/*
 * sslCipher.cpp - test SSL ciphersuite protocol negotiation, client 
 *				   and server side
 */
#include <Security/SecureTransport.h>
#include <Security/Security.h>
#include <clAppUtils/sslAppUtils.h>
#include <clAppUtils/ioSock.h>
#include <clAppUtils/sslThreading.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <utilLib/common.h>
#include <security_cdsa_utils/cuPrintCert.h>
#include <security_utilities/threading.h>
#include <security_utilities/devrandom.h>

#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <sys/param.h>

/* default start port; caller can specify random start port */
#define STARTING_PORT			5000

#define MIN_RAND_PORT			1500
#define MAX_RAND_PORT			7000

/*
 * Expected errors for negotiation failure 
 */
#define SERVER_NEGOTIATE_FAIL	errSSLNegotiation
#define CLIENT_NEGOTIATE_FAIL	errSSLPeerHandshakeFail

#define RSA_SERVER_KC			"localcert"
#define RSA_SERVER_ROOT			"localcert.cer"
#define DSA_SERVER_KC			"dsacert"
#define DSA_SERVER_ROOT			"dsacert.cer"

#define DH_PARAM_FILE_512		"dhParams_512.der"
#define DH_PARAM_FILE_1024		"dhParams_1024.der"

/* main() fills these in using sslKeychainPath() */
static char rsaKcPath[MAXPATHLEN];
static char dsaKcPath[MAXPATHLEN];

static void usage(char **argv)
{
	printf("Usage: %s [options]\n", argv[0]);
	printf("options:\n");
	printf("   q(uiet)\n");
	printf("   v(erbose)\n");
	printf("   p=startingPortNum\n");
	printf("   t=startTestNum\n");
	printf("   T=endTestNum\n");
	printf("   g=startGroupNum\n");
	printf("   l (large, 1024 bit Diffie-Hellman; default is 512)\n");
	printf("   r(andom start port, default=%d)\n", STARTING_PORT);
	printf("   b (non blocking I/O)\n");
	printf("   s=serverCertName; default %s\n", RSA_SERVER_ROOT);
	printf("   d=clientCertName; default %s\n", DSA_SERVER_ROOT);
	printf("   R (ringBuffer I/O)\n");
	exit(1);
}

/*
 * Parameters defining one group of tests
 */
typedef struct {
	const char		*groupDesc;	
	const char		*serveAcceptProts;
	const char		*clientAcceptProts;
	SSLProtocol		expectProt;	
} GroupParams;

/*
 * Certificate parameters
 */
typedef struct {
	const char	*kcName;		
	const char	*kcPassword;	// last component of KC name */
	const char 	*rootName;
} CertParams;

/*
 * Parameters defining one individual test
 */
typedef struct {
	const char				*testDesc;
	SSLCipherSuite			expectCipher;
	const CertParams		*certParams;
	/*
	 * In this test all failures are the same
	 */
	bool					shouldWork;
} CipherParams;

/* one of three cert params */
static CertParams certRSA = 	{ rsaKcPath, RSA_SERVER_KC, RSA_SERVER_ROOT };
static CertParams certDSA = 	{ dsaKcPath, DSA_SERVER_KC, DSA_SERVER_ROOT };
static CertParams certNone = 	{NULL, NULL};

/* Note we're skipping SSL2-specific testing for simplicity's sake */
static const GroupParams sslGroupParams[] = 
{
	{ "TLS1", "23t", "3t", kTLSProtocol1 },
	{ "SSL3", "23",  "3t", kSSLProtocol3 }
};
#define NUM_GROUP_PARAMS	\
	(sizeof(sslGroupParams) / sizeof(sslGroupParams[0]))
	
/* some special-purpose ciphersuite arrays */

#ifdef not_used
/* just SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
static const SSLCipherSuite suites_RsaExpDh40[] = {
	SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
	SSL_NO_SUCH_CIPHERSUITE
};
#endif

/* declare test name and expected cipher suite */
#define SSL_NAC(cname) #cname, cname

