random; + + // we only support null compression... + atts->iCompressionMethod = ENullCompression; + + // read the cipher suite for the test + atts->iCurrentCipherSuite = CipherSuiteL(); + + // read the protocol version + TTLSProtocolVersion version = ProtocolVersionL(); + atts->iNegotiatedProtocol = version; + atts->iProposedProtocol = version; + + // set the session ID and "server" name (localhost) + atts->iSessionNameAndID.iSessionId = SessionId(); + atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; + atts->iSessionNameAndID.iServerName.iPort = 443; + atts->idomainName.Copy(DomainNameL()); + + // try and read DH params, this section may not exist + TRAPD(err, ReadDHParamsL()); + if (err == KErrNone) + { + atts->iPublicKeyParams->iKeyType = EDHE; + + // The params are: + // 1 - Prime + // 2 - Generator + // 3 - generator ^ random mod prime + + atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue1); + + atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue2); + + atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); + CleanupStack::Pop(atts->iPublicKeyParams->iValue3); + } + + // No client authentication or dialogs for this test, please + atts->iClientAuthenticate = EFalse; + atts->iDialogNonAttendedMode = ETrue; + + return EPass; + } + +TVerdict CVerifyGetSessionStep::doTestStepL() + { + INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites.")); + + // first we have to retrieve the available cipher suites + TInt err = GetCipherSuitesL(); + + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), + err); + SetTestStepResult(EFail); + return TestStepResult(); + } + + // we have to verify the server certificate, to supply the certificate + // and its parameters to the TLS provider. + + INFO_PRINTF1(_L("Calling TLS Provider Verify Certificate.")); + + CX509Certificate* cert = NULL; + err = VerifyServerCertificateL(cert); + delete cert; // don't really need the cert + + TInt expectedResult; + + if (!GetIntFromConfig(ConfigSection(), KExpectedValue, expectedResult)) + { + // failed to get expected result from config file... using KErrNone. + expectedResult = KErrNone; + } + + if (err != expectedResult) + { + INFO_PRINTF3(_L("Failed! TLS Provider returned error code %d, expecting %d."), + err, expectedResult); + SetTestStepResult(EFail); + } + else + { + INFO_PRINTF1(_L("Test passed.")); + SetTestStepResult(EPass); + } + + err = CreateSessionL(); + + // ensure we succeeded + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err); + SetTestStepResult(EFail); + } + + INFO_PRINTF1(_L("Calling TLS session key exchange.")); + + HBufC8* keyExMessage = NULL; + err = ClientKeyExchange(keyExMessage); + + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err); + SetTestStepResult(EFail); + } + //Check for GetSessionL before caching + + CTlsCryptoAttributes* tlsCryptoAttributes = Provider()->Attributes(); + TPtrC server2; + _LIT(KServer2,"server2"); + GetStringFromConfig(KServerSection,KServer2,server2); + tlsCryptoAttributes->iSessionNameAndID.iServerName.iAddress.Copy( server2 ); + + TInt sessionIdLength(0) ; + CleanupStack::PushL(keyExMessage); + err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); + + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! GetSession failed! Before Caching (Error %d)"), err); + SetTestStepResult(EFail); + } + + // Call ServerFinishedStep + INFO_PRINTF1(_L("Deriving premaster secret.")); + + // derive the premaster secret from the key exchange method + HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage); + CleanupStack::PopAndDestroy(keyExMessage); + + INFO_PRINTF1(_L("Deriving master secret.")); + + // compute the master secret from the premaster. + CleanupStack::PushL(premaster); + HBufC8* master = ComputeMasterSecretL(*premaster); + CleanupStack::PopAndDestroy(premaster); + CleanupStack::PushL(master); + + // do the caching + ValidateServerFinishL(*master); + + CleanupStack::PopAndDestroy(master); + + //TO check for GetSessionL + + err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! GetSession failed! After Caching (Error %d)"), err); + SetTestStepResult(EFail); + } + + //Verify