void lssproto_ABI_send(int fd, int num, char *data) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, num);
checksum += util_mkstring(buffer, data);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_ABI_SEND, buffer);
}
void lssproto_PETS_send(int fd, int petarray, int result) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, petarray);
checksum += util_mkint(buffer, result);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_PETST_SEND, buffer);
}
/*
servertoclient XYD( int x, int y, int dir );
*/
void lssproto_XYD_send(int fd, int x, int y, int dir) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, x);
checksum += util_mkint(buffer, y);
checksum += util_mkint(buffer, dir);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_XYD_SEND, buffer);
}
void lssproto_EF_send(int fd, int effect, int level, char *option) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, effect);
checksum += util_mkint(buffer, level);
checksum += util_mkstring(buffer, option);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_EF_SEND, buffer);
}
void lssproto_ClientLogin_send(int fd, char *result) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkstring(buffer, result);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_CLIENTLOGIN_SEND, buffer);
}
void lssproto_TK_send(int fd, int index, char *message, int color) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, index);
checksum += util_mkstring(buffer, message);
checksum += util_mkint(buffer, color);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_TK_SEND, buffer);
}
void lssproto_EN_send(int fd, int result, int field) {
char buffer[1024 * 64];
int checksum = 0;
//print(" EN_send ");
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, result);
checksum += util_mkint(buffer, field);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_EN_SEND, buffer);
}
/** Sign a transaction and (if everything goes well) send the signature in a
* response packet.
* \param ah The address handle whose corresponding private key will be used
* to sign the transaction.
* \param sig_hash The signature hash of the transaction, as calculated by
* parseTransaction(). This must be an array of 32 bytes.
*/
static NOINLINE void signTransactionByAddressHandle(AddressHandle ah, uint8_t *sig_hash)
{
uint8_t signature[MAX_SIGNATURE_LENGTH];
uint8_t private_key[32];
uint8_t signature_length;
WalletErrors wallet_return;
signature_length = 0;
if (getPrivateKey(private_key, ah) == WALLET_NO_ERROR)
{
// Note: signTransaction() cannot fail.
signature_length = signTransaction(signature, sig_hash, private_key);
}
wallet_return = walletGetLastError();
translateWalletError(wallet_return, signature_length, signature);
}
void lssproto_PS_send(int fd, int result, int havepetindex, int havepetskill, int toindex) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, result);
checksum += util_mkint(buffer, havepetindex);
checksum += util_mkint(buffer, havepetskill);
checksum += util_mkint(buffer, toindex);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_PS_SEND, buffer);
}
void lssproto_WN_send(int fd, int windowtype, int buttontype, int seqno, int objindex, char *data) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, windowtype);
checksum += util_mkint(buffer, buttontype);
checksum += util_mkint(buffer, seqno);
checksum += util_mkint(buffer, objindex);
checksum += util_mkstring(buffer, data);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_WN_SEND, buffer);
}
void lssproto_M_send(int fd, int fl, int x1, int y1, int x2, int y2, char *data) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, fl);
checksum += util_mkint(buffer, x1);
checksum += util_mkint(buffer, y1);
checksum += util_mkint(buffer, x2);
checksum += util_mkint(buffer, y2);
checksum += util_mkstring(buffer, data);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_M_SEND, buffer);
}
void lssproto_PME_send(int fd, int objindex, int graphicsno, int x, int y, int dir, int flg, int no, char *cdata) {
char buffer[1024 * 64];
int checksum = 0;
strcpy(buffer, "");
CONNECT_getCdkey(fd, PersonalKey, 4096);
strcat(PersonalKey, getPrivateKey());
checksum += util_mkint(buffer, objindex);
checksum += util_mkint(buffer, graphicsno);
checksum += util_mkint(buffer, x);
checksum += util_mkint(buffer, y);
checksum += util_mkint(buffer, dir);
checksum += util_mkint(buffer, flg);
checksum += util_mkint(buffer, no);
checksum += util_mkstring(buffer, cdata);
util_mkint(buffer, checksum);
util_SendMesg(fd, LSSPROTO_PME_SEND, buffer);
}
static int connectOCSP( const CRYPT_SESSION_TYPE sessionType,
const BOOLEAN revokedCert,
const BOOLEAN multipleCerts,
const BOOLEAN localSession )
{
CRYPT_SESSION cryptSession;
CRYPT_CERTIFICATE cryptOCSPRequest;
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
#ifdef UNICODE_STRINGS
wchar_t wcBuffer[ FILENAME_BUFFER_SIZE ];
#endif /* UNICODE_STRINGS */
void *fileNamePtr = filenameBuffer;
#if OCSP_SERVER_NO == 7
int complianceValue;
#endif /* OCSP servers that return broken resposnes */
const BOOLEAN isServer = ( sessionType == CRYPT_SESSION_OCSP_SERVER ) ? \
TRUE : FALSE;
int status;
printf( "%sTesting %sOCSP session...\n", isServer ? "SVR: " : "",
localSession ? "local " : "" );
/* If we're the client, wait for the server to finish initialising */
if( localSession && !isServer && waitMutex() == CRYPT_ERROR_TIMEOUT )
{
printf( "Timed out waiting for server to initialise, line %d.\n",
__LINE__ );
return( FALSE );
}
/* Create the OCSP session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType );
if( status == CRYPT_ERROR_PARAM3 ) /* OCSP session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "cryptCreateSession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
if( isServer )
{
CRYPT_CONTEXT cryptPrivateKey;
CRYPT_KEYSET cryptCertStore;
if( !setLocalConnect( cryptSession, 80 ) )
return( FALSE );
/* Add the responder private key */
filenameFromTemplate( filenameBuffer, SERVER_PRIVKEY_FILE_TEMPLATE, 1 );
#ifdef UNICODE_STRINGS
mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
fileNamePtr = wcBuffer;
#endif /* UNICODE_STRINGS */
status = getPrivateKey( &cryptPrivateKey, fileNamePtr,
USER_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY, cryptPrivateKey );
cryptDestroyContext( cryptPrivateKey );
}
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "SVR: cryptSetAttribute()",
status, __LINE__ ) );
/* Add the certificate store that we'll be using to provide
revocation information */
status = cryptKeysetOpen( &cryptCertStore, CRYPT_UNUSED,
DATABASE_KEYSET_TYPE, CERTSTORE_KEYSET_NAME,
CRYPT_KEYOPT_READONLY );
if( status == CRYPT_ERROR_PARAM3 )
{
/* This type of keyset access isn't available, return a special
error code to indicate that the test wasn't performed, but
that this isn't a reason to abort processing */
puts( "SVR: No certificate store available, aborting OCSP "
"responder test.\n" );
cryptDestroySession( cryptSession );
return( CRYPT_ERROR_NOTAVAIL );
}
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_KEYSET, cryptCertStore );
cryptKeysetClose( cryptCertStore );
}
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "SVR: cryptSetAttribute()",
status, __LINE__ ) );
/* Tell the client that we're ready to go */
if( localSession )
releaseMutex();
}
else
{
/* Create the OCSP request */
if( !initOCSP( &cryptOCSPRequest, localSession ? 1 : OCSP_SERVER_NO,
FALSE, revokedCert, multipleCerts,
