#include <Security/SecureTransport.h>
#include <Security/Security.h>
#include <clAppUtils/sslAppUtils.h>
#include <clAppUtils/ioSock.h>
#include <clAppUtils/sslThreading.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <utilLib/common.h>
#include <security_cdsa_utils/cuPrintCert.h>
#include <security_utilities/threading.h>
#include <security_utilities/devrandom.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <sys/param.h>
#define PORT_DEF 4000
#define HOST_DEF "localhost"
#define DH_PARAMS "dhParams_512.der"
static void usage(char **argv)
{
printf("Usage: %s server_kc [options]\n", argv[0]);
printf("options:\n");
printf(" P=port (default = %d)\n", PORT_DEF);
printf(" c=client_kc (default is none)\n");
printf(" d (DSA, default is RSA)\n");
printf(" f (D-H, default is RSA)\n");
printf(" a anchor File for client side (typically, the server's cert)\n");
printf(" A anchor file for server side (typically, the client's cert)\n");
printf(" h hostname (default is %s)\n", HOST_DEF);
printf(" k (skip hostname check)\n");
printf(" b (non blocking I/O)\n");
printf(" u Require client authentication\n");
printf(" x Expect policy verify error on client side\n");
printf(" X Expect policy verify error on server side\n");
printf(" z=kc_pwd\n");
printf(" R (ringBuffer I/O)\n");
printf(" l=loops (default 1)\n");
printf(" q(uiet)\n");
printf(" v(erbose)\n");
exit(1);
}
#define IGNORE_SIGPIPE 1
#if IGNORE_SIGPIPE
#include <signal.h>
void sigpipe(int sig)
{
}
#endif
static SSLCipherSuite ciphers[] = {
SSL_RSA_WITH_RC4_128_SHA, SSL_NO_SUCH_CIPHERSUITE
};
SslAppTestParams serverDefaults =
{
"no name here",
false, PORT_DEF,
NULL, NULL, false, kTLSProtocol1,
NULL, NULL, NULL, true, false, NULL, false, kNeverAuthenticate,
false, ciphers, false, NULL, 0, noErr, kTLSProtocol1, kSSLClientCertNone,
SSL_CIPHER_IGNORE,
false, false, false, {0}, {0}, false, 0, false,
kSSLProtocolUnknown,
SSL_NULL_WITH_NULL_NULL,
kSSLClientCertNone,
noHardwareErr
};
SslAppTestParams clientDefaults =
{
HOST_DEF,
false, PORT_DEF,
NULL, NULL, false, kTLSProtocol1,
NULL, NULL, NULL, true, false, NULL, false, kNeverAuthenticate,
false, NULL, false, NULL, 0, noErr, kTLSProtocol1, kSSLClientCertNone,
SSL_CIPHER_IGNORE,
false, false, false, {0}, {0}, false, 0, false,
kSSLProtocolUnknown,
SSL_NULL_WITH_NULL_NULL,
kSSLClientCertNone,
noHardwareErr
};
int main(int argc, char **argv)
{
int ourRtn = 0;
char *argp;
bool dhEnable = false;
unsigned loop;
unsigned loops = 1;
bool ringBufferIo = false;
RingBuffer serverToClientRing;
RingBuffer clientToServerRing;
if(argc < 2) {
usage(argv);
}
serverDefaults.myCertKcName = argv[1];
for(int arg=2; arg<argc; arg++) {
argp = argv[arg];
switch(argp[0]) {
case 'c':
clientDefaults.myCertKcName = &argp[2];
case 'q':
serverDefaults.quiet = clientDefaults.quiet = true;
break;
case 'v':
serverDefaults.verbose = clientDefaults.verbose = true;
break;
case 'p':
serverDefaults.port = clientDefaults.port = atoi(&argp[2]);
break;
case 'b':
serverDefaults.nonBlocking = clientDefaults.nonBlocking =
true;
break;
case 'd':
ciphers[0] = SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA;
dhEnable = true;
break;
case 'f':
ciphers[0] = SSL_DH_anon_WITH_RC4_128_MD5;
dhEnable = true;
break;
case 'h':
if(++arg == argc) {
usage(argv);
}
clientDefaults.hostName=argv[arg];
break;
case 'k':
clientDefaults.skipHostNameCheck = true;
break;
case 'a':
if(++arg == argc) {
usage(argv);
}
clientDefaults.anchorFile = serverDefaults.anchorFile = argv[arg];
break;
case 'A':
if(++arg == argc) {
usage(argv);
}
serverDefaults.anchorFile = argv[arg];
break;
case 'z':
serverDefaults.password = &argp[2];
break;
case 'P':
serverDefaults.port = clientDefaults.port = atoi(&argp[2]);
break;
case 'u':
serverDefaults.authenticate = kAlwaysAuthenticate;
if(serverDefaults.expectCertState == kSSLClientCertNone) {
serverDefaults.expectCertState = kSSLClientCertSent;
}
if(clientDefaults.expectCertState == kSSLClientCertNone) {
clientDefaults.expectCertState = kSSLClientCertSent;
}
break;
case 'x':
clientDefaults.expectRtn = errSSLXCertChainInvalid;
serverDefaults.expectRtn = errSSLPeerCertUnknown;
break;
case 'X':
serverDefaults.expectRtn = errSSLXCertChainInvalid;
clientDefaults.expectRtn = errSSLPeerCertUnknown;
serverDefaults.expectCertState = kSSLClientCertRejected;
clientDefaults.expectCertState = kSSLClientCertRejected;
break;
case 'R':
ringBufferIo = true;
break;
case 'l':
loops = atoi(&argp[2]);
break;
default:
usage(argv);
}
}
#if IGNORE_SIGPIPE
signal(SIGPIPE, sigpipe);
#endif
if(ringBufferIo) {
ringBufSetup(&serverToClientRing, "serveToClient", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
ringBufSetup(&clientToServerRing, "clientToServe", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
serverDefaults.serverToClientRing = &serverToClientRing;
serverDefaults.clientToServerRing = &clientToServerRing;
clientDefaults.serverToClientRing = &serverToClientRing;
clientDefaults.clientToServerRing = &clientToServerRing;
}
if(dhEnable) {
if(readFile(DH_PARAMS, (unsigned char **)&serverDefaults.dhParams,
&serverDefaults.dhParamsLen)) {
printf("***Error reading Diffie-Hellman params."
" Patience, grasshopper.\n");
}
}
testStartBanner("sslSession", argc, argv);
for(loop=0; loop<loops; loop++) {
ourRtn = sslRunSession(&serverDefaults, &clientDefaults, NULL);
if(ourRtn) {
break;
}
}
if(!clientDefaults.quiet) {
if(ourRtn == 0) {
if(!serverDefaults.quiet) {
printf("===== %s test PASSED =====\n", argv[0]);
}
}
else {
printf("****FAIL: %d errors detected\n", ourRtn);
}
}
return ourRtn;
}