Initial checkin of my attempt at TLS with NSS, may become IRC client

2017-07-06 14:46:18 -07:00 · 2017-07-06 14:46:18 -07:00 · c422d26a63
commit c422d26a63
6 changed files with 400 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+cmake-build-debug
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -0,0 +1,17 @@
+cmake_minimum_required(VERSION 3.7)
+project(NSPRFun)
+
+set(CMAKE_CXX_STANDARD 11)
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/modules/")
+
+find_package(NSPR REQUIRED)
+find_package(NSS REQUIRED)
+find_package(FOX REQUIRED)
+
+include_directories(${NSPR_INCLUDE_DIRS} ${NSS_INCLUDE_DIRS} ${FOX_INCLUDE_DIR})
+
+set(SOURCE_FILES main.cpp)
+add_executable(NSPRFun ${SOURCE_FILES})
+
+target_link_libraries(NSPRFun ${NSPR_LIBRARIES} ${NSS_LIBRARIES} ${FOX_LIBRARY})
--- a/cmake/modules/FindFOX.cmake
+++ b/cmake/modules/FindFOX.cmake
@ -0,0 +1,62 @@
+# Locate gdal
+# This module defines
+# FOX_LIBRARY
+# FOX_FOUND, if false, do not try to link to gdal
+# FOX_INCLUDE_DIR, where to find the headers
+#
+# $FOX_DIR is an environment variable that would
+# correspond to the ./configure --prefix=$FOX_DIR
+#
+# Created by Robert Osfield.
+
+FIND_PATH(FOX_INCLUDE_DIR fx.h
+        $ENV{FOX_DIR}/include/fox-1.6
+        $ENV{FOX_DIR}/fox-1.6
+        ~/Library/Frameworks/fox-1.6
+        /Library/Frameworks/fox-1.6
+        /usr/local/include/fox-1.6
+        /usr/include/fox-1.6
+        /sw/include/fox-1.6 # Fink
+        /opt/local/include/fox-1.6 # DarwinPorts
+        /opt/csw/include/fox-1.6 # Blastwave
+        /opt/include/fox-1.6
+        /usr/freeware/include/fox-1.6
+        $ENV{FOX_DIR}/include
+        $ENV{FOX_DIR}
+        ~/Library/Frameworks
+        /Library/Frameworks
+        /usr/local/include
+        /usr/include
+        /sw/include # Fink
+        /opt/local/include # DarwinPorts
+        /opt/csw/include # Blastwave
+        /opt/include
+        /usr/freeware/include
+        )
+
+MACRO(FIND_FOX_LIBRARY MYLIBRARY MYLIBRARYNAME)
+
+    FIND_LIBRARY(${MYLIBRARY}
+            NAMES ${MYLIBRARYNAME}
+            PATHS
+            $ENV{FOX_DIR}/lib
+            $ENV{FOX_DIR}
+            ~/Library/Frameworks
+            /Library/Frameworks
+            /usr/local/lib
+            /usr/lib
+            /sw/lib
+            /opt/local/lib
+            /opt/csw/lib
+            /opt/lib
+            /usr/freeware/lib64
+            )
+
+ENDMACRO(FIND_FOX_LIBRARY LIBRARY LIBRARYNAME)
+
+FIND_FOX_LIBRARY(FOX_LIBRARY FOX-1.6)
+
+SET(FOX_FOUND "NO")
+IF(FOX_LIBRARY AND FOX_INCLUDE_DIR)
+    SET(FOX_FOUND "YES")
+ENDIF(FOX_LIBRARY AND FOX_INCLUDE_DIR)
--- a/cmake/modules/FindNSPR.cmake
+++ b/cmake/modules/FindNSPR.cmake
@ -0,0 +1,104 @@
+# - Try to find NSPR
+# Once done this will define
+#
+#  NSPR_FOUND - system has NSPR
+#  NSPR_INCLUDE_DIRS - the NSPR include directory
+#  NSPR_LIBRARIES - Link these to use NSPR
+#  NSPR_DEFINITIONS - Compiler switches required for using NSPR
+#
+#  Copyright (c) 2010 Andreas Schneider <asn@redhat.com>
+#
+#  Redistribution and use is allowed according to the terms of the New
+#  BSD license.