CRYPT_SIGNATURELEVEL_NONE, CRYPT_UNUSED ) )
return( FALSE );
/* Set up the server information and activate the session. In
theory the OCSP request will contain all the information needed
for the session so there'd be nothing else to add before we
activate it, however many certs contain incorrect server URLs so
we set the server name manually if necessary, overriding the
value present in the OCSP request (via the certificate) */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_REQUEST,
cryptOCSPRequest );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "cryptSetAttribute()",
status, __LINE__ ) );
cryptDestroyCert( cryptOCSPRequest );
if( localSession && !setLocalConnect( cryptSession, 80 ) )
return( FALSE );
#ifdef OCSP_SERVER_NAME
if( !localSession )
{
printf( "Setting OCSP server to %s.\n", OCSP_SERVER_NAME );
cryptDeleteAttribute( cryptSession, CRYPT_SESSINFO_SERVER_NAME );
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME, OCSP_SERVER_NAME,
paramStrlen( OCSP_SERVER_NAME ) );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession,
"cryptSetAttributeString()", status,
__LINE__ ) );
}
#endif /* Kludges for incorrect/missing authorityInfoAccess values */
if( OCSP_SERVER_NO == 1 || localSession )
{
/* The cryptlib server doesn't handle the weird v1 certIDs */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_VERSION,
2 );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "cryptSetAttribute()",
status, __LINE__ ) );
}
#if OCSP_SERVER_NO == 7
/* Some OCSP server's responses are broken so we have to turn down
the compliance level to allow them to be processed */
cryptGetAttribute( CRYPT_UNUSED, CRYPT_OPTION_CERT_COMPLIANCELEVEL,
&complianceValue );
cryptSetAttribute( CRYPT_UNUSED, CRYPT_OPTION_CERT_COMPLIANCELEVEL,
CRYPT_COMPLIANCELEVEL_OBLIVIOUS );
#endif /* OCSP servers that return broken resposnes */
/* Wait for the server to finish initialising */
if( localSession && waitMutex() == CRYPT_ERROR_TIMEOUT )
{
printf( "Timed out waiting for server to initialise, line %d.\n",
__LINE__ );
return( FALSE );
}
}
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, TRUE );
#if OCSP_SERVER_NO == 7
/* Restore normal certificate processing */
cryptSetAttribute( CRYPT_UNUSED, CRYPT_OPTION_CERT_COMPLIANCELEVEL,
complianceValue );
#endif /* OCSP servers that return broken resposnes */
if( isServer )
printConnectInfo( cryptSession );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, isServer ? \
"SVR: Attempt to activate OCSP server session" : \
"Attempt to activate OCSP client session", status,
__LINE__ );
#if OCSP_SERVER_NO == 5
if( status == CRYPT_ERROR_SIGNATURE )
{
char errorMessage[ 512 ];
int errorMessageLength;
status = cryptGetAttributeString( cryptSession,
CRYPT_ATTRIBUTE_ERRORMESSAGE,
errorMessage, &errorMessageLength );
if( cryptStatusOK( status ) && errorMessageLength >= 29 && \
!memcmp( errorMessage, "OCSP response doesn't contain", 29 ) )
{
cryptDestroySession( cryptSession );
puts( " (Verisign's OCSP responder sends broken responses, "
"continuing...)\n" );
return( CRYPT_ERROR_FAILED );
}
}
#endif /* Verisign's broken OCSP responder */
if( !isServer && isServerDown( cryptSession, status ) )
{
puts( " (Server could be down, faking it and continuing...)\n" );
cryptDestroySession( cryptSession );
return( CRYPT_ERROR_FAILED );
}
cryptDestroySession( cryptSession );
return( FALSE );
}
/* Obtain the response information */
if( !isServer )
{
CRYPT_CERTIFICATE cryptOCSPResponse;
status = cryptGetAttribute( cryptSession, CRYPT_SESSINFO_RESPONSE,
&cryptOCSPResponse );
if( cryptStatusError( status ) )
{
printf( "cryptGetAttribute() failed with error code %d, line "
"%d.\n", status, __LINE__ );
return( FALSE );
}
printCertInfo( cryptOCSPResponse );
cryptDestroyCert( cryptOCSPResponse );
}
/* There are so many weird ways to delegate trust and signing authority
mentioned in the OCSP RFC without any indication of which one
implementors will follow that we can't really perform any sort of
automated check since every responder seems to interpret this
differently, and many require manual installation of responder certs
in order to function */
#if 0
status = cryptCheckCert( cryptOCSPResponse , CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptOCSPResponse , "cryptCheckCert()",
status, __LINE__ ) );
#endif /* 0 */
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
puts( isServer ? "SVR: OCSP server session succeeded.\n" : \
"OCSP client session succeeded.\n" );
return( TRUE );
}
static int connectRTCS( const CRYPT_SESSION_TYPE sessionType,
const BOOLEAN multipleCerts,
const BOOLEAN localSession )
{
CRYPT_SESSION cryptSession;
CRYPT_CERTIFICATE cryptRTCSRequest;
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
#ifdef UNICODE_STRINGS
wchar_t wcBuffer[ FILENAME_BUFFER_SIZE ];
#endif /* UNICODE_STRINGS */
void *fileNamePtr = filenameBuffer;
const BOOLEAN isServer = ( sessionType == CRYPT_SESSION_RTCS_SERVER ) ? \
TRUE : FALSE;
int status;
printf( "%sTesting %sRTCS session...\n", isServer ? "SVR: " : "",
localSession ? "local " : "" );
/* If we're the client, wait for the server to finish initialising */
if( localSession && !isServer && waitMutex() == CRYPT_ERROR_TIMEOUT )
{
printf( "Timed out waiting for server to initialise, line %d.\n",
__LINE__ );
return( FALSE );
}
/* Create the RTCS session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType );
if( status == CRYPT_ERROR_PARAM3 ) /* RTCS session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "cryptCreateSession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
if( isServer )
{
CRYPT_CONTEXT cryptPrivateKey;
CRYPT_KEYSET cryptCertStore;
if( !setLocalConnect( cryptSession, 80 ) )
return( FALSE );
/* Add the responder private key */
filenameFromTemplate( filenameBuffer, SERVER_PRIVKEY_FILE_TEMPLATE, 1 );
#ifdef UNICODE_STRINGS
mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
fileNamePtr = wcBuffer;
#endif /* UNICODE_STRINGS */
status = getPrivateKey( &cryptPrivateKey, fileNamePtr,
USER_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY, cryptPrivateKey );
cryptDestroyContext( cryptPrivateKey );
}
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "SVR: cryptSetAttribute()",
status, __LINE__ ) );
/* Add the certificate store that we'll be using to provide
revocation information */
status = cryptKeysetOpen( &cryptCertStore, CRYPT_UNUSED,
DATABASE_KEYSET_TYPE, CERTSTORE_KEYSET_NAME,
CRYPT_KEYOPT_READONLY );
if( status == CRYPT_ERROR_PARAM3 )
{
/* This type of keyset access isn't available, return a special
error code to indicate that the test wasn't performed, but
that this isn't a reason to abort processing */
puts( "SVR: No certificate store available, aborting RTCS "
"responder test.\n" );
cryptDestroySession( cryptSession );
return( CRYPT_ERROR_NOTAVAIL );
}
if( status == CRYPT_ERROR_OPEN )
{
/* The keyset is available, but it hasn't been created yet by an
earlier self-test, this isn't a reason to abort processing */
puts( "SVR: Certificate store hasn't been created yet by "
"earlier tests, aborting\n RTCS responder test.\n" );
cryptDestroySession( cryptSession );
return( CRYPT_ERROR_NOTAVAIL );
}
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_KEYSET, cryptCertStore );
cryptKeysetClose( cryptCertStore );
}
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "SVR: cryptSetAttribute()",
status, __LINE__ ) );
