ELSE (CXXABI STREQUAL "cxx11")
SET(TARGET_TPKP_COMMON_LIB "tpkp-common")
SET(TARGET_TPKP_CURL_LIB "tpkp-curl")
-SET(TARGET_TPKP_GNUTLS_LIB "tpkp-gnutls")
SET(TARGET_TPKP_POPUP "tpkp-popup")
ENDIF (CXXABI STREQUAL "cxx03")
ELSE (CXXABI NOT STREQUAL "cxx03")
CONFIGURE_FILE(tpkp-curl.pc.in tpkp-curl.pc @ONLY)
-CONFIGURE_FILE(tpkp-gnutls.pc.in tpkp-gnutls.pc @ONLY)
INSTALL(
FILES
tpkp-curl.pc
- tpkp-gnutls.pc
DESTINATION
${LIB_INSTALL_DIR}/pkgconfig
)
BuildRequires: cmake
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(libcurl)
-BuildRequires: pkgconfig(gnutls)
BuildRequires: pkgconfig(openssl)
Requires: /sbin/ldconfig
Tizen HPKP library development files including headers and
pkgconfig.
-%package gnutls
-Summary: Https Public Key Pinning for Tizen platform (GnuTLS)
-Group: Security/Libraries
-Requires: %name = %version-%release
-
-%description gnutls
-Https Public Key Pinning for Tizen platform system framework (GnuTLS).
-
-%package gnutls-devel
-Summary: Tizen HPKP library development files
-Group: Development/Libraries
-Requires: %name-gnutls = %version-%release
-
-%description gnutls-devel
-Tizen HPKP GnuTLS library development files including headers and
-pkgconfig.
-
%package ui
Summary: Tizen HPKP ui daemon
Group: Development/Libraries
%endif
popd
-pushd %{buildroot}%{_includedir}/tpkp/gnutls
-mv tpkp_gnutls.h %{_builddir}/%{name}-%{version}
-popd
-
pushd %{buildroot}%_unitdir_user/
mv %name-popup.* %{_builddir}/%{name}-%{version}
popd
for FILE in tpkp-internal*; do mv "$FILE" "%{buildroot}%{_bindir}/$FILE"; done
%endif
mv tpkp-popup %{buildroot}%{_bindir}
-mkdir -p %{buildroot}%{_includedir}/tpkp/gnutls
-mv tpkp_gnutls.h %{buildroot}%{_includedir}/tpkp/gnutls/tpkp_gnutls.h
mv %name-popup.socket %{buildroot}%_unitdir_user
mv %name-popup.service %{buildroot}%_unitdir_user
mv tpkp*.pc %{buildroot}%{_libdir}/pkgconfig/
%_unitdir_user/sockets.target.wants/%name-popup.socket
%_bindir/tpkp-popup
-%files gnutls
-%_libdir/libtpkp-gnutls.so.*
-
-%files gnutls-devel
-%_includedir/tpkp/gnutls/tpkp_gnutls.h
-%_libdir/pkgconfig/tpkp-gnutls.pc
-%_libdir/libtpkp-gnutls.so
-
%files devel
%_includedir/tpkp/common/tpkp_error.h
%_includedir/tpkp/curl/tpkp_curl.h
#
ADD_SUBDIRECTORY(common)
ADD_SUBDIRECTORY(curl)
-ADD_SUBDIRECTORY(gnutls)
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @brief TPKP gnutls lib makefile
-#
-IF (CXXABI STREQUAL "cxx11")
-PKG_CHECK_MODULES(TPKP_GNUTLS_DEP
- REQUIRED
- gnutls
- dlog
- )
-
-INCLUDE_DIRECTORIES(
- SYSTEM
- include
- ${PROJECT_SOURCE_DIR}/src/common/include # common library interface header
- ${TPKP_GNUTLS_DEP_INCLUDE_DIRS}
- )
-
-SET(TPKP_GNUTLS_SRCS
- tpkp_gnutls.cpp
- )
-
-ADD_LIBRARY(${TARGET_TPKP_GNUTLS_LIB} SHARED ${TPKP_GNUTLS_SRCS})
-
-SET_TARGET_PROPERTIES(${TARGET_TPKP_GNUTLS_LIB}
- PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
- SOVERSION ${SO_VERSION}
- VERSION ${VERSION}
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_TPKP_GNUTLS_LIB}
- ${TARGET_TPKP_COMMON_LIB}
- ${TPKP_GNUTLS_DEP_LIBRARIES}
- )
-
-INSTALL(TARGETS ${TARGET_TPKP_GNUTLS_LIB} DESTINATION ${LIB_INSTALL_DIR})
-
-INSTALL(FILES include/tpkp_gnutls.h DESTINATION ${INCLUDEDIR}/tpkp/gnutls)
-ENDIF (CXXABI STREQUAL "cxx11")
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file tpkp_gnutls.h
- * @author Kyungwook Tak (k.tak@samsung.com)
- * @version 1.0
- * @brief Tizen Https Public Key Pinning interface for gnutls.
