--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/tlsprovider/Test/tlstest2/encryptstep.cpp Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,306 @@
+// Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+//
+
+/**
+ @file encryptstep.cpp
+ @internalTechnology
+*/
+#include "encryptstep.h"
+
+#include <tlsprovinterface.h>
+#include <x509cert.h>
+#include <asymmetric.h>
+#include <asymmetrickeys.h>
+#include <asnpkcs.h>
+
+CEncryptStep::CEncryptStep()
+ {
+ SetTestStepName(KEncryptStep);
+ }
+
+TVerdict CEncryptStep::doTestStepPreambleL()
+ {
+ ConstructL();
+
+ CTlsCryptoAttributes* atts = Provider()->Attributes();
+
+ // Reads PSK values if included in INI file.
+ ReadPskToBeUsedL();
+
+ // Reads if NULL ciphers suites are to be allowed from INI file.
+ ReadUseNullCipher();
+
+ // read the "server" random
+ HBufC8* random = ServerRandomL();
+ atts->iMasterSecretInput.iServerRandom.Copy(*random);
+ delete random;
+
+ // and the client random
+ random = ClientRandomL();
+ atts->iMasterSecretInput.iClientRandom.Copy(*random);
+ delete random;
+
+ // we only support null compression...
+ atts->iCompressionMethod = ENullCompression;
+
+ // read the cipher suite for the test
+ atts->iCurrentCipherSuite = CipherSuiteL();
+
+ // read the protocol version
+ TTLSProtocolVersion version = ProtocolVersionL();
+ atts->iNegotiatedProtocol = version;
+ atts->iProposedProtocol = version;
+
+ // set the session ID and "server" name (localhost)
+ atts->iSessionNameAndID.iSessionId = SessionId();
+ atts->iSessionNameAndID.iServerName.iAddress = KLocalHost;
+ atts->iSessionNameAndID.iServerName.iPort = 443;
+ atts->idomainName.Copy(DomainNameL());
+
+ // If cipher suite under test is uses PSK (Pre Shared Key)
+ if(UsePsk())
+ {
+ // Populates values for PSK
+ atts->iPskConfigured = true;
+ atts->iPublicKeyParams->iKeyType = EPsk;
+ atts->iPublicKeyParams->iValue4 = PskIdentity();
+ atts->iPublicKeyParams->iValue5 = PskKey();
+ }
+ else
+ {
+ // If cipher suite under test is NOT PSK
+ TRAPD(err, ReadDHParamsL());
+ if (err == KErrNone)
+ {
+ atts->iPublicKeyParams->iKeyType = EDHE;
+
+ // The params are:
+ // 1 - Prime
+ // 2 - Generator
+ // 3 - generator ^ random mod prime
+
+ atts->iPublicKeyParams->iValue1 = Prime().BufferLC();
+ CleanupStack::Pop(atts->iPublicKeyParams->iValue1);
+
+ atts->iPublicKeyParams->iValue2 = Generator().BufferLC();
+ CleanupStack::Pop(atts->iPublicKeyParams->iValue2);
+
+ atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC();
+ CleanupStack::Pop(atts->iPublicKeyParams->iValue3);
+
+ }
+ }
+
+ // No client authentication or dialogs for this test, please
+ atts->iClientAuthenticate = EFalse;
+ atts->iDialogNonAttendedMode = ETrue;
+
+ if(UseNullCipher())
+ {
+ // Enables null cipher by setting appropiate parameter
+ atts->iAllowNullCipherSuites = ETrue;
+ }
+
+ return EPass;
+ }
+
+TVerdict CEncryptStep::doTestStepL()
+ {
+ TInt result = CEncryptStep::doTestStepImplL();
+
+ Logger().WriteFormat(_L("Test Result Was: %d."), result);
+
+ TInt expectedResult(KErrNone);
+ GetIntFromConfig(ConfigSection(), KExpectedResult, expectedResult);
+ if (expectedResult != KErrNone)
+ {
+ Logger().WriteFormat(_L("Expected Validation Result Was: %d."), expectedResult);
+
+ if (result == expectedResult)
+ {
+ Logger().Write(_L("Test step passed."));
+ SetTestStepResult(EPass);
+ }
+ else
+ {
+ Logger().Write(_L("Test step failed."));
+ SetTestStepResult(EFail);
+ }
+ }
+ else
+ {
+ SetTestStepResult((result!=KErrNone) ? EFail : EPass);
+ }
+
+ return TestStepResult();
+ }
+
+TInt CEncryptStep::doTestStepImplL()
+ {
+ INFO_PRINTF1(_L("Calling TLS Provider to fetch cipher suites."));
+
+ // first we have to retrieve the available cipher suites
+ TInt err = GetCipherSuitesL();
+
+ if (err != KErrNone)
+ {
+ INFO_PRINTF2(_L("Failed! Cannot retrieve supported cipher suites! (Error %d)"), err);
+ return err;
+ }
+
+ // verifies certificate if is not a PSK cipher suite
+ if( !UsePsk() )
+ {
+ // we have to verify the server certificate, to supply the certificate
+ // and its parameters to the TLS provider.
