diff options
Diffstat (limited to 'nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c')
-rw-r--r-- | nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c | 263 |
1 files changed, 0 insertions, 263 deletions
diff --git a/nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c b/nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c deleted file mode 100644 index 3c74124..0000000 --- a/nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c +++ /dev/null @@ -1,263 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* include replacer-generated variables file */ - - -#include "ssl.h" -#include "sslproto.h" - -#include "sslt.h" -#include "sslc.h" -#include "ssls.h" - -#include "pk11func.h" - -#define MAX_CIPHERS 100 - -struct cipherspec cipher_array[MAX_CIPHERS]; -int cipher_array_size=0; -char *password = ""; -char *nickname = "SSLServer"; -char *client_nick = "SSLClient"; - -void InitCiphers() { - int i=0; - -/* These ciphers are listed in priority order. */ - DIPHER(2,SSL_ALLOWED,128,40, "RC2-CBC-Export", EN_RC2_128_CBC_EXPORT40_WITH_MD5) - CIPHER(2,SSL_NOT_ALLOWED,128,128,"RC4", EN_RC4_128_WITH_MD5) - CIPHER(2,SSL_ALLOWED,128,40, "RC4-Export", EN_RC4_128_EXPORT40_WITH_MD5) - DIPHER(2,SSL_NOT_ALLOWED,128,128,"RC2-CBC", EN_RC2_128_CBC_WITH_MD5) - DIPHER(2,SSL_ALLOWED,128,40, "RC2-CBC-40", EN_RC2_128_CBC_EXPORT40_WITH_MD5) - DIPHER(2,SSL_NOT_ALLOWED,128,128,"IDEA-CBC", EN_IDEA_128_CBC_WITH_MD5) - DIPHER(2,SSL_NOT_ALLOWED,56,56, "DES-CBC", EN_DES_64_CBC_WITH_MD5) - CIPHER(2,SSL_NOT_ALLOWED,168,168,"DES-EDE3-CBC", EN_DES_192_EDE3_CBC_WITH_MD5) - /* SSL 3 suites */ - - CIPHER(3,SSL_RESTRICTED,128,128, "RC4", RSA_WITH_RC4_128_MD5) - DIPHER(3,SSL_RESTRICTED,128,128, "RC4", RSA_WITH_RC4_128_SHA) - CIPHER(3,SSL_RESTRICTED,168,168, "3DES-EDE-CBC", RSA_WITH_3DES_EDE_CBC_SHA) - CIPHER(3,SSL_NOT_ALLOWED,56,56,"DES-CBC", RSA_WITH_DES_CBC_SHA) - CIPHER(3,SSL_ALLOWED,128,40, "RC4-40", RSA_EXPORT_WITH_RC4_40_MD5) - CIPHER(3,SSL_ALLOWED,128,40, "RC2-CBC-40", RSA_EXPORT_WITH_RC2_CBC_40_MD5) - - DIPHER(3,SSL_ALLOWED,0,0, "NULL", NULL_WITH_NULL_NULL) - DIPHER(3,SSL_ALLOWED,0,0, "NULL", RSA_WITH_NULL_MD5) - DIPHER(3,SSL_ALLOWED,0,0, "NULL", RSA_WITH_NULL_SHA) - -#if 0 - DIPHER(3,SSL_NOT_ALLOWED,0,0, "IDEA-CBC", RSA_WITH_IDEA_CBC_SHA) - DIPHER(3,SSL_ALLOWED,128,40, "DES-CBC-40", RSA_EXPORT_WITH_DES40_CBC_SHA) -#endif - - /* - - CIPHER(DH_DSS_EXPORT_WITH_DES40_CBC_SHA), - CIPHER(DH_DSS_WITH_DES_CBC_SHA), - CIPHER(DH_DSS_WITH_3DES_EDE_CBC_SHA), - CIPHER(DH_RSA_EXPORT_WITH_DES40_CBC_SHA), - CIPHER(DH_RSA_WITH_DES_CBC_SHA), - CIPHER(DH_RSA_WITH_3DES_EDE_CBC_SHA), - CIPHER(DHE_DSS_EXPORT_WITH_DES40_CBC_SHA), - CIPHER(DHE_DSS_WITH_DES_CBC_SHA), - CIPHER(DHE_DSS_WITH_3DES_EDE_CBC_SHA), - CIPHER(DHE_RSA_EXPORT_WITH_DES40_CBC_SHA), - CIPHER(DHE_RSA_WITH_DES_CBC_SHA), - CIPHER(DHE_RSA_WITH_3DES_EDE_CBC_SHA), - - CIPHER(DH_ANON_EXPORT_WITH_RC4_40_MD5), - CIPHER(DH_ANON_WITH_RC4_128_MD5), - CIPHER(DH_ANON_WITH_DES_CBC_SHA), - CIPHER(DH_ANON_WITH_3DES_EDE_CBC_SHA), - - CIPHER(3,SSL_NOT_ALLOWED,0,0,"Fortezza", FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA), - CIPHER(3,SSL_NOT_ALLOWED,0,0,"Fortezza", FORTEZZA_DMS_WITH_RC4_128_SHA), - - */ - - DIPHER(3,SSL_NOT_ALLOWED,192,192,"3DES-EDE-CBC",RSA_FIPS_WITH_3DES_EDE_CBC_SHA) - DIPHER(3,SSL_NOT_ALLOWED,64,64, "DES-CBC", RSA_FIPS_WITH_DES_CBC_SHA) - - cipher_array_size =i; -} - - - -/* ClearCiphers() - * Clear out all ciphers */ - -void ClearCiphers(struct ThreadData *td) { -int i; - -for (i=0;i<cipher_array_size;i++) { -SSL_EnableCipher(cipher_array[i].enableid,0); -} -} - - -/* EnableCiphers - * enable only those ciphers set for this test */ - -void EnableCiphers(struct ThreadData *td) { - int