- */
-#ifndef TPKP_GNUTLS_H_
-#define TPKP_GNUTLS_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <gnutls/gnutls.h>
-#include <tpkp_error.h>
-
-/*
- * @brief gnutls_certificate_verify_function of verifying pubkey pinning.
- *
- * @remarks Set by gnutls_certificate_verify_function().
- * @remarks tpkp_gnutls_set_url_data() should be called to set url data before.
- * @remarks Verify callback should be called in same thread which calls
- * tpkp_gnutls_set_url_data().
- *
- * @param[in] session gnutls session of current connection.
- *
- * @return return 0 for the handshake to continue, otherwise return non-zero to terminate.
- *
- * @see tpkp_gnutls_set_url_data()
- */
-int tpkp_gnutls_verify_callback(gnutls_session_t session);
-
-/*
- * @brief Sets current url to check pinned info by certificate verify callback.
- *
- * @remarks Url data is saved thread-specifically.
- * @remarks tpkp_gnutls_cleanup() should be called before current thread ended or
- * tpkp_gnutls_cleanup_all() should be called on thread globally before the
- * process ended to use gnutls.
- *
- * @param[in] url url which is null terminated c string
- *
- * @return #TPKP_E_NONE on success.
- *
- * @see tpkp_gnutls_cleanup()
- * @see tpkp_gnutls_cleanup_all()
- */
-tpkp_e tpkp_gnutls_set_url_data(const char *url);
-
-/*
- * @brief Cleans up memory of current thread.
- *
- * @remarks Only cleans up current thread's specific memory. It should be called inside
- * of thread before end.
- * @remarks Call beside of gnutls_deinit().
- *
- * @see tpkp_gnutls_set_url_data()
- */
-void tpkp_gnutls_cleanup(void);
-
-/*
- * @brief Cleans up all memory used by tpkp_gnutls API.
- *
- * @remarks Should be called thread-globally, after all jobs done by worker threads.
- *
- * @see tpkp_gnutls_set_url_data()
- */
-void tpkp_gnutls_cleanup_all(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* TPKP_GNUTLS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file tpkp_gnutls.cpp
- * @author Kyungwook Tak (k.tak@samsung.com)
- * @version 1.0
- * @brief Tizen Https Public Key Pinning implementation for gnutls.