/*
 * Note: the client is the only side which actually gets to 
 * prioritize its requested CipherSuites. The server has to 
 * go along with the first one on the client's list which the 
 * server implements. 
 */
const CipherParams sslCipherParams[] = 
{
	{ 	
		SSL_NAC(TLS_RSA_WITH_AES_128_CBC_SHA),
		&certRSA, true
	},
	{ 	
		SSL_NAC(TLS_DH_DSS_WITH_AES_128_CBC_SHA),
		&certDSA, false
	},
	{ 	
		SSL_NAC(TLS_DH_RSA_WITH_AES_128_CBC_SHA),
		&certRSA, false
	},
	{ 	
		SSL_NAC(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),
		&certDSA, true
	},
	{ 	
		SSL_NAC(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),
		&certRSA, true
	},
	{ 	
		SSL_NAC(TLS_DH_anon_WITH_AES_128_CBC_SHA),
		&certNone, true
	},
	{ 	
		SSL_NAC(TLS_RSA_WITH_AES_256_CBC_SHA),
		&certRSA, true
	},
	{ 	
		SSL_NAC(TLS_DH_DSS_WITH_AES_256_CBC_SHA),
		&certDSA, false
	},
	{ 	
		SSL_NAC(TLS_DH_RSA_WITH_AES_256_CBC_SHA),
		&certRSA, false
	},
	{ 	
		SSL_NAC(TLS_DHE_DSS_WITH_AES_256_CBC_SHA),
		&certDSA, true
	},
	{ 	
		SSL_NAC(TLS_DHE_RSA_WITH_AES_256_CBC_SHA),
		&certRSA, true
	},
	{ 	
		SSL_NAC(TLS_DH_anon_WITH_AES_256_CBC_SHA),
		&certNone, true
	},
	{ 	
		SSL_NAC(SSL_RSA_EXPORT_WITH_RC4_40_MD5),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_RSA_WITH_RC4_128_MD5),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_RSA_WITH_RC4_128_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),
		&certRSA, true
	},
	/* skip SSL_RSA_WITH_IDEA_CBC_SHA, check later as unimpl */
	{	
		SSL_NAC(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_RSA_WITH_DES_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_RSA_WITH_3DES_EDE_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA),
		&certDSA, false
	},
	{	
		SSL_NAC(SSL_DH_DSS_WITH_DES_CBC_SHA),
		&certDSA, false
	},
	{	
		SSL_NAC(SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA),
		&certDSA, false
	},
	{	
		SSL_NAC(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA),
		&certRSA, false
	},
	{	
		SSL_NAC(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA),
		&certDSA, true
	},
	{	
		SSL_NAC(SSL_DHE_DSS_WITH_DES_CBC_SHA),
		&certDSA, true
	},
	{	
		SSL_NAC(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
		&certDSA, true
	},
	{	
		SSL_NAC(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_DHE_RSA_WITH_DES_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),
		&certRSA, true
	},
	{	
		SSL_NAC(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_DH_anon_WITH_RC4_128_MD5),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_DH_anon_WITH_DES_CBC_SHA),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA),
		&certNone, true
	},
	{	
		SSL_NAC(SSL_FORTEZZA_DMS_WITH_NULL_SHA),
		&certNone, false
	},
	{	
		SSL_NAC(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),
		&certNone, false
	},
};

#define NUM_CIPHER_PARAMS	\
	(sizeof(sslCipherParams) / sizeof(sslCipherParams[0]))