/* Tell the client that we're ready to go */
if( localSession )
releaseMutex();
}
else
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCert = DUMMY_INIT;
/* Get the certificate whose status we're checking */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED,
DATABASE_KEYSET_TYPE, CERTSTORE_KEYSET_NAME,
CRYPT_KEYOPT_READONLY );
if( cryptStatusOK( status ) )
{
status = cryptGetPublicKey( cryptKeyset, &cryptCert,
CRYPT_KEYID_NAME,
TEXT( "Test user 1" ) );
cryptKeysetClose( cryptKeyset );
}
if( cryptStatusError( status ) )
{
printf( "Couldn't read certificate for RTCS status check, error "
"code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
/* Create the RTCS request */
if( !initRTCS( &cryptRTCSRequest, cryptCert, localSession ? \
1 : RTCS_SERVER_NO, multipleCerts ) )
return( FALSE );
cryptDestroyCert( cryptCert );
/* Set up the server information and activate the session. In
theory the RTCS request will contain all the information needed
for the session so there'd be nothing else to add before we
activate it, however many certs contain incorrect server URLs so
we set the server name manually if necessary, overriding the
value present in the RTCS request (via the certificate) */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_REQUEST,
cryptRTCSRequest );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession, "cryptSetAttribute()",
status, __LINE__ ) );
cryptDestroyCert( cryptRTCSRequest );
if( localSession && !setLocalConnect( cryptSession, 80 ) )
return( FALSE );
#ifdef RTCS_SERVER_NAME
if( !localSession )
{
printf( "Setting RTCS server to %s.\n", RTCS_SERVER_NAME );
cryptDeleteAttribute( cryptSession, CRYPT_SESSINFO_SERVER_NAME );
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME, RTCS_SERVER_NAME,
paramStrlen( RTCS_SERVER_NAME ) );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptSession,
"cryptSetAttributeString()", status,
__LINE__ ) );
}
#endif /* Kludges for incorrect/missing authorityInfoAccess values */
/* Wait for the server to finish initialising */
if( localSession && waitMutex() == CRYPT_ERROR_TIMEOUT )
{
printf( "Timed out waiting for server to initialise, line %d.\n",
__LINE__ );
return( FALSE );
}
}
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, TRUE );
if( isServer )
printConnectInfo( cryptSession );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, isServer ? \
"SVR: Attempt to activate RTCS server session" : \
"Attempt to activate RTCS client session", status,
__LINE__ );
if( !isServer && isServerDown( cryptSession, status ) )
{
puts( " (Server could be down, faking it and continuing...)\n" );
cryptDestroySession( cryptSession );
return( CRYPT_ERROR_FAILED );
}
cryptDestroySession( cryptSession );
return( FALSE );
}
/* Obtain the response information */
if( !isServer )
{
CRYPT_CERTIFICATE cryptRTCSResponse;
status = cryptGetAttribute( cryptSession, CRYPT_SESSINFO_RESPONSE,
&cryptRTCSResponse );
if( cryptStatusError( status ) )
{
printf( "cryptGetAttribute() failed with error code %d, line "
"%d.\n", status, __LINE__ );
return( FALSE );
}
printCertInfo( cryptRTCSResponse );
cryptDestroyCert( cryptRTCSResponse );
}
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
puts( isServer ? "SVR: RTCS server session succeeded.\n" : \
"RTCS client session succeeded.\n" );
return( TRUE );
}
static int connectTSP( const CRYPT_SESSION_TYPE sessionType,
const CRYPT_HANDLE externalCryptContext,
const BOOLEAN persistentConnection,
const BOOLEAN localSession )
{
CRYPT_SESSION cryptSession;
const BOOLEAN isServer = ( sessionType == CRYPT_SESSION_TSP_SERVER ) ? \
TRUE : FALSE;
const BOOLEAN useAltHash = ( !isServer && 0 ) ? TRUE : FALSE;
int status;
printf( "%sTesting %sTSP session...\n", isServer ? "SVR: " : "",
localSession ? "local " : "" );
/* Acquire the init mutex if we're the server */
if( localSession && isServer )
waitMutex();
/* Create the TSP session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType );
if( status == CRYPT_ERROR_PARAM3 ) /* TSP session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "%scryptCreateSession() failed with error code %d, line "
"%d.\n", isServer ? "SVR: " : "", status, __LINE__ );
return( FALSE );
}
/* Set up the server information and activate the session. Since this
test explicitly tests the ability to handle persistent connections,
we don't use the general-purpose request/response server wrapper,
which only uses persistent connections opportunistically */
if( isServer )
{
CRYPT_CONTEXT privateKey = externalCryptContext;
if( !setLocalConnect( cryptSession, 318 ) )
return( FALSE );
if( externalCryptContext == CRYPT_UNUSED )
status = getPrivateKey( &privateKey, TSA_PRIVKEY_FILE,
USER_PRIVKEY_LABEL,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY, privateKey );
if( externalCryptContext == CRYPT_UNUSED )
cryptDestroyContext( privateKey );
}
}
else
{
if( localSession )
{
if( !setLocalConnect( cryptSession, 318 ) )
return( FALSE );
}
else
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME, TSP_SERVER_NAME,
paramStrlen( TSP_SERVER_NAME ) );
}
}
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute/cryptSetAttributeString() failed with "
"error code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
status = testTSP( cryptSession, isServer, FALSE, useAltHash, localSession );
if( status <= 0 )
return( status );
/* Check whether the session connection is still open */
if( persistentConnection )
{
int connectionActive;
status = cryptGetAttribute( cryptSession, CRYPT_SESSINFO_CONNECTIONACTIVE,
&connectionActive );
if( cryptStatusError( status ) || !connectionActive )
{
printExtError( cryptSession, isServer ? \
"SVR: Persistent connection has been closed, "
"operation" : \
"Persistent connection has been closed, operation",
status, __LINE__ );
return( FALSE );
}
/* Activate the connection to handle two more requests */
status = testTSP( cryptSession, isServer, TRUE, FALSE, FALSE );
if( status <= 0 )
return( status );
status = testTSP( cryptSession, isServer, TRUE, FALSE, FALSE );
if( status <= 0 )
return( status );
}
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
printf( isServer ? "SVR: %sTSP server session succeeded.\n\n" : \
"%sTSP client session succeeded.\n\n",
persistentConnection ? "Persistent " : "" );
return( TRUE );
}
int main(int argc, char**argv) {
printf("Checking RSA keys...\n");
FILE *keys_file = fopen("../keys.txt", "r");
mpz_t rop;
mpz_init(rop);
mpz_t arr[NUM_KEYS];
int j, i = 0;
// initialize array
while(mpz_inp_str(rop, keys_file, BASE_10) && i < NUM_KEYS) {
mpz_init(arr[i]);
mpz_set(arr[i], rop);
i++;
// mpz_init(rop);
}
fclose(keys_file);
mpz_t gcd, p, q, privateKey, publicKey;
mpz_init(gcd);
// int matches[NUM_KEYS][NUM_KEYS];
int count = 0;
mpz_init(privateKey);
mpz_init(publicKey);
//set public key
mpz_set_ui(publicKey, E);
FILE *badkeys = fopen("20k-cpu-badkeys.txt", "w");
mpz_init(p);
mpz_init(q);
time_t start = time(NULL);
time_t end;
for (i=0; i < NUM_KEYS-1; i++) {
for (j=i+1; j < NUM_KEYS; j++) {
mpz_gcd (gcd, arr[i], arr[j]);
if (mpz_cmp_ui(gcd, 1) > 0) {
count++;
mpz_set(p, gcd);
outputPrivateKey(arr[i], badkeys);
getPrivateKey(p, q, arr[i], publicKey, privateKey);
fprintf(badkeys, ":");
outputPrivateKey(privateKey, badkeys);
fprintf(badkeys, "\n");
outputPrivateKey(arr[j], badkeys);
fprintf(badkeys, ":");
getPrivateKey(p, q, arr[j], publicKey, privateKey);
outputPrivateKey(privateKey, badkeys);