i; - - for (i=0;i<cipher_array_size;i++) { - if (cipher_array[i].on) { - SSL_EnableCipher(cipher_array[i].enableid,1); - } - } -} - -/* SetPolicy */ - -void SetPolicy() { - int i; - - for (i=0;i<cipher_array_size;i++) { - if (REP_Policy == POLICY_DOMESTIC) { - SSL_SetPolicy(cipher_array[i].enableid,SSL_ALLOWED); - } - else { - SSL_SetPolicy(cipher_array[i].enableid,cipher_array[i].exportable); - } - } -} - -char *MyPWFunc(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - static PRBool called=PR_FALSE; - if(called) { - return NULL; - } else { - called = PR_TRUE; - return PL_strdup(password); - } -} - -/* - * VersionEnables - * errors (40-49) - */ - -int Version2Enable(PRFileDesc *s, int v) { - if (SSL_Enable(s, SSL_ENABLE_SSL2, 1) <0) return Error(43); - else return 0; -} - -int Version3Enable(PRFileDesc *s) { - if (SSL_Enable(s, SSL_ENABLE_SSL3, 1) <0) return Error(42); - else return 0; -} - -int Version23Clear(PRFileDesc *s) { - if (SSL_Enable(s,SSL_ENABLE_SSL2,0) <0) return Error(40); - if (SSL_Enable(s,SSL_ENABLE_SSL3,0) <0) return Error(41); - return 0; -} - - - -char *nicknames[MAX_NICKNAME]; - -void SetupNickNames() { - nicknames[CLIENT_CERT_VERISIGN] = "CLIENT_CERT_VERISIGN"; - nicknames[CLIENT_CERT_HARDCOREII_1024] = "CLIENT_CERT_HARDCOREII_1024"; - nicknames[CLIENT_CERT_HARDCOREII_512] = "CLIENT_CERT_HARDCOREII_512"; - nicknames[CLIENT_CERT_SPARK] = "CLIENT_CERT_SPARK"; - nicknames[SERVER_CERT_HARDCOREII_512] = nickname; - /* nicknames[SERVER_CERT_HARDCOREII_512] = "SERVER_CERT_HARDCOREII_512"; */ - nicknames[SERVER_CERT_VERISIGN_REGULAR]= "SERVER_CERT_VERISIGN_REGULAR"; - nicknames[SERVER_CERT_VERISIGN_STEPUP] = "SERVER_CERT_VERISIGN_STEPUP"; - nicknames[SERVER_CERT_SPARK] = "SERVER_CERT_SPARK"; -} - - - - - - - -/* - * SetServerSecParms - * errors(10-19) - */ - -int SetServerSecParms(struct ThreadData *td) { - int rv; - SECKEYPrivateKey *privKey; - PRFileDesc *s; - - s = td->r; - - rv = SSL_Enable(s, SSL_SECURITY, 1); /* Enable security on this socket */ - if (rv < 0) return Error(10); - - if (SSLT_CLIENTAUTH_INITIAL == REP_ServerDoClientAuth) { - rv = SSL_Enable(s, SSL_REQUEST_CERTIFICATE, 1); - if (rv < 0) return Error(11); - } - - ClearCiphers(td); - EnableCiphers(td); - - PK11_SetPasswordFunc(MyPWFunc); - SSL_SetPKCS11PinArg(s,(void*) MyPWFunc); - - - /* Find the certificates we are going to use from the database */ - - - /* Test for dummy certificate, which shouldn't exist */ - td->cert = PK11_FindCertFromNickname("XXXXXX_CERT_HARDCOREII_1024",NULL); - if (td->cert != NULL) return Error(16); - - - td->cert = NULL; - if (NO_CERT != REP_ServerCert) { - td->cert = PK11_FindCertFromNickname(nicknames[REP_ServerCert],NULL); - } - - - /* Note: if we're set to use NO_CERT as the server cert, then we'll - * just essentially skip the rest of this (except for session ID cache setup) - */ - - - if ( (NULL == td->cert) && ( NO_CERT != REP_ServerCert )) { - PR_fprintf(PR_STDERR, "Can't find certificate %s\n", nicknames[REP_ServerCert]); - PR_fprintf(PR_STDERR, "Server: Seclib error: %s\n", SECU_Strerror(PR_GetError())); - return Error(12); - } - - - if ((NO_CERT != REP_ServerCert)) { - privKey = PK11_FindKeyByAnyCert(td->cert, NULL); - if (privKey == NULL) { - dbmsg((PR_STDERR, "Can't find key for this certificate\n")); - return Error(13); - } - - rv = SSL_ConfigSecureServer(s,td->cert,privKey, kt_rsa); - if (rv != PR_SUCCESS) { - dbmsg((PR_STDERR, "Can't config server error(%d) \n",rv)); - return Error(14); - } - } - - rv = SSL_ConfigServerSessionIDCache(10, 0, 0, "."); - if (rv != 0) { - dbmsg((PR_STDERR, "Can't config server session ID cache (%d) \n",rv)); - return Error(15); - } - - return 0; -} - - - - - - - |