#define IGNORE_SIGPIPE	1
#if 	IGNORE_SIGPIPE
#include <signal.h>

void sigpipe(int sig) 
{ 
}
#endif	/* IGNORE_SIGPIPE */

/*
 * Default params for each test. Main() will make a copy of this and 
 * adjust its copy on a per-test basis.
 */
static SslAppTestParams serverDefaults = 
{
	"no name here",
	false,				// skipHostNameCHeck
	0,					// port - test must set this	
	NULL, NULL,			// RingBuffers
	false,				// noProtSpec
	kSSLProtocolUnknown,// not used
	NULL,				// acceptedProts
	NULL,				// myCerts
	NULL,				// password
	true,				// idIsTrustedRoot
	false,				// disableCertVerify
	NULL,				// anchorFile
	false,				// replaceAnchors
	kNeverAuthenticate,
	false,				// resumeEnable
	NULL,				// ciphers - default - server accepts all
	false,				// nonBlocking
	NULL,				// dhParams
	0,					// dhParamsLen
	noErr,				// expectRtn
	kTLSProtocol1,		// expectVersion
	kSSLClientCertNone,
	SSL_NULL_WITH_NULL_NULL,
	false,				// quiet
	false,				// silent
	false,				// verbose
	{0},				// lock
	{0},				// cond
	false,				// serverReady
	0,					// clientDone
	false,				// serverAbort
	/* returned */
	kSSLProtocolUnknown,
	SSL_NULL_WITH_NULL_NULL,
	kSSLClientCertNone,
	noHardwareErr
	
};

SslAppTestParams clientDefaults = 
{
	"localhost",
	false,				// skipHostNameCHeck
	0,					// port - test must set this
	NULL, NULL,			// RingBuffers
	false,				// noProtSpec
	kSSLProtocolUnknown,// not used
	NULL,				// acceptedProts
	NULL,				// myCertKcName
	NULL,				// password
	true,				// idIsTrustedRoot
	false,				// disableCertVerify
	NULL,				// anchorFile
	true,				// replaceAnchors
	kNeverAuthenticate,
	false,				// resumeEnable
	NULL,				// ciphers - set in test loop
	false,				// nonBlocking
	NULL,				// dhParams
	0,					// dhParamsLen
	noErr,				// expectRtn
	kTLSProtocol1,		// expectVersion
	kSSLClientCertNone,
	SSL_NULL_WITH_NULL_NULL,
	false,				// quiet
	false,				// silent
	false,				// verbose
	{0},				// lock
	{0},				// cond
	false,				// serverReady
	0,					// clientDone
	false,				// serverAbort
	/* returned */
	kSSLProtocolUnknown,
	SSL_NULL_WITH_NULL_NULL,
	kSSLClientCertNone,
	noHardwareErr
};


int main(int argc, char **argv)
{
	int 				ourRtn = 0;
	char	 			*argp;
	SslAppTestParams 	clientParams;
	SslAppTestParams 	serverParams;
	unsigned short		portNum = STARTING_PORT;
	const GroupParams	*groupParams;
	const CipherParams	*cipherParams;
	unsigned			testNum;
	unsigned			groupNum;
	int					thisRtn;
	SSLCipherSuite		clientCiphers[3];
	SSLCipherSuite		serverCiphers[3];
	RingBuffer			serverToClientRing;
	RingBuffer			clientToServerRing;
	bool				ringBufferIo = false;
	
	/* user-spec'd variables */
	unsigned			startTest = 0;
	unsigned			endTest = NUM_CIPHER_PARAMS;
	unsigned			startGroup = 0;
	const char			*dhParamFile = DH_PARAM_FILE_512;
	
	for(int arg=1; arg<argc; arg++) {
		argp = argv[arg];
		switch(argp[0]) {
			case 'q':
				serverDefaults.quiet = clientDefaults.quiet = true;
				break;
			case 'v':
				serverDefaults.verbose = clientDefaults.verbose = true;
				break;
			case 'p':
				portNum = atoi(&argp[2]);
				break;
			case 't':
				startTest = atoi(&argp[2]);
				break;
			case 'T':
				endTest = atoi(&argp[2]) + 1;
				break;
			case 'g':
				startGroup = atoi(&argp[2]);
				break;
			case 'b':
				serverDefaults.nonBlocking = clientDefaults.nonBlocking = 
						true;
				break;
			case 'l':
				dhParamFile = DH_PARAM_FILE_1024;
				break;
			case 'r':
				portNum = genRand(MIN_RAND_PORT, MAX_RAND_PORT);
				break;
			case 's':
				certRSA.rootName = &argp[2];
				break;
			case 'd':
				certDSA.rootName = &argp[2];
				break;
			case 'R':
				ringBufferIo = true;
				break;
			default:
				usage(argv);
		}
	}
	
	if(sslCheckFile(certRSA.rootName)) {
		exit(1);
	}
	if(sslCheckFile(certDSA.rootName)) {
		exit(1);
	}
	if(ringBufferIo) {
		/* set up ring buffers */
		ringBufSetup(&serverToClientRing, "serveToClient", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
		ringBufSetup(&clientToServerRing, "clientToServe", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
		serverDefaults.serverToClientRing = &serverToClientRing;
		serverDefaults.clientToServerRing = &clientToServerRing;
		clientDefaults.serverToClientRing = &serverToClientRing;
		clientDefaults.clientToServerRing = &clientToServerRing;
	}