fprintf(badkeys, "\n");
}
}
if (i%100 == 0) {
end = time(NULL);
printf("reached %d modulii at %d time\n", i, (int)end-(int)start);
start = time(NULL);
}
}
fclose(badkeys);
printf("done.\n");
printf("Keys that match...\n");
printf(" Percent of matches: %.4f%%, %d/%d\n", ((double)count)/NUM_KEYS, count, NUM_KEYS);
return 0;
}
static int suitebClient( const int testNo, const char *hostName,
const int port, const int flags,
const BOOLEAN isServerTest )
{
CRYPT_SESSION cryptSession;
const SUITEB_TEST_INFO *testInfoPtr = isServerTest ? \
&serverTestInfo[ testNo ] : &clientTestInfo[ testNo ];
const BOOLEAN isLoopbackTest = \
( !strcmp( hostName, "localhost" ) && port == 0 ) ? TRUE : FALSE;
const BOOLEAN sendHTTP = \
( flags & TESTFLAG_SENDHTTPREQ ) ? TRUE : FALSE;
const char *testName = testInfoPtr->testName;
SPECIAL_HANDLING_TYPE handlingTypeAlt = SPECIAL_NONE;
int status;
/* Make sure that we've been given a valid test number to run */
if( isServerTest )
{
if( testNo < SUITEB_FIRST_SERVER || testNo > SUITEB_LAST_SERVER )
return( FALSE );
}
else
{
if( testNo < SUITEB_FIRST_CLIENT || testNo > SUITEB_LAST_CLIENT )
return( FALSE );
}
/* If it's an alias for another test, select the base test */
if( testInfoPtr->aliasTestName != NULL )
{
handlingTypeAlt = testInfoPtr->handlingType;
testInfoPtr = findAliasTest( isServerTest ? \
&serverTestInfo[ 1 ] : &clientTestInfo[ 1 ],
testInfoPtr->aliasTestName );
if( testInfoPtr == NULL )
{
assert( 0 );
return( FALSE );
}
}
/* Wait for the server to finish initialising */
if( waitMutex() == CRYPT_ERROR_TIMEOUT )
{
printf( "Timed out waiting for server to initialise, line %d.\n",
__LINE__ );
return( FALSE );
}
if( !isLoopbackTest )
{
/* Clear any custom config, provided we're not running a loopback
test, in which case we'd be overwriting the options that have
already been set by the server */
cryptSuiteBTestConfig( SUITEB_TEST_NONE );
}
printf( "Running Suite B client " );
if( flags & TESTFLAG_GENERIC )
printf( "as generic test client.\n" );
else
printf( "with test %s.\n", testInfoPtr->testName );
/* Create the SSL/TLS session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED,
CRYPT_SESSION_SSL );
if( status == CRYPT_ERROR_PARAM3 ) /* SSL/TLS session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "cryptCreateSession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_VERSION, 3 );
if( cryptStatusOK( status ) && testInfoPtr->clientOptions != 0 )
{
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_SSL_OPTIONS,
testInfoPtr->clientOptions );
}
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Set up the client information */
if( isLoopbackTest )
{
/* We're running the loopback test, set up a local connect */
if( !setLocalConnect( cryptSession, 443 ) )
return( FALSE );
}
else
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME,
hostName, strlen( hostName ) );
if( cryptStatusOK( status ) && port != 0 && port != 443 )
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_SERVER_PORT, port );
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute()/cryptSetAttributeString() failed "
"with error code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
}
if( cryptStatusOK( status ) && \
testInfoPtr->clientAuthKeySizeBits > 0 )
{
CRYPT_CONTEXT privateKey;
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
#ifdef UNICODE_STRINGS
wchar_t wcBuffer[ FILENAME_BUFFER_SIZE ];
#endif /* UNICODE_STRINGS */
void *fileNamePtr = filenameBuffer;
/* Depending on which server we're testing against we need to use
different private keys */
filenameFromTemplate( filenameBuffer, SERVER_ECPRIVKEY_FILE_TEMPLATE,
testInfoPtr->clientAuthKeySizeBits );
#ifdef UNICODE_STRINGS
mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
fileNamePtr = wcBuffer;
#endif /* UNICODE_STRINGS */
status = getPrivateKey( &privateKey, fileNamePtr, USER_PRIVKEY_LABEL,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY, privateKey );
cryptDestroyContext( privateKey );
}
}
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute/AttributeString() failed with error code "
"%d, line %d.\n", status, __LINE__ );
return( FALSE );
}
/* For the loopback test we also increase the connection timeout to a
higher-than-normal level, since this gives us more time for tracing
through the code when debugging */
cryptSetAttribute( cryptSession, CRYPT_OPTION_NET_CONNECTTIMEOUT, 120 );
/* Set any custom client configuration that may be required */
switch( testInfoPtr->handlingType )
{
case SPECIAL_CLI_INVALIDCURVE:
/* Client sends non-Suite B curve */
status = cryptSuiteBTestConfig( SUITEB_TEST_CLIINVALIDCURVE );
break;
case SPECIAL_BOTH_SUPPALGO:
/* Client must send supported_curves extension for both P256
and P384 curves */
status = cryptSuiteBTestConfig( SUITEB_TEST_BOTHSIGALGOS );
break;
}
if( cryptStatusError( status ) )
{
printf( "Custom config set failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Activate the client session */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, TRUE );
if( ( testInfoPtr->result && !cryptStatusOK( status ) ) || \
( !testInfoPtr->result && !cryptStatusError( status ) ) )
{
if( testInfoPtr->result )
printf( "Test %s failed, should have succeeded.\n", testName );
else
printf( "Test %s succeeded, should have failed.\n", testName );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, "Failure reason is:", status,
__LINE__ );
}
cryptDestroySession( cryptSession );
return( FALSE );
}
/* Perform any custom post-activation checking that may be required */
if( testInfoPtr->handlingType != 0 || handlingTypeAlt != 0 )
{
const SPECIAL_HANDLING_TYPE handlingType = \
( handlingTypeAlt != 0 ) ? handlingTypeAlt : \
testInfoPtr->handlingType;
BYTE buffer[ 1024 ];
int length;
switch( handlingType )
{
case SPECIAL_CLI_INVALIDCURVE:
case SPECIAL_BOTH_SUPPALGO:
/* Handled by checking whether the session activation
failed/succeeded */
break;
case SPECIAL_SVR_TLSALERT:
status = cryptGetAttributeString( cryptSession,
CRYPT_ATTRIBUTE_ERRORMESSAGE, buffer,
&length );
if( cryptStatusError( status ) || \
memcmp( buffer, "Received TLS alert", 18 ) )
{
printf( "Test %s should have returned a TLS alert but "
"didn't.\n", testName );
return( FALSE );
}
break;
case SPECIAL_SVR_INVALIDCURVE:
/* Handled/checked on the server */
break;
default:
assert( 0 );
return( FALSE );
}
}
/* If we're being asked to send HTTP data, send a basic GET */
if( sendHTTP )
{
const char *fetchString = "GET / HTTP/1.0\r\n\r\n";
const int fetchStringLen = sizeof( fetchString ) - 1;
int bytesCopied;
status = cryptPushData( cryptSession, fetchString,
fetchStringLen, &bytesCopied );
if( cryptStatusOK( status ) )
status = cryptFlushData( cryptSession );
if( cryptStatusError( status ) || bytesCopied != fetchStringLen )
{
printExtError( cryptSession, "Attempt to send data to server",
status, __LINE__ );
cryptDestroySession( cryptSession );
return( FALSE );
}
}
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
printf( "Suite B client test %s succeeded.\n", testName );
return( TRUE );
}
/** Call nearly all wallet functions and make sure they
* return #WALLET_NOT_THERE somehow. This should only be called if a wallet
* is not loaded. */
static void checkFunctionsReturnWalletNotThere(void)
{
uint8_t temp[128];
uint32_t check_num_addresses;
AddressHandle ah;
PointAffine public_key;
// newWallet() not tested because it calls initWallet() when it's done.