GetSessionL for Non-cached Session ( The sessionIdLength has to be of 0 length) + TPtrC server3; + _LIT(KServer3,"server3"); + GetStringFromConfig(KServerSection,KServer3,server3); + + CTlsCryptoAttributes* tlsCryptAttribs = Provider()->Attributes(); + tlsCryptAttribs->iSessionNameAndID.iServerName.iAddress.Copy( server3 ); + tlsCryptAttribs->iNegotiatedProtocol.iMajor = 0; + tlsCryptAttribs->iNegotiatedProtocol.iMinor = 3; + + tlsCryptAttribs->iProposedProtocol.iMajor = 0; + tlsCryptAttribs->iProposedProtocol.iMinor = 3; + + err = VerifyGetSessionL(tlsCryptAttribs->iSessionNameAndID.iServerName,sessionIdLength); + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! GetSession failed! For Non-cached session(Error %d)"), err); + SetTestStepResult(EFail); + } + else if(sessionIdLength != 0) + { + INFO_PRINTF2(_L("Failed! CTLSProvider::GetSession - wrong error code returned for non-cached session %d"), err); + SetTestStepResult(EFail); + + } + + // + TTLSSessionNameAndID sessionNameAndId; + + sessionNameAndId.iServerName.iAddress.Copy( server2 ); + sessionNameAndId.iServerName.iPort = 10; + + // Increases test code coverage (by using cancellation) + err = ClearSessionCacheWithCancelL(sessionNameAndId); + if (err != KErrCancel) + { + INFO_PRINTF2(_L("Failed! ClearSessionCacheL cancelled returned incorrect Error: %d"), + err); + SetTestStepResult(EFail); + return TestStepResult(); + } + + err = ClearSessionCacheL(sessionNameAndId); + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! Clear Session Failed! (Error %d)"), err); + SetTestStepResult(EFail); + } + + sessionIdLength = 0; + err = VerifyGetSessionL(tlsCryptoAttributes->iSessionNameAndID.iServerName,sessionIdLength); + if (err != KErrNone) + { + INFO_PRINTF2(_L("Failed! GetSession failed! After Cache cleaned (Error %d)"), err); + SetTestStepResult(EFail); + } + else if(sessionIdLength != 0) + { + INFO_PRINTF2(_L("Failed! CTLSProvider::GetSession - wrong error code returned %d"), err); + SetTestStepResult(EFail); + + } + + CTLSSession* checkSession = Provider()->TlsSessionPtr(); + if(checkSession == NULL) + { + SetTestStepResult(EFail); + } + + return TestStepResult(); + } + + +void CVerifyGetSessionStep::ValidateServerFinishL(const TDesC8& aMasterSecret) +{ + // create a block of random data to represent our handshake messages, + // and create hash objects from it. + + HBufC8* handshake = HBufC8::NewLC(1024); // totally arbitary length... + TPtr8 handshakeBuf = handshake->Des(); + handshakeBuf.SetLength(1024); + TRandom::RandomL(handshakeBuf); + + CMessageDigest* handshakeSha = CMessageDigestFactory::NewDigestLC(CMessageDigest::ESHA1); + CMessageDigest* handshakeMd = CMessageDigestFactory::NewDigestLC(CMessageDigest::EMD5); + + handshakeSha->Update(handshakeBuf); + handshakeMd->Update(handshakeBuf); + + INFO_PRINTF1(_L("Computing our test finished message.")); + + // now, calculate our idea of what the finished message should be. + HBufC8* ourFinished = ComputeFinishedMessageL(handshakeSha, handshakeMd, aMasterSecret, EFalse); + CleanupStack::PushL(ourFinished); + + TInt expectedResult = KErrNone; + TBool tamper = EFalse; + if (GetBoolFromConfig(ConfigSection(), KTamperHandshakeMessage, tamper) && tamper) + { + INFO_PRINTF1(_L("Simulating man in the middle handshake tampering.")); + + // we want to simulate a third party tampering with our handshake + expectedResult = KErrBadServerFinishedMsg; + TRandom::RandomL(handshakeBuf); + + handshakeSha->Reset(); + handshakeMd->Reset();; + handshakeSha->Update(handshakeBuf); + handshakeMd->Update(handshakeBuf); + } + + INFO_PRINTF1(_L("Calling TLS Session to verify server finished message.")); + + // ask TLS provider to verify our finished message + TInt err = VerifyServerFinishedL(handshakeSha, handshakeMd, *ourFinished); + if (err != expectedResult) + { + INFO_PRINTF3(_L("Failed! Expecting code %d, actual code %d."), expectedResult, err); + SetTestStepResult(EFail); + } + else + { + INFO_PRINTF1(_L("Test passed.")); + SetTestStepResult(EPass); + } + CleanupStack::PopAndDestroy(4, handshake); // handshakeSha, handshakeMd, ourFinished + +}