+#  For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+#
+
+
+if (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS)
+    # in cache already
+    set(NSPR_FOUND TRUE)
+else (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS)
+    find_package(PkgConfig)
+    if (PKG_CONFIG_FOUND)
+        pkg_check_modules(_NSPR nspr)
+    endif (PKG_CONFIG_FOUND)
+
+    find_path(NSPR_INCLUDE_DIR
+            NAMES
+            nspr.h
+            PATHS
+            ${_NSPR_INCLUDEDIR}
+            /usr/include
+            /usr/local/include
+            /opt/local/include
+            /sw/include
+            PATH_SUFFIXES
+            nspr4
+            nspr
+            )
+
+    find_library(PLDS4_LIBRARY
+            NAMES
+            plds4
+            PATHS
+            ${_NSPR_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    find_library(PLC4_LIBRARY
+            NAMES
+            plc4
+            PATHS
+            ${_NSPR_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    find_library(NSPR4_LIBRARY
+            NAMES
+            nspr4
+            PATHS
+            ${_NSPR_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    set(NSPR_INCLUDE_DIRS
+            ${NSPR_INCLUDE_DIR}
+            )
+
+    if (PLDS4_LIBRARY)
+        set(NSPR_LIBRARIES
+                ${NSPR_LIBRARIES}
+                ${PLDS4_LIBRARY}
+                )
+    endif (PLDS4_LIBRARY)
+
+    if (PLC4_LIBRARY)
+        set(NSPR_LIBRARIES
+                ${NSPR_LIBRARIES}
+                ${PLC4_LIBRARY}
+                )
+    endif (PLC4_LIBRARY)
+
+    if (NSPR4_LIBRARY)
+        set(NSPR_LIBRARIES
+                ${NSPR_LIBRARIES}
+                ${NSPR4_LIBRARY}
+                )
+    endif (NSPR4_LIBRARY)
+
+    include(FindPackageHandleStandardArgs)
+    find_package_handle_standard_args(NSPR DEFAULT_MSG NSPR_LIBRARIES NSPR_INCLUDE_DIRS)
+
+    # show the NSPR_INCLUDE_DIRS and NSPR_LIBRARIES variables only in the advanced view
+    mark_as_advanced(NSPR_INCLUDE_DIRS NSPR_LIBRARIES)
+
+endif (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS)
--- a/cmake/modules/FindNSS.cmake
+++ b/cmake/modules/FindNSS.cmake
@ -0,0 +1,126 @@
+# - Try to find NSS
+# Once done this will define
+#
+#  NSS_FOUND - system has NSS
+#  NSS_INCLUDE_DIRS - the NSS include directory
+#  NSS_LIBRARIES - Link these to use NSS
+#  NSS_DEFINITIONS - Compiler switches required for using NSS
+#
+#  Copyright (c) 2010 Andreas Schneider <asn@redhat.com>
+#
+#  Redistribution and use is allowed according to the terms of the New
+#  BSD license.
+#  For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+#
+
+
+if (NSS_LIBRARIES AND NSS_INCLUDE_DIRS)
+    # in cache already
+    set(NSS_FOUND TRUE)
+else (NSS_LIBRARIES AND NSS_INCLUDE_DIRS)
+    find_package(PkgConfig)
+    if (PKG_CONFIG_FOUND)
+        pkg_check_modules(_NSS nss)
+    endif (PKG_CONFIG_FOUND)
+
+    find_path(NSS_INCLUDE_DIR
+            NAMES
+            pk11pub.h
+            PATHS
+            ${_NSS_INCLUDEDIR}
+            /usr/include
+            /usr/local/include
+            /opt/local/include
+            /sw/include
+            /usr/local/include/nss
+            PATH_SUFFIXES
+            nss3
+            nss
+            )
+
+    find_library(SSL3_LIBRARY
+            NAMES
+            ssl3
+            PATHS
+            ${_NSS_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    find_library(SMIME3_LIBRARY
+            NAMES
+            smime3
+            PATHS
+            ${_NSS_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    find_library(NSS3_LIBRARY
+            NAMES
+            nss3
+            PATHS
+            ${_NSS_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            /usr/lib/x86_64-linux-gnu
+            )
+
+    find_library(NSSUTIL3_LIBRARY
+            NAMES
+            nssutil3
+            PATHS
+            ${_NSS_LIBDIR}
+            /usr/lib
+            /usr/local/lib
+            /opt/local/lib
+            /sw/lib