ah = makeNewAddress(temp, &public_key);
if ((ah == BAD_ADDRESS_HANDLE) && (walletGetLastError() == WALLET_NOT_THERE))
{
reportSuccess();
}
else
{
printf("makeNewAddress() doesn't recognise when wallet isn't there\n");
reportFailure();
}
check_num_addresses = getNumAddresses();
if ((check_num_addresses == 0) && (walletGetLastError() == WALLET_NOT_THERE))
{
reportSuccess();
}
else
{
printf("getNumAddresses() doesn't recognise when wallet isn't there\n");
reportFailure();
}
if (getAddressAndPublicKey(temp, &public_key, 0) == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("getAddressAndPublicKey() doesn't recognise when wallet isn't there\n");
reportFailure();
}
if (getPrivateKey(temp, 0) == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("getPrivateKey() doesn't recognise when wallet isn't there\n");
reportFailure();
}
if (changeEncryptionKey(temp) == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("changeEncryptionKey() doesn't recognise when wallet isn't there\n");
reportFailure();
}
if (changeWalletName(temp) == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("changeWalletName() doesn't recognise when wallet isn't there\n");
reportFailure();
}
}
int main(void)
{
uint8_t temp[128];
uint8_t address1[20];
uint8_t address2[20];
uint8_t name[NAME_LENGTH];
uint8_t encryption_key[WALLET_ENCRYPTION_KEY_LENGTH];
uint8_t new_encryption_key[WALLET_ENCRYPTION_KEY_LENGTH];
uint8_t version[4];
uint8_t *address_buffer;
uint8_t one_byte;
AddressHandle *handles_buffer;
AddressHandle ah;
PointAffine public_key;
PointAffine *public_key_buffer;
int abort;
int is_zero;
int abort_duplicate;
int abort_error;
int i;
int j;
initTests(__FILE__);
initWalletTest();
memset(encryption_key, 0, WALLET_ENCRYPTION_KEY_LENGTH);
setEncryptionKey(encryption_key);
// Blank out non-volatile storage area (set to all nulls).
temp[0] = 0;
for (i = 0; i < TEST_FILE_SIZE; i++)
{
fwrite(temp, 1, 1, wallet_test_file);
}
// sanitiseNonVolatileStorage() should nuke everything.
if (sanitiseNonVolatileStorage(0, 0xffffffff) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("Cannot nuke NV storage using sanitiseNonVolatileStorage()\n");
reportFailure();
}
// Check that the version field is "wallet not there".
if (getWalletInfo(version, temp) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getWalletInfo() failed after sanitiseNonVolatileStorage() was called\n");
reportFailure();
}
if (readU32LittleEndian(version) == VERSION_NOTHING_THERE)
{
reportSuccess();
}
else
{
printf("sanitiseNonVolatileStorage() does not set version to nothing there\n");
reportFailure();
}
// initWallet() hasn't been called yet, so nearly every function should
// return WALLET_NOT_THERE somehow.
checkFunctionsReturnWalletNotThere();
// The non-volatile storage area was blanked out, so there shouldn't be a
// (valid) wallet there.
if (initWallet() == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("initWallet() doesn't recognise when wallet isn't there\n");
reportFailure();
}
// Try creating a wallet and testing initWallet() on it.
memcpy(name, "123456789012345678901234567890abcdefghij", NAME_LENGTH);
if (newWallet(name) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("Could not create new wallet\n");
reportFailure();
}
if (initWallet() == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("initWallet() does not recognise new wallet\n");
reportFailure();
}
if ((getNumAddresses() == 0) && (walletGetLastError() == WALLET_EMPTY))
{
reportSuccess();
}
else
{
printf("New wallet isn't empty\n");
reportFailure();
}
// Check that the version field is "unencrypted wallet".
if (getWalletInfo(version, temp) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getWalletInfo() failed after newWallet() was called\n");
reportFailure();
}
if (readU32LittleEndian(version) == VERSION_UNENCRYPTED)
{
reportSuccess();
}
else
{
printf("newWallet() does not set version to unencrypted wallet\n");
reportFailure();
}
// Check that sanitise_nv_wallet() deletes wallet.
if (sanitiseNonVolatileStorage(0, 0xffffffff) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("Cannot nuke NV storage using sanitiseNonVolatileStorage()\n");
reportFailure();
}
if (initWallet() == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("sanitiseNonVolatileStorage() isn't deleting wallet\n");
reportFailure();
}
// Make some new addresses, then create a new wallet and make sure the
// new wallet is empty (i.e. check that newWallet() deletes existing
// wallet).
newWallet(name);
if (makeNewAddress(temp, &public_key) != BAD_ADDRESS_HANDLE)
{
reportSuccess();
}
else
{
printf("Couldn't create new address in new wallet\n");
reportFailure();
}
newWallet(name);
if ((getNumAddresses() == 0) && (walletGetLastError() == WALLET_EMPTY))
{
reportSuccess();
}
else
{
printf("newWallet() doesn't delete existing wallet\n");
reportFailure();
}
// Unload wallet and make sure everything realises that the wallet is
// not loaded.
if (uninitWallet() == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("uninitWallet() failed to do its basic job\n");
reportFailure();
}
checkFunctionsReturnWalletNotThere();
// Load wallet again. Since there is actually a wallet there, this
// should succeed.
if (initWallet() == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("uninitWallet() appears to be permanent\n");
reportFailure();
}
// Change bytes in non-volatile memory and make sure initWallet() fails
// because of the checksum check.