- */
-#include "tpkp_gnutls.h"
-
-#include <string>
-#include <memory>
-#include <map>
-#include <mutex>
-
-#include <gnutls/gnutls.h>
-#include <gnutls/abstract.h>
-#include <gnutls/x509.h>
-
-#include "tpkp_common.h"
-#include "tpkp_logger.h"
-#include "tpkp_client_cache.h"
-
-namespace {
-
-using Decision = TPKP::ClientCache::Decision;
-
-TPKP::ClientCache g_cache;
-
-inline int err_tpkp_to_gnutlse(tpkp_e err) noexcept
-{
- switch (err) {
- case TPKP_E_NONE: return GNUTLS_E_SUCCESS;
- case TPKP_E_MEMORY: return GNUTLS_E_MEMORY_ERROR;
- case TPKP_E_INVALID_URL: return GNUTLS_E_INVALID_SESSION;
- case TPKP_E_NO_URL_DATA: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- case TPKP_E_PUBKEY_MISMATCH: return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- case TPKP_E_INVALID_CERT:
- case TPKP_E_INVALID_PEER_CERT_CHAIN:
- case TPKP_E_FAILED_GET_PUBKEY_HASH: return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- case TPKP_E_CERT_VERIFICATION_FAILED: return GNUTLS_E_CERTIFICATE_ERROR;
- case TPKP_E_STD_EXCEPTION:
- case TPKP_E_INTERNAL:
- default: return GNUTLS_E_INTERNAL_ERROR;
- }
-}
-
-using GnutlsX509Ptr = std::unique_ptr<gnutls_x509_crt_t, void(*)(gnutls_x509_crt_t *)>;
-inline GnutlsX509Ptr createGnutlsX509Ptr(void)
-{
- return GnutlsX509Ptr(new gnutls_x509_crt_t, [](gnutls_x509_crt_t *ptr) {
- if (!!ptr) gnutls_x509_crt_deinit(*ptr);
- });
-}
-
-TPKP::RawBuffer getPubkeyHash(gnutls_x509_crt_t cert, TPKP::HashAlgo algo)
-{
- std::unique_ptr<gnutls_pubkey_t, void(*)(gnutls_pubkey_t *)>
- pubkeyPtr(new gnutls_pubkey_t, [](gnutls_pubkey_t *ptr)->void
- {
- if (ptr != nullptr)
- gnutls_pubkey_deinit(*ptr);
- });
-
- int ret = gnutls_pubkey_init(pubkeyPtr.get());
- TPKP_CHECK_THROW_EXCEPTION(ret == GNUTLS_E_SUCCESS,
- TPKP_E_INTERNAL,
- "Failed to gnutls_pubkey_init. gnutls ret: " << ret);
-
- ret = gnutls_pubkey_import_x509(*pubkeyPtr, cert, 0);
- TPKP_CHECK_THROW_EXCEPTION(ret == GNUTLS_E_SUCCESS,
- TPKP_E_INVALID_CERT,
- "Failed to gnutls_pubkey_import_x509. gnutls ret: " << ret);
-
- size_t len = 0;
- ret = gnutls_pubkey_export(*pubkeyPtr, GNUTLS_X509_FMT_DER, nullptr, &len);
- TPKP_CHECK_THROW_EXCEPTION(
- (ret == GNUTLS_E_SHORT_MEMORY_BUFFER || ret == GNUTLS_E_SUCCESS) && len != 0,
- TPKP_E_INVALID_CERT,
- "Failed to gnutls_pubkey_export for getting size. gnutls ret: "
- << ret << " desc: " << gnutls_strerror(ret) << " size: " << len);
-
- TPKP::RawBuffer derbuf(len, 0x00);
- ret = gnutls_pubkey_export(*pubkeyPtr, GNUTLS_X509_FMT_DER, derbuf.data(), &len);
- TPKP_CHECK_THROW_EXCEPTION(ret == GNUTLS_E_SUCCESS && len == derbuf.size(),
- TPKP_E_INVALID_CERT,
- "Failed to gnutls_pubkey_export. gnutls ret: "
- << ret << " desc: " << gnutls_strerror(ret));
-
- gnutls_datum_t pubkeyder = {
- derbuf.data(),