+            )
+
+    set(NSS_INCLUDE_DIRS
+            ${NSS_INCLUDE_DIR}
+            )
+
+    if (SSL3_LIBRARY)
+        set(NSS_LIBRARIES
+                ${NSS_LIBRARIES}
+                ${SSL3_LIBRARY}
+                )
+    endif (SSL3_LIBRARY)
+
+    if (SMIME3_LIBRARY)
+        set(NSS_LIBRARIES
+                ${NSS_LIBRARIES}
+                ${SMIME3_LIBRARY}
+                )
+    endif (SMIME3_LIBRARY)
+
+    if (NSS3_LIBRARY)
+        set(NSS_LIBRARIES
+                ${NSS_LIBRARIES}
+                ${NSS3_LIBRARY}
+                )
+    endif (NSS3_LIBRARY)
+
+    if (NSSUTIL3_LIBRARY)
+        set(NSS_LIBRARIES
+                ${NSS_LIBRARIES}
+                ${NSSUTIL3_LIBRARY}
+                )
+    endif (NSSUTIL3_LIBRARY)
+
+    include(FindPackageHandleStandardArgs)
+    message(STATUS "NSS_LIBRARIES: ${NSS_LIBRARIES}")
+    message(STATUS "NSS_INCLUDE_DIRS: ${NSS_INCLUDE_DIRS}")
+    find_package_handle_standard_args(NSS DEFAULT_MSG NSS_LIBRARIES NSS_INCLUDE_DIRS)
+
+    # show the NSS_INCLUDE_DIRS and NSS_LIBRARIES variables only in the advanced view
+    mark_as_advanced(NSS_INCLUDE_DIRS NSS_LIBRARIES)
+
+endif (NSS_LIBRARIES AND NSS_INCLUDE_DIRS)
--- a/main.cpp
+++ b/main.cpp
@ -0,0 +1,90 @@
+#include <iostream>
+#include <fox-1.6/fx.h>
+
+// NSPR include files
+#include <prerror.h>
+#include <prinit.h>
+
+// NSS include files
+#include <nss.h>
+#include <pk11pub.h>
+#include <secmod.h>
+#include <ssl.h>
+#include <sslproto.h>
+
+// PK11 Password Function typedef
+typedef char *(*PK11PasswordFunc)(
+     PK11SlotInfo *slot,
+     PRBool retry,
+     void *arg);
+
+
+int main(int argc, char* argv[]) {
+   // NSPR Init
+   PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+   NSSInitContext *const nssContext =
+        NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+
+   if(nssContext == NULL) {
+      const PRErrorCode err = PR_GetError();
+      fprintf(stderr, "NSSInitContext failed: Error code %d: %s\n", err, PR_ErrorToName(err));
+      exit(1);
+   }
+
+   // Ciphers to enable
+   static const PRUint16 goodCiphers[] = {
+        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+        SSL_NULL_WITH_NULL_NULL // Sentinel value
+   };
+
+   PRBool foundGoodCipher = PR_FALSE;
+   for(const PRUint16 *p = goodCiphers; *p != SSL_NULL_WITH_NULL_NULL; ++p) {
+      PRInt32 policy;
+      if(SSL_CipherPolicyGet(*p, &policy) != SECSuccess) {
+         const PRErrorCode err = PR_GetError();
+         fprintf(stderr, "Error: Policy for cipher %u: error %d: %s\n",
+                 (unsigned)*p, err, PR_ErrorToName(err));
+         exit(1);
+      }
+      if(policy == SSL_ALLOWED) {
+         // Policy allowed this cipher choice
+         fprintf(stderr, "Info: found cipher %x\n", (unsigned) *p);
+         foundGoodCipher = PR_TRUE;
+         break;
+      }
+   }
+
+   if(!foundGoodCipher) {
+      if(NSS_SetDomesticPolicy() != SECSuccess) {
+         const PRErrorCode err = PR_GetError();
+         fprintf(stderr, "Error: NSS_SetDomesticPolicy: error %d: %s\n",
+                 err, PR_ErrorToName(err));
+         exit(1);
+      }
+   }
+
+   // Initialize trusted certificate store
+   char module_name[] = "library=libnssckbi.so name=\"Root Certs\"";
+   SECMODModule *builtInRootsMod = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
+   if(builtInRootsMod == NULL || !builtInRootsMod->loaded) {
+      const PRErrorCode err = PR_GetError();
+      fprintf(stderr, "Error: Loading built in roots module failed code %d: %s\n",
+           err, PR_ErrorToName(err));
+      exit(1);
+   }
+
+   FXApp app("Hello", "FoxTest");
+   app.init(argc, argv);
+
+   FXMainWindow *mainWindow = new FXMainWindow(&app, "Hello", NULL, NULL, DECOR_ALL);
+   new FXButton(mainWindow, "&Hello World!", NULL, &app, FXApp::ID_QUIT);
+   app.create();
+   mainWindow->show(PLACEMENT_SCREEN);
+   int foxRetCode = app.run();
+
+   SECMOD_DestroyModule(builtInRootsMod);
+   NSS_ShutdownContext(nssContext);
+
+   return app.run();
+}