if (uninitWallet() != WALLET_NO_ERROR)
{
printf("uninitWallet() failed to do its basic job 2\n");
reportFailure();
}
abort = 0;
for (i = 0; i < WALLET_RECORD_LENGTH; i++)
{
if (nonVolatileRead(&one_byte, (uint32_t)i, 1) != NV_NO_ERROR)
{
printf("NV read fail\n");
abort = 1;
break;
}
one_byte++;
if (nonVolatileWrite(&one_byte, (uint32_t)i, 1) != NV_NO_ERROR)
{
printf("NV write fail\n");
abort = 1;
break;
}
if (initWallet() == WALLET_NO_ERROR)
{
printf("Wallet still loads when wallet checksum is wrong, offset = %d\n", i);
abort = 1;
break;
}
one_byte--;
if (nonVolatileWrite(&one_byte, (uint32_t)i, 1) != NV_NO_ERROR)
{
printf("NV write fail\n");
abort = 1;
break;
}
}
if (!abort)
{
reportSuccess();
}
else
{
reportFailure();
}
// Create 2 new wallets and check that their addresses aren't the same
newWallet(name);
if (makeNewAddress(address1, &public_key) != BAD_ADDRESS_HANDLE)
{
reportSuccess();
}
else
{
printf("Couldn't create new address in new wallet\n");
reportFailure();
}
newWallet(name);
memset(address2, 0, 20);
memset(&public_key, 0, sizeof(PointAffine));
if (makeNewAddress(address2, &public_key) != BAD_ADDRESS_HANDLE)
{
reportSuccess();
}
else
{
printf("Couldn't create new address in new wallet\n");
reportFailure();
}
if (memcmp(address1, address2, 20))
{
reportSuccess();
}
else
{
printf("New wallets are creating identical addresses\n");
reportFailure();
}
// Check that makeNewAddress() wrote to its outputs.
is_zero = 1;
for (i = 0; i < 20; i++)
{
if (address2[i] != 0)
{
is_zero = 0;
break;
}
}
if (is_zero)
{
printf("makeNewAddress() doesn't write the address\n");
reportFailure();
}
else
{
reportSuccess();
}
if (bigIsZero(public_key.x))
{
printf("makeNewAddress() doesn't write the public key\n");
reportFailure();
}
else
{
reportSuccess();
}
// Make some new addresses, up to a limit.
// Also check that addresses are unique.
newWallet(name);
abort = 0;
address_buffer = malloc(MAX_TESTING_ADDRESSES * 20);
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
if (makeNewAddress(&(address_buffer[i * 20]), &public_key) == BAD_ADDRESS_HANDLE)
{
printf("Couldn't create new address in new wallet\n");
abort = 1;
break;
}
for (j = 0; j < i; j++)
{
if (!memcmp(&(address_buffer[i * 20]), &(address_buffer[j * 20]), 20))
{
printf("Wallet addresses aren't unique\n");
abort = 1;
break;
}
}
if (abort)
{
break;
}
}
free(address_buffer);
if (!abort)
{
reportSuccess();
}
else
{
reportFailure();
}
// The wallet should be full now.
// Check that making a new address now causes an appropriate error.
if (makeNewAddress(temp, &public_key) == BAD_ADDRESS_HANDLE)
{
if (walletGetLastError() == WALLET_FULL)
{
reportSuccess();
}
else
{
printf("Creating a new address on a full wallet gives incorrect error\n");
reportFailure();
}
}
else
{
printf("Creating a new address on a full wallet succeeds (it's not supposed to)\n");
reportFailure();
}
// Check that getNumAddresses() fails when the wallet is empty.
newWallet(name);
if (getNumAddresses() == 0)
{
if (walletGetLastError() == WALLET_EMPTY)
{
reportSuccess();
}
else
{
printf("getNumAddresses() doesn't recognise wallet is empty\n");
reportFailure();
}
}
else
{
printf("getNumAddresses() succeeds when used on empty wallet\n");
reportFailure();
}
// Create a bunch of addresses in the (now empty) wallet and check that
// getNumAddresses() returns the right number.
address_buffer = malloc(MAX_TESTING_ADDRESSES * 20);
public_key_buffer = malloc(MAX_TESTING_ADDRESSES * sizeof(PointAffine));
handles_buffer = malloc(MAX_TESTING_ADDRESSES * sizeof(AddressHandle));
abort = 0;
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
ah = makeNewAddress(&(address_buffer[i * 20]), &(public_key_buffer[i]));
handles_buffer[i] = ah;
if (ah == BAD_ADDRESS_HANDLE)
{
printf("Couldn't create new address in new wallet\n");
abort = 1;
reportFailure();
break;
}
}
if (!abort)
{
reportSuccess();
}
if (getNumAddresses() == MAX_TESTING_ADDRESSES)
{
reportSuccess();
}
else
{
printf("getNumAddresses() returns wrong number of addresses\n");
reportFailure();
}
// The wallet should contain unique addresses.
abort_duplicate = 0;
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
for (j = 0; j < i; j++)
{
if (!memcmp(&(address_buffer[i * 20]), &(address_buffer[j * 20]), 20))
{
printf("Wallet has duplicate addresses\n");
abort_duplicate = 1;
reportFailure();
break;
}
}
}
if (!abort_duplicate)
{
reportSuccess();
}
// The wallet should contain unique public keys.
abort_duplicate = 0;
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
for (j = 0; j < i; j++)
{
if (bigCompare(public_key_buffer[i].x, public_key_buffer[j].x) == BIGCMP_EQUAL)
{
printf("Wallet has duplicate public keys\n");
abort_duplicate = 1;
reportFailure();
break;
}
}
}
if (!abort_duplicate)
{
reportSuccess();
}
// The address handles should start at 1 and be sequential.
abort = 0;
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
if (handles_buffer[i] != (AddressHandle)(i + 1))
{
printf("Address handle %d should be %d, but got %d\n", i, i + 1, (int)handles_buffer[i]);
abort = 1;
reportFailure();
break;
}
}
if (!abort)
{
reportSuccess();
}
// While there's a bunch of addresses in the wallet, check that
// getAddressAndPublicKey() obtains the same address and public key as
// makeNewAddress().
abort_error = 0;
abort = 0;
for (i = 0; i < MAX_TESTING_ADDRESSES; i++)
{
ah = handles_buffer[i];
if (getAddressAndPublicKey(address1, &public_key, ah) != WALLET_NO_ERROR)
{
printf("Couldn't obtain address in wallet\n");
abort_error = 1;
reportFailure();
break;
}
if ((memcmp(address1, &(address_buffer[i * 20]), 20))
|| (bigCompare(public_key.x, public_key_buffer[i].x) != BIGCMP_EQUAL)
|| (bigCompare(public_key.y, public_key_buffer[i].y) != BIGCMP_EQUAL))
{
printf("getAddressAndPublicKey() returned mismatching address or public key, ah = %d\n", i);
abort = 1;
reportFailure();
break;
}
}
if (!abort)
{
reportSuccess();
}
if (!abort_error)
{
reportSuccess();
}
// Test getAddressAndPublicKey() and getPrivateKey() functions using
// invalid and then valid address handles.