- static_cast<unsigned int>(derbuf.size())
- };
-
- auto gnutlsHashAlgo = GNUTLS_DIG_SHA1; /* default hash alog */
- TPKP::RawBuffer out;
- switch (algo) {
- case TPKP::HashAlgo::SHA1:
- out.resize(TPKP::typeCast(TPKP::HashSize::SHA1), 0x00);
- len = out.size();
- gnutlsHashAlgo = GNUTLS_DIG_SHA1;
- break;
-
- case TPKP::HashAlgo::SHA256:
- out.resize(TPKP::typeCast(TPKP::HashSize::SHA256), 0x00);
- len = out.size();
- gnutlsHashAlgo = GNUTLS_DIG_SHA256;
- break;
-
- default:
- TPKP_CHECK_THROW_EXCEPTION(
- false,
- TPKP_E_INTERNAL,
- "Invalid hash algo type in getPubkeyHash.");
- }
-
- ret = gnutls_fingerprint(gnutlsHashAlgo, &pubkeyder, out.data(), &len);
- TPKP_CHECK_THROW_EXCEPTION(ret == GNUTLS_E_SUCCESS && len == out.size(),
- TPKP_E_FAILED_GET_PUBKEY_HASH,
- "Failed to gnutls_fingerprint. gnutls ret: "
- << ret << " desc: " << gnutls_strerror(ret));
-
- return out;
-}
-
-GnutlsX509Ptr d2iCert(const gnutls_datum_t *datum)
-{
- auto crtPtr = createGnutlsX509Ptr();
-
- TPKP_CHECK_THROW_EXCEPTION(
- gnutls_x509_crt_init(crtPtr.get()) == GNUTLS_E_SUCCESS,
- TPKP_E_INTERNAL, "Failed to gnutls_x509_crt_init.");
- TPKP_CHECK_THROW_EXCEPTION(
- gnutls_x509_crt_import(*crtPtr, datum, GNUTLS_X509_FMT_DER) >= 0,
- TPKP_E_INTERNAL, "Failed to import DER to gnutls crt");
-
- return crtPtr;
-}
-
-/*
- * Need not to gnutls_x509_crt_deinit for returned value unless GNUTLS_TL_GET_COPY
- * flag is used.
- * Refer API description of gnutls_certificate_get_issuer.
- *
- * gnutls_certificate_get_issuer will return the issuer of a given certificate.
- * As with gnutls_x509_trust_list_get_issuer() this functions requires the
- * GNUTLS_TL_GET_COPY flag in order to operate with PKCS11 trust list. In
- * that case the issuer must be freed using gnutls_x509_crt_init().
- */
-gnutls_x509_crt_t getIssuer(gnutls_session_t session, gnutls_x509_crt_t cert)
-{
- gnutls_certificate_credentials_t cred;
- TPKP_CHECK_THROW_EXCEPTION(
- gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void **)&cred)
- == GNUTLS_E_SUCCESS,
- TPKP_E_INTERNAL, "Failed to get credential on session");
-
- gnutls_x509_crt_t issuer;
- TPKP_CHECK_THROW_EXCEPTION(
- gnutls_x509_crt_init(&issuer) == GNUTLS_E_SUCCESS,
- TPKP_E_INTERNAL, "Failed to gnutls_x509_crt_init");
-
- TPKP_CHECK_THROW_EXCEPTION(
- gnutls_certificate_get_issuer(cred, cert, &issuer, 0) == GNUTLS_E_SUCCESS,
- TPKP_E_INTERNAL,
- "Failed to get issuer! It's internal error because verify peer2 success already");
-
- return issuer;
-}
-
-}
-
-EXPORT_API
-int tpkp_gnutls_verify_callback(gnutls_session_t session)
-{
- tpkp_e res = TPKP::ExceptionSafe([&]{
- gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
- if (type != GNUTLS_CRT_X509) {
- /*
- * TODO: what should we do if it's not x509 type cert?