+
+ INFO_PRINTF1(_L("Calling TLS Provider to verify server certificate."));
+
+ CX509Certificate* cert = NULL;
+
+ err = VerifyServerCertificateL(cert);
+ delete cert;
+
+ // make sure it completed sucessfully.
+ if (err != KErrNone)
+ {
+ INFO_PRINTF2(_L("Failed! Server Certificate did not verify correctly! (Error %d)"),
+ err);
+ SetTestStepResult(EFail);
+ return TestStepResult();
+ }
+
+ }
+
+ INFO_PRINTF1(_L("Creating TLS Session."));
+
+ // now, create a session with the parameters set in the preamble
+ err = CreateSessionL();
+
+ // ensure we succeeded
+ if (err != KErrNone)
+ {
+ INFO_PRINTF2(_L("Failed! Create Session failed! (Error %d)"), err);
+ return err;
+ }
+
+ INFO_PRINTF1(_L("Calling TLS session key exchange."));
+
+ HBufC8* keyExMessage = NULL;
+ err = ClientKeyExchange(keyExMessage);
+
+ if (err != KErrNone)
+ {
+ INFO_PRINTF2(_L("Failed! Key exchange failed! (Error %d)"), err);
+ delete keyExMessage;
+ return err;
+ }
+
+ INFO_PRINTF1(_L("Deriving premaster secret."));
+
+ // derive the premaster secret from the key exchange method
+ CleanupStack::PushL(keyExMessage);
+ HBufC8* premaster = DerivePreMasterSecretL(*keyExMessage);
+ CleanupStack::PopAndDestroy(keyExMessage);
+
+ INFO_PRINTF1(_L("Deriving master secret."));
+
+ // compute the master secret from the premaster.
+ CleanupStack::PushL(premaster);
+ HBufC8* master = ComputeMasterSecretL(*premaster);
+ CleanupStack::PopAndDestroy(premaster);
+ delete master;
+
+ // Do the main meat of the test
+ VerifyEncryptionL();
+
+ return err;
+ }
+
+
+void CEncryptStep::VerifyEncryptionL()
+ {
+ // Read in the parameters we'll use to configure this step...
+ // Record Size - The size of the record to encrypt
+ TInt recordSize(0);
+ if (!GetIntFromConfig(ConfigSection(), KRecordSize, recordSize))
+ {
+ INFO_PRINTF1(_L("Failed! Could not read test record size from config!"));
+ SetTestStepResult(EFail);
+ return;
+ }
+
+ // Record type - The type to record in the MAC
+ TInt recordTypeInt(0);
+ if (!GetIntFromConfig(ConfigSection(), KRecordType, recordTypeInt))
+ {
+ INFO_PRINTF1(_L("Failed! Could not read test record type from config!"));
+ SetTestStepResult(EFail);
+ return;
+ }
+ TRecordProtocol recordType = (TRecordProtocol)recordTypeInt; // cast it to the enum.
+
+
+ // Sequence number - The (fake) sequence number this packet is supposed to have arrived in
+ TInt sequenceNumber(0);
+ if (!GetIntFromConfig(ConfigSection(), KSequenceNumber, sequenceNumber))
+ {
+ INFO_PRINTF1(_L("Failed! Could not read test record sequence number from config!"));
+ SetTestStepResult(EFail);
+ return;
+ }
+
+ // construct a block of (random) data of the appropriate size
+ HBufC8* record = HBufC8::NewLC(recordSize);
+ TPtr8 ptr = record->Des();
+ ptr.SetLength(recordSize);
+ TRandom::RandomL(ptr);
+
+ // Now, ask TLS provider to encrypt the block and put it through our own, and
+ // ensure they agree.
+
+ INFO_PRINTF1(_L("Calling TLS Session to encrypt test record."));
+
+ TInt64 seq = sequenceNumber;
+ HBufC8* tlsProvRecord = NULL;
+ TInt err = Session()->EncryptL(*record, tlsProvRecord, seq, recordType);
+ if (err != KErrNone)
+ {
+ SetTestStepResult(EFail);
+ return;
+ }
+
+ CleanupStack::PushL(tlsProvRecord);
+
+ INFO_PRINTF1(_L("Creating our own version of the test record."));
+
+
+ HBufC8* ourRecord = EncryptRecordL(*record, seq, recordType, EFalse);
+
+ if (*ourRecord == *tlsProvRecord)
+ {
+ INFO_PRINTF1(_L("Test passed."));
+ SetTestStepResult(EPass);
+ }
+ else
+ {
+ INFO_PRINTF1(_L("Failed! Encrypted record is corrupt!"));
+ SetTestStepResult(EFail);
+ }
+
+
+ delete ourRecord;
+ CleanupStack::PopAndDestroy(2, record); // tlsProvRecord
+ }