if (getAddressAndPublicKey(temp, &public_key, 0) == WALLET_INVALID_HANDLE)
{
reportSuccess();
}
else
{
printf("getAddressAndPublicKey() doesn't recognise 0 as invalid address handle\n");
reportFailure();
}
if (getPrivateKey(temp, 0) == WALLET_INVALID_HANDLE)
{
reportSuccess();
}
else
{
printf("getPrivateKey() doesn't recognise 0 as invalid address handle\n");
reportFailure();
}
if (getAddressAndPublicKey(temp, &public_key, BAD_ADDRESS_HANDLE) == WALLET_INVALID_HANDLE)
{
reportSuccess();
}
else
{
printf("getAddressAndPublicKey() doesn't recognise BAD_ADDRESS_HANDLE as invalid address handle\n");
reportFailure();
}
if (getPrivateKey(temp, BAD_ADDRESS_HANDLE) == WALLET_INVALID_HANDLE)
{
reportSuccess();
}
else
{
printf("getPrivateKey() doesn't recognise BAD_ADDRESS_HANDLE as invalid address handle\n");
reportFailure();
}
if (getAddressAndPublicKey(temp, &public_key, handles_buffer[0]) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getAddressAndPublicKey() doesn't recognise valid address handle\n");
reportFailure();
}
if (getPrivateKey(temp, handles_buffer[0]) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getPrivateKey() doesn't recognise valid address handle\n");
reportFailure();
}
free(address_buffer);
free(public_key_buffer);
free(handles_buffer);
// Check that changeEncryptionKey() works.
memset(new_encryption_key, 0, WALLET_ENCRYPTION_KEY_LENGTH);
new_encryption_key[0] = 1;
if (changeEncryptionKey(new_encryption_key) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("Couldn't change encryption key\n");
reportFailure();
}
// Check that the version field is "encrypted wallet".
if (getWalletInfo(version, temp) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getWalletInfo() failed after changeEncryptionKey() was called\n");
reportFailure();
}
if (readU32LittleEndian(version) == VERSION_IS_ENCRYPTED)
{
reportSuccess();
}
else
{
printf("changeEncryptionKey() does not set version to encrypted wallet\n");
reportFailure();
}
// Check name matches what was given in newWallet().
if (!memcmp(temp, name, NAME_LENGTH))
{
reportSuccess();
}
else
{
printf("getWalletInfo() doesn't return correct name when wallet is loaded\n");
reportFailure();
}
// Check that getWalletInfo() still works after unloading wallet.
uninitWallet();
if (getWalletInfo(version, temp) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("getWalletInfo() failed after uninitWallet() was called\n");
reportFailure();
}
if (readU32LittleEndian(version) == VERSION_IS_ENCRYPTED)
{
reportSuccess();
}
else
{
printf("uninitWallet() caused wallet version to change\n");
reportFailure();
}
// Check name matches what was given in newWallet().
if (!memcmp(temp, name, NAME_LENGTH))
{
reportSuccess();
}
else
{
printf("getWalletInfo() doesn't return correct name when wallet is not loaded\n");
reportFailure();
}
// Change wallet's name and check that getWalletInfo() reflects the
// name change.
initWallet();
memcpy(name, "HHHHH HHHHHHHHHHHHHHHHH HHHHHHHHHHHHHH ", NAME_LENGTH);
if (changeWalletName(name) == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("changeWalletName() couldn't change name\n");
reportFailure();
}
getWalletInfo(version, temp);
if (!memcmp(temp, name, NAME_LENGTH))
{
reportSuccess();
}
else
{
printf("getWalletInfo() doesn't reflect name change\n");
reportFailure();
}
// Check that name change is preserved when unloading and loading a
// wallet.
uninitWallet();
getWalletInfo(version, temp);
if (!memcmp(temp, name, NAME_LENGTH))
{
reportSuccess();
}
else
{
printf("getWalletInfo() doesn't reflect name change after unloading wallet\n");
reportFailure();
}
// Check that initWallet() succeeds (changing the name changes the
// checksum, so this tests whether the checksum was updated).
if (initWallet() == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("initWallet() failed after name change\n");
reportFailure();
}
getWalletInfo(version, temp);
if (!memcmp(temp, name, NAME_LENGTH))
{
reportSuccess();
}
else
{
printf("getWalletInfo() doesn't reflect name change after reloading wallet\n");
reportFailure();
}
// Check that loading the wallet with the old key fails.
uninitWallet();
setEncryptionKey(encryption_key);
if (initWallet() == WALLET_NOT_THERE)
{
reportSuccess();
}
else
{
printf("Loading wallet with old encryption key succeeds\n");
reportFailure();
}
// Check that loading the wallet with the new key succeeds.
uninitWallet();
setEncryptionKey(new_encryption_key);
if (initWallet() == WALLET_NO_ERROR)
{
reportSuccess();
}
else
{
printf("Loading wallet with new encryption key fails\n");
reportFailure();
}
// Test the getAddressAndPublicKey() and getPrivateKey() functions on an
// empty wallet.
newWallet(name);
if (getAddressAndPublicKey(temp, &public_key, 0) == WALLET_EMPTY)
{
reportSuccess();
}
else
{
printf("getAddressAndPublicKey() doesn't deal with empty wallets correctly\n");
reportFailure();
}
if (getPrivateKey(temp, 0) == WALLET_EMPTY)
{
reportSuccess();
}
else
{
printf("getPrivateKey() doesn't deal with empty wallets correctly\n");
reportFailure();
}
fclose(wallet_test_file);
finishTests();
exit(0);
}
static int suitebServer( const int testNo, const char *hostName,
const int port, const int flags,
const BOOLEAN isServerTest )
{
CRYPT_SESSION cryptSession;
CRYPT_CONTEXT privateKey;
const SUITEB_TEST_INFO *testInfoPtr = isServerTest ? \
&serverTestInfo[ testNo ] : &clientTestInfo[ testNo ];
const char *testName = testInfoPtr->testName;
const BOOLEAN isLoopbackTest = \
( !strcmp( hostName, "localhost" ) && port == 0 ) ? TRUE : FALSE;
const BOOLEAN sendHTTP = \
( flags & TESTFLAG_SENDHTTPREQ ) ? TRUE : FALSE;
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
#ifdef UNICODE_STRINGS
wchar_t wcBuffer[ FILENAME_BUFFER_SIZE ];
#endif /* UNICODE_STRINGS */
SPECIAL_HANDLING_TYPE handlingTypeAlt = SPECIAL_NONE;
void *fileNamePtr = filenameBuffer;
int status;
/* Make sure that we've been given a valid test number to run */
if( isServerTest )
{
if( testNo < SUITEB_FIRST_SERVER || testNo > SUITEB_LAST_SERVER )
return( FALSE );
}
else
{
if( testNo < SUITEB_FIRST_CLIENT || testNo > SUITEB_LAST_CLIENT )
return( FALSE );
}
/* If it's an alias for another test, select the base test */
if( testInfoPtr->aliasTestName != NULL )
{
handlingTypeAlt = testInfoPtr->handlingType;
testInfoPtr = findAliasTest( isServerTest ? \
&serverTestInfo[ 1 ] : &clientTestInfo[ 1 ],
testInfoPtr->aliasTestName );
if( testInfoPtr == NULL )
{
assert( 0 );
return( FALSE );
}
}
/* Acquire the init mutex */
acquireMutex();
cryptSuiteBTestConfig( SUITEB_TEST_NONE ); /* Clear any custom config */
printf( "SVR: Running Suite B server " );
if( flags & TESTFLAG_GENERIC )
printf( "as generic test server.\n" );
else
printf( "with test %s.\n", testInfoPtr->testName );
/* Create the SSL/TLS session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED,
CRYPT_SESSION_SSL_SERVER );
if( status == CRYPT_ERROR_PARAM3 ) /* SSL/TLS session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "cryptCreateSession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_VERSION, 3 );