- * for now, just return 0 which means verification success
- */
- SLOGW("Certificate type of session isn't X509. skipt for now...");
- return;
- }
-
- unsigned int status = 0;
- int res = gnutls_certificate_verify_peers2(session, &status);
- TPKP_CHECK_THROW_EXCEPTION(res == GNUTLS_E_SUCCESS,
- TPKP_E_CERT_VERIFICATION_FAILED,
- "Failed to certificate verify peers2.. res: " << gnutls_strerror(res));
-
- TPKP_CHECK_THROW_EXCEPTION(status == 0,
- TPKP_E_CERT_VERIFICATION_FAILED,
- "Peer certificate verification failed!! status: " << status);
-
- std::string url = g_cache.getUrl();
-
- TPKP_CHECK_THROW_EXCEPTION(
- !url.empty(),
- TPKP_E_NO_URL_DATA,
- "No url of found in client cache!!");
-
- switch (g_cache.getDecision(url)) {
- case Decision::ALLOWED:
- SLOGD("allow decision exist on url[%s]", url.c_str());
- return;
-
- case Decision::DENIED:
- TPKP_THROW_EXCEPTION(TPKP_E_PUBKEY_MISMATCH,
- "deny decision exist on url: " << url);
-
- default:
- break; /* go ahead to make decision */
- }
-
- TPKP::Context ctx(url);
- if (!ctx.hasPins()) {
- SLOGI("Skip. No static pin data for url: %s", url.c_str());
- return;
- }
-
- unsigned int listSize = 0;
- const gnutls_datum_t *certChain = gnutls_certificate_get_peers(session, &listSize);
- TPKP_CHECK_THROW_EXCEPTION(certChain != nullptr && listSize != 0,
- TPKP_E_INVALID_PEER_CERT_CHAIN,
- "no certificate from peer!");
-
- for (unsigned int i = 0; i < listSize; i++) {
- auto crtPtr = d2iCert(certChain++);
-
- ctx.addPubkeyHash(
- TPKP::HashAlgo::DEFAULT,
- getPubkeyHash(*crtPtr, TPKP::HashAlgo::DEFAULT));
-
- /* add additional root CA cert for last one */
- if (i == listSize - 1) {
- auto issuer = getIssuer(session, *crtPtr);
-
- ctx.addPubkeyHash(
- TPKP::HashAlgo::DEFAULT,
- getPubkeyHash(issuer, TPKP::HashAlgo::DEFAULT));
- }
- }
-
- bool isMatched = ctx.checkPubkeyPins();
-
- /* update decision cache */
- g_cache.setDecision(url, isMatched ? Decision::ALLOWED : Decision::DENIED);
-
- TPKP_CHECK_THROW_EXCEPTION(isMatched,
- TPKP_E_PUBKEY_MISMATCH, "THe pubkey mismatched with pinned data!");
- });
-
- return err_tpkp_to_gnutlse(res);
-}
-
-EXPORT_API
-tpkp_e tpkp_gnutls_set_url_data(const char *url)
-{
- return TPKP::ExceptionSafe([&]{
- g_cache.setUrl(url);
- });
-}
-
-EXPORT_API
-void tpkp_gnutls_cleanup(void)
-{
- tpkp_e res = TPKP::ExceptionSafe([&]{
- g_cache.eraseUrl();
- });
-
- (void) res;
-}
-
-EXPORT_API
-void tpkp_gnutls_cleanup_all(void)
-{
- g_cache.eraseUrlAll();
-}
REQUIRED
openssl
libcurl
- gnutls
)
INCLUDE_DIRECTORIES(
SYSTEM
${TEST_TPKP_DEP_INCLUDE_DIRS}
${PROJECT_SOURCE_DIR}/src/curl/include # tpkp API header
- ${PROJECT_SOURCE_DIR}/src/gnutls/include # tpkp API header
${PROJECT_SOURCE_DIR}/src/common/include # tpkp error header in common
)
colour_log_formatter.cpp
colors.cpp
main.cpp
- gnutls_test.cpp
curl_test.cpp
)
TARGET_LINK_LIBRARIES(${TARGET_TPKP_TEST}
${TEST_TPKP_DEP_LIBRARIES}
- ${TARGET_TPKP_GNUTLS_LIB}
${TARGET_TPKP_CURL_LIB}
boost_unit_test_framework
-pthread
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file gnutls_sample.cpp
- * @author Kyungwook Tak (k.tak@samsung.com)
- * @version 1.0
- * @brief tpkp_gnutls unit test.