#if IGNORE_SIGPIPE
	signal(SIGPIPE, sigpipe);
	#endif

	/* convert keychain names to paths for root */
	sslKeychainPath(RSA_SERVER_KC, rsaKcPath);
	sslKeychainPath(DSA_SERVER_KC, dsaKcPath);

	/* Diffie-Hellman params, we're going to need them */
	int r = readFile(dhParamFile, (unsigned char **)&serverDefaults.dhParams, 
		&serverDefaults.dhParamsLen);
	if(r) {
		printf("***Error reading diffie-hellman params from %s; aborting\n",
			dhParamFile);
		exit(1);
	}

	testStartBanner("sslCipher", argc, argv);
	
	serverParams.port = portNum - 1;	// gets incremented by SSL_THR_SETUP
	
	/*
	 * To enable negotiation failures to occur, we have to pass
	 * in ciphersuite arrays which contain at least one valid
	 * ciphersuite to both client and server, but they can not
	 * be the same (or else that valid suite will be used). 
	 */ 
	clientCiphers[1] = SSL_RSA_WITH_RC4_128_MD5;
	serverCiphers[1] = SSL_RSA_WITH_RC4_128_SHA;
	clientCiphers[2] = SSL_NO_SUCH_CIPHERSUITE;
	serverCiphers[2] = SSL_NO_SUCH_CIPHERSUITE;
	
	for(groupNum=startGroup; groupNum<NUM_GROUP_PARAMS; groupNum++) {
		groupParams = &sslGroupParams[groupNum];
		if(!serverDefaults.quiet) {
			printf("...%s\n", groupParams->groupDesc);
		}
		for(testNum=startTest; testNum<endTest; testNum++) {
			cipherParams = &sslCipherParams[testNum];
			SSL_THR_SETUP(serverParams, clientParams, clientDefaults, 
					serverDefault);
			if(ringBufferIo) {
				ringBufferReset(&serverToClientRing);
				ringBufferReset(&clientToServerRing);
			}
			/* per-group (must be after SSL_THR_SETUP) */
			serverParams.acceptedProts = groupParams->serveAcceptProts;
			clientParams.acceptedProts = groupParams->clientAcceptProts;
			serverParams.expectVersion = groupParams->expectProt;
			clientParams.expectVersion = groupParams->expectProt;
		
			/* per-test */
			clientCiphers[0] = cipherParams->expectCipher;
			serverCiphers[0] = cipherParams->expectCipher;
			clientParams.ciphers = clientCiphers;
			serverParams.ciphers = serverCiphers;
			serverParams.expectCipher = cipherParams->expectCipher;
			clientParams.expectCipher = cipherParams->expectCipher;
			
			const CertParams *certParams = cipherParams->certParams;
			serverParams.myCertKcName = certParams->kcName;
			serverParams.password = certParams->kcPassword;
			clientParams.anchorFile = certParams->rootName;

			if(cipherParams->shouldWork) {
				serverParams.expectRtn = noErr;
				clientParams.expectRtn = noErr;
			}
			else {
				serverParams.expectRtn = SERVER_NEGOTIATE_FAIL;
				clientParams.expectRtn = CLIENT_NEGOTIATE_FAIL;
				
				/* server completed protocol version negotiation, 
				 * but client didn't */
				clientParams.expectVersion = kSSLProtocolUnknown;
			}
			SSL_THR_RUN_NUM(serverParams, clientParams, 
				cipherParams->testDesc, ourRtn, testNum);
		}
	}
	
done:
	if(!clientParams.quiet) {
		if(ourRtn == 0) {
			printf("===== %s test PASSED =====\n", argv[0]);
		}
		else {
			printf("****%s FAIL: %d errors detected\n", argv[0],ourRtn);
		}
	}
	
	return ourRtn;
}