if( cryptStatusOK( status ) && testInfoPtr->serverOptions != 0 )
{
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_SSL_OPTIONS,
testInfoPtr->serverOptions );
}
if( testInfoPtr->clientAuthKeySizeBits > 0 )
{
/* Tell the test code to expect a client certificate */
cryptSuiteBTestConfig( 1000 );
}
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Set up the server information */
if( isLoopbackTest )
{
/* We're running the loopback test, set up a local connect */
if( !setLocalConnect( cryptSession, 443 ) )
return( FALSE );
}
else
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME,
hostName, strlen( hostName ) );
if( cryptStatusOK( status ) && port != 0 && port != 443 )
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_SERVER_PORT, port );
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute()/cryptSetAttributeString() failed "
"with error code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
}
/* Set any custom server configuration that may be required. We have to
do this before we set the server key since some of the tests involve
invalid server keys */
switch( testInfoPtr->handlingType )
{
case SPECIAL_SVR_INVALIDCURVE:
/* Server sends non-Suite B curve */
status = cryptSuiteBTestConfig( SUITEB_TEST_SVRINVALIDCURVE );
break;
case SPECIAL_BOTH_SUPPCURVES:
/* Client must send both P256 and P384 in supported curves
extension */
status = cryptSuiteBTestConfig( SUITEB_TEST_BOTHCURVES );
break;
case SPECIAL_BOTH_SIGALGO:
/* Client must send both SHA256 and SHA384 in signature algos
extension */
status = cryptSuiteBTestConfig( SUITEB_TEST_BOTHSIGALGOS );
break;
}
if( cryptStatusError( status ) )
{
printf( "Custom config set failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Add the server key */
filenameFromTemplate( filenameBuffer, SERVER_ECPRIVKEY_FILE_TEMPLATE,
testInfoPtr->serverKeySizeBits );
#ifdef UNICODE_STRINGS
mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
fileNamePtr = wcBuffer;
#endif /* UNICODE_STRINGS */
status = getPrivateKey( &privateKey, fileNamePtr, USER_PRIVKEY_LABEL,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_PRIVATEKEY,
privateKey );
cryptDestroyContext( privateKey );
}
if( cryptStatusError( status ) )
{
printf( "SVR: cryptSetAttribute/AttributeString() failed with error "
"code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
/* For the loopback test we also increase the connection timeout to a
higher-than-normal level, since this gives us more time for tracing
through the code when debugging */
cryptSetAttribute( cryptSession, CRYPT_OPTION_NET_CONNECTTIMEOUT, 120 );
/* Tell the client that we're ready to go */
releaseMutex();
/* Activate the server session */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, TRUE );
if( ( testInfoPtr->result && !cryptStatusOK( status ) ) || \
( !testInfoPtr->result && !cryptStatusError( status ) ) )
{
if( testInfoPtr->result )
printf( "SVR: Test %s failed, should have succeeded.\n",
testName );
else
printf( "SVR: Test %s succeeded, should have failed.\n",
testName );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, "SVR: Failure reason is:", status,
__LINE__ );
}
cryptDestroySession( cryptSession );
return( FALSE );
}
/* Perform any custom post-activation checking that may be required */
if( testInfoPtr->handlingType != 0 || handlingTypeAlt != 0 )
{
const SPECIAL_HANDLING_TYPE handlingType = \
( handlingTypeAlt != 0 ) ? handlingTypeAlt : \
testInfoPtr->handlingType;
BYTE buffer[ 1024 ];
int length;
switch( handlingType )
{
case SPECIAL_CLI_TLSALERT:
status = cryptGetAttributeString( cryptSession,
CRYPT_ATTRIBUTE_ERRORMESSAGE, buffer,
&length );
if( cryptStatusError( status ) || \
memcmp( buffer, "Received TLS alert", 18 ) )
{
printf( "SVR: Test %s should have returned a TLS alert "
"but didn't.\n", testName );
return( FALSE );
}
break;
}
}
/* If we're being asked to send HTTP data, return a basic HTML page */
if( sendHTTP )
{
const char serverReply[] = \
"HTTP/1.0 200 OK\n"
"Date: Fri, 7 September 2010 20:02:07 GMT\n"
"Server: cryptlib Suite B test\n"
"Content-Type: text/html\n"
"Connection: Close\n"
"\n"
"<!DOCTYPE HTML SYSTEM \"html.dtd\">\n"
"<html>\n"
"<head>\n"
"<title>cryptlib Suite B test page</title>\n"
"<body>\n"
"Test message from the cryptlib Suite B server.<p>\n"
"</body>\n"
"</html>\n";
char buffer[ FILEBUFFER_SIZE ];
int bytesCopied;
/* Print the text of the request from the client */
status = cryptPopData( cryptSession, buffer, FILEBUFFER_SIZE,
&bytesCopied );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, "SVR: Attempt to read data from "
"client", status, __LINE__ );
cryptDestroySession( cryptSession );
return( FALSE );
}
buffer[ bytesCopied ] = '\0';
printf( "---- Client sent %d bytes ----\n", bytesCopied );
puts( buffer );
puts( "---- End of output ----" );
/* Send a reply */
status = cryptPushData( cryptSession, serverReply,
sizeof( serverReply ) - 1, &bytesCopied );
if( cryptStatusOK( status ) )
status = cryptFlushData( cryptSession );
if( cryptStatusError( status ) || \
bytesCopied != sizeof( serverReply ) - 1 )
{
printExtError( cryptSession, "Attempt to send data to client",
status, __LINE__ );
cryptDestroySession( cryptSession );
return( FALSE );
}
}
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
printf( "SVR: Suite B server test %s succeeded.\n", testName );
return( TRUE );
}
static int fuzzSession( const CRYPT_SESSION_TYPE sessionType )
{
CRYPT_SESSION cryptSession;
const BOOLEAN isServer = \
( sessionType == CRYPT_SESSION_SSH_SERVER || \
sessionType == CRYPT_SESSION_SSL_SERVER || \
sessionType == CRYPT_SESSION_OCSP_SERVER || \
sessionType == CRYPT_SESSION_TSP_SERVER || \
sessionType == CRYPT_SESSION_CMP_SERVER || \
sessionType == CRYPT_SESSION_SCEP_SERVER ) ? \
TRUE : FALSE;
int status;
/* Create the session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType );
if( cryptStatusError( status ) )
return( status );
/* Set up the various attributes needed to establish a minimal session */
if( !isServer )
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME,
"www.example.com", 15 );
if( cryptStatusError( status ) )
return( status );
}
if( isServer )
{
CRYPT_CONTEXT cryptPrivKey;
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
filenameFromTemplate( filenameBuffer,
SERVER_PRIVKEY_FILE_TEMPLATE, 1 );
status = getPrivateKey( &cryptPrivKey, filenameBuffer,
USER_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY,
cryptPrivKey );
cryptDestroyContext( cryptPrivKey );
}
if( cryptStatusError( status ) )
return( status );
}
if( sessionType == CRYPT_SESSION_SSH || \
sessionType == CRYPT_SESSION_SSH_SERVER )
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_USERNAME,
SSH_USER_NAME,
paramStrlen( SSH_USER_NAME ) );
if( cryptStatusOK( status ) )
{
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_PASSWORD,
SSH_PASSWORD,
paramStrlen( SSH_PASSWORD ) );
}
if( cryptStatusError( status ) )
return( status );
}
status = cryptSetFuzzData( cryptSession, NULL, 0 );
cryptDestroySession( cryptSession );
return( CRYPT_OK );
}