- */
-#include <iostream>
-#include <vector>
-#include <string>
-#include <thread>
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-#include <gnutls/gnutls.h>
-#include <tpkp_gnutls.h>
-#include <boost/test/unit_test.hpp>
-
-namespace {
-
-struct DataSet {
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- int sockfd;
-};
-
-static std::vector<std::string> s_urlList = {
- "www.google.com",
- "www.youtube.com",
- "www.spideroak.com",
- "www.facebook.com",
- "www.dropbox.com",
- "www.twitter.com",
- "www.hackerrank.com", /* no pinned data exist */
- "www.algospot.com" /* no pinned data exist */
-};
-
-void connectWithUrl(const std::string &url, int &sockfd)
-{
- struct addrinfo *result;
- struct addrinfo hints;
- memset(&hints, 0x00, sizeof(struct addrinfo));
- hints.ai_family = AF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_CANONNAME;
-
- int s = getaddrinfo(url.c_str(), "https", &hints, &result);
- BOOST_REQUIRE_MESSAGE(s == 0, "getaddrinfo err code: " << s << " desc: " << gai_strerror(s));
-
- struct addrinfo *rp;
- for (rp = result; rp != nullptr; rp = rp->ai_next) {
- sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
- if (sockfd == -1)
- continue;
-
- if (connect(sockfd, rp->ai_addr, rp->ai_addrlen) != -1)
- break;
-
- close(sockfd);
- }
-
- BOOST_REQUIRE_MESSAGE(rp != nullptr, "Could not connect on url: " << url);
-
- std::cout << "url[" << url << "] canonname[" << result->ai_canonname << "] connected!" << std::endl;
-
- freeaddrinfo(result);
-}
-
-inline gnutls_certificate_credentials_t makeDefaultCred(gnutls_certificate_verify_function *verify_callback)
-{
- gnutls_certificate_credentials_t cred;
-
- int ret = gnutls_certificate_allocate_credentials(&cred);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret));
-
- ret = gnutls_certificate_set_x509_trust_file(cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM);
- BOOST_REQUIRE_MESSAGE(
- ret > 0,
- "Failed to gnutls_certificate_set_x509_trust_file ret: " << ret);
-
- gnutls_certificate_set_verify_function(cred, verify_callback);
-
- return cred;
-}
-
-DataSet makeDefaultSession(const std::string &url)
-{
- DataSet data;
-
- data.cred = makeDefaultCred(&tpkp_gnutls_verify_callback);
-
- int ret = gnutls_init(&data.session, GNUTLS_CLIENT);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls init session: " << gnutls_strerror(ret));
-
- ret = gnutls_set_default_priority(data.session);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to set default priority on session: " << gnutls_strerror(ret));
-
- ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls_credentials_set: " << gnutls_strerror(ret));
-
- connectWithUrl(url, data.sockfd);
-
- BOOST_REQUIRE_MESSAGE(
- tpkp_gnutls_set_url_data(url.c_str()) == TPKP_E_NONE,
- "Failed to tpkp_gnutls_set_url_data.");
-
- gnutls_transport_set_int(data.session, data.sockfd);
- gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- return data;
-}
-
-DataSet makeSessionWithoutPinning(const std::string &url)
-{
- DataSet data;
-
- int ret = gnutls_certificate_allocate_credentials(&data.cred);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret));
-
- ret = gnutls_init(&data.session, GNUTLS_CLIENT);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls init session: " << gnutls_strerror(ret));
-
- ret = gnutls_set_default_priority(data.session);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to set default priority on session: " << gnutls_strerror(ret));
-
- ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred);
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls_credentials_set: " << gnutls_strerror(ret));
-
- connectWithUrl(url, data.sockfd);
-
- gnutls_transport_set_int(data.session, data.sockfd);
- gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- return data;
-}
-/*
-DataSet makeDefaultSessionGlobal(const std::string &url)
-{
- int ret = gnutls_global_init();
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Failed to gnutls global init: " << gnutls_strerror(ret));
-
- return makeDefaultSession(url);
-}
-*/
-void performHandshake(DataSet &data)
-{
- int ret;
- do {
- ret = gnutls_handshake(data.session);
- } while (ret != GNUTLS_E_SUCCESS && gnutls_error_is_fatal(ret) == 0);
-
- BOOST_REQUIRE_MESSAGE(
- ret == GNUTLS_E_SUCCESS,
- "Handshake failed! err code: " << ret << " desc: " << gnutls_strerror(ret));
-}
-
-void cleanup(DataSet &data)
-{
- gnutls_bye(data.session, GNUTLS_SHUT_RDWR);
- if (data.sockfd > 0)
- close(data.sockfd);
- gnutls_certificate_free_credentials(data.cred);
- gnutls_deinit(data.session);
-
- tpkp_gnutls_cleanup();
-}
-/*
-void cleanupGlobal(DataSet &data)
-{
- cleanup(data);
- gnutls_global_deinit();
-}
-*/
-void perform(const std::string &url)
-{
- DataSet data = makeDefaultSession(url);
- performHandshake(data);
- cleanup(data);
-}
-
-void performWithoutPinning(const std::string &url)
-{
- DataSet data = makeSessionWithoutPinning(url);
- performHandshake(data);
- cleanup(data);
-}
-
-}
-
-BOOST_AUTO_TEST_SUITE(TPKP_GNUTLS_TEST)
-
-BOOST_AUTO_TEST_CASE(T00101_positive_1)
-{
- gnutls_global_init();
-
- perform(s_urlList[0]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00102_positive_2)
-{
- gnutls_global_init();
-
- perform(s_urlList[1]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00103_positive_3)
-{
- gnutls_global_init();
-
- perform(s_urlList[2]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00104_positive_4)
-{
- gnutls_global_init();
-
- perform(s_urlList[3]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00105_positive_5)
-{
- gnutls_global_init();
-
- perform(s_urlList[4]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00106_positive_6)
-{
- gnutls_global_init();
-
- perform(s_urlList[5]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00107_positive_7)
-{
- gnutls_global_init();
-
- perform(s_urlList[6]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00108_positive_8)
-{
- gnutls_global_init();
-
- perform(s_urlList[7]);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00109_positive_all_single_thread)
-{
- gnutls_global_init();
-
- for (const auto &url : s_urlList)
- perform(url);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_CASE(T00110_positive_all_single_thread_without_pinning)
-{
- gnutls_global_init();
-
- for (const auto &url : s_urlList)
- performWithoutPinning(url);
-
- gnutls_global_deinit();
-}
-
-BOOST_AUTO_TEST_SUITE_END()
+++ /dev/null
-libdir=@LIB_INSTALL_DIR@
-includedir=@INCLUDEDIR@
-
-Name: tpkp-gnutls
-Description: Tizen HPKP for gnutls
-Version: @VERSION@
-Requires: gnutls
-Libs: -L${libdir} -ltpkp-gnutls -ltpkp-common
-Cflags: -I${includedir}/tpkp/gnutls -I${includedir}/tpkp/common
projects / platform / core / security / pubkey-pinning.git / commitdiff