From c422d26a638d66111960a79113d9ec752b8bf323 Mon Sep 17 00:00:00 2001 From: Darren VanBuren Date: Thu, 6 Jul 2017 14:46:18 -0700 Subject: [PATCH] Initial checkin of my attempt at TLS with NSS, may become IRC client --- .gitignore | 1 + CMakeLists.txt | 17 +++++ cmake/modules/FindFOX.cmake | 62 +++++++++++++++++ cmake/modules/FindNSPR.cmake | 104 +++++++++++++++++++++++++++++ cmake/modules/FindNSS.cmake | 126 +++++++++++++++++++++++++++++++++++ main.cpp | 90 +++++++++++++++++++++++++ 6 files changed, 400 insertions(+) create mode 100644 .gitignore create mode 100644 CMakeLists.txt create mode 100644 cmake/modules/FindFOX.cmake create mode 100644 cmake/modules/FindNSPR.cmake create mode 100644 cmake/modules/FindNSS.cmake create mode 100644 main.cpp diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2dff2f0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +cmake-build-debug diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..07a5c90 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,17 @@ +cmake_minimum_required(VERSION 3.7) +project(NSPRFun) + +set(CMAKE_CXX_STANDARD 11) + +list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/modules/") + +find_package(NSPR REQUIRED) +find_package(NSS REQUIRED) +find_package(FOX REQUIRED) + +include_directories(${NSPR_INCLUDE_DIRS} ${NSS_INCLUDE_DIRS} ${FOX_INCLUDE_DIR}) + +set(SOURCE_FILES main.cpp) +add_executable(NSPRFun ${SOURCE_FILES}) + +target_link_libraries(NSPRFun ${NSPR_LIBRARIES} ${NSS_LIBRARIES} ${FOX_LIBRARY}) \ No newline at end of file diff --git a/cmake/modules/FindFOX.cmake b/cmake/modules/FindFOX.cmake new file mode 100644 index 0000000..46f91b5 --- /dev/null +++ b/cmake/modules/FindFOX.cmake @@ -0,0 +1,62 @@ +# Locate gdal +# This module defines +# FOX_LIBRARY +# FOX_FOUND, if false, do not try to link to gdal +# FOX_INCLUDE_DIR, where to find the headers +# +# $FOX_DIR is an environment variable that would +# correspond to the ./configure --prefix=$FOX_DIR +# +# Created by Robert Osfield. + +FIND_PATH(FOX_INCLUDE_DIR fx.h + $ENV{FOX_DIR}/include/fox-1.6 + $ENV{FOX_DIR}/fox-1.6 + ~/Library/Frameworks/fox-1.6 + /Library/Frameworks/fox-1.6 + /usr/local/include/fox-1.6 + /usr/include/fox-1.6 + /sw/include/fox-1.6 # Fink + /opt/local/include/fox-1.6 # DarwinPorts + /opt/csw/include/fox-1.6 # Blastwave + /opt/include/fox-1.6 + /usr/freeware/include/fox-1.6 + $ENV{FOX_DIR}/include + $ENV{FOX_DIR} + ~/Library/Frameworks + /Library/Frameworks + /usr/local/include + /usr/include + /sw/include # Fink + /opt/local/include # DarwinPorts + /opt/csw/include # Blastwave + /opt/include + /usr/freeware/include + ) + +MACRO(FIND_FOX_LIBRARY MYLIBRARY MYLIBRARYNAME) + + FIND_LIBRARY(${MYLIBRARY} + NAMES ${MYLIBRARYNAME} + PATHS + $ENV{FOX_DIR}/lib + $ENV{FOX_DIR} + ~/Library/Frameworks + /Library/Frameworks + /usr/local/lib + /usr/lib + /sw/lib + /opt/local/lib + /opt/csw/lib + /opt/lib + /usr/freeware/lib64 + ) + +ENDMACRO(FIND_FOX_LIBRARY LIBRARY LIBRARYNAME) + +FIND_FOX_LIBRARY(FOX_LIBRARY FOX-1.6) + +SET(FOX_FOUND "NO") +IF(FOX_LIBRARY AND FOX_INCLUDE_DIR) + SET(FOX_FOUND "YES") +ENDIF(FOX_LIBRARY AND FOX_INCLUDE_DIR) diff --git a/cmake/modules/FindNSPR.cmake b/cmake/modules/FindNSPR.cmake new file mode 100644 index 0000000..7dbdbb0 --- /dev/null +++ b/cmake/modules/FindNSPR.cmake @@ -0,0 +1,104 @@ +# - Try to find NSPR +# Once done this will define +# +# NSPR_FOUND - system has NSPR +# NSPR_INCLUDE_DIRS - the NSPR include directory +# NSPR_LIBRARIES - Link these to use NSPR +# NSPR_DEFINITIONS - Compiler switches required for using NSPR +# +# Copyright (c) 2010 Andreas Schneider +# +# Redistribution and use is allowed according to the terms of the New +# BSD license. +# For details see the accompanying COPYING-CMAKE-SCRIPTS file. +# + + +if (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS) + # in cache already + set(NSPR_FOUND TRUE) +else (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS) + find_package(PkgConfig) + if (PKG_CONFIG_FOUND) + pkg_check_modules(_NSPR nspr) + endif (PKG_CONFIG_FOUND) + + find_path(NSPR_INCLUDE_DIR + NAMES + nspr.h + PATHS + ${_NSPR_INCLUDEDIR} + /usr/include + /usr/local/include + /opt/local/include + /sw/include + PATH_SUFFIXES + nspr4 + nspr + ) + + find_library(PLDS4_LIBRARY + NAMES + plds4 + PATHS + ${_NSPR_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + find_library(PLC4_LIBRARY + NAMES + plc4 + PATHS + ${_NSPR_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + find_library(NSPR4_LIBRARY + NAMES + nspr4 + PATHS + ${_NSPR_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + set(NSPR_INCLUDE_DIRS + ${NSPR_INCLUDE_DIR} + ) + + if (PLDS4_LIBRARY) + set(NSPR_LIBRARIES + ${NSPR_LIBRARIES} + ${PLDS4_LIBRARY} + ) + endif (PLDS4_LIBRARY) + + if (PLC4_LIBRARY) + set(NSPR_LIBRARIES + ${NSPR_LIBRARIES} + ${PLC4_LIBRARY} + ) + endif (PLC4_LIBRARY) + + if (NSPR4_LIBRARY) + set(NSPR_LIBRARIES + ${NSPR_LIBRARIES} + ${NSPR4_LIBRARY} + ) + endif (NSPR4_LIBRARY) + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(NSPR DEFAULT_MSG NSPR_LIBRARIES NSPR_INCLUDE_DIRS) + + # show the NSPR_INCLUDE_DIRS and NSPR_LIBRARIES variables only in the advanced view + mark_as_advanced(NSPR_INCLUDE_DIRS NSPR_LIBRARIES) + +endif (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS) diff --git a/cmake/modules/FindNSS.cmake b/cmake/modules/FindNSS.cmake new file mode 100644 index 0000000..0df43ec --- /dev/null +++ b/cmake/modules/FindNSS.cmake @@ -0,0 +1,126 @@ +# - Try to find NSS +# Once done this will define +# +# NSS_FOUND - system has NSS +# NSS_INCLUDE_DIRS - the NSS include directory +# NSS_LIBRARIES - Link these to use NSS +# NSS_DEFINITIONS - Compiler switches required for using NSS +# +# Copyright (c) 2010 Andreas Schneider +# +# Redistribution and use is allowed according to the terms of the New +# BSD license. +# For details see the accompanying COPYING-CMAKE-SCRIPTS file. +# + + +if (NSS_LIBRARIES AND NSS_INCLUDE_DIRS) + # in cache already + set(NSS_FOUND TRUE) +else (NSS_LIBRARIES AND NSS_INCLUDE_DIRS) + find_package(PkgConfig) + if (PKG_CONFIG_FOUND) + pkg_check_modules(_NSS nss) + endif (PKG_CONFIG_FOUND) + + find_path(NSS_INCLUDE_DIR + NAMES + pk11pub.h + PATHS + ${_NSS_INCLUDEDIR} + /usr/include + /usr/local/include + /opt/local/include + /sw/include + /usr/local/include/nss + PATH_SUFFIXES + nss3 + nss + ) + + find_library(SSL3_LIBRARY + NAMES + ssl3 + PATHS + ${_NSS_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + find_library(SMIME3_LIBRARY + NAMES + smime3 + PATHS + ${_NSS_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + find_library(NSS3_LIBRARY + NAMES + nss3 + PATHS + ${_NSS_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + /usr/lib/x86_64-linux-gnu + ) + + find_library(NSSUTIL3_LIBRARY + NAMES + nssutil3 + PATHS + ${_NSS_LIBDIR} + /usr/lib + /usr/local/lib + /opt/local/lib + /sw/lib + ) + + set(NSS_INCLUDE_DIRS + ${NSS_INCLUDE_DIR} + ) + + if (SSL3_LIBRARY) + set(NSS_LIBRARIES + ${NSS_LIBRARIES} + ${SSL3_LIBRARY} + ) + endif (SSL3_LIBRARY) + + if (SMIME3_LIBRARY) + set(NSS_LIBRARIES + ${NSS_LIBRARIES} + ${SMIME3_LIBRARY} + ) + endif (SMIME3_LIBRARY) + + if (NSS3_LIBRARY) + set(NSS_LIBRARIES + ${NSS_LIBRARIES} + ${NSS3_LIBRARY} + ) + endif (NSS3_LIBRARY) + + if (NSSUTIL3_LIBRARY) + set(NSS_LIBRARIES + ${NSS_LIBRARIES} + ${NSSUTIL3_LIBRARY} + ) + endif (NSSUTIL3_LIBRARY) + + include(FindPackageHandleStandardArgs) + message(STATUS "NSS_LIBRARIES: ${NSS_LIBRARIES}") + message(STATUS "NSS_INCLUDE_DIRS: ${NSS_INCLUDE_DIRS}") + find_package_handle_standard_args(NSS DEFAULT_MSG NSS_LIBRARIES NSS_INCLUDE_DIRS) + + # show the NSS_INCLUDE_DIRS and NSS_LIBRARIES variables only in the advanced view + mark_as_advanced(NSS_INCLUDE_DIRS NSS_LIBRARIES) + +endif (NSS_LIBRARIES AND NSS_INCLUDE_DIRS) diff --git a/main.cpp b/main.cpp new file mode 100644 index 0000000..29cf2f7 --- /dev/null +++ b/main.cpp @@ -0,0 +1,90 @@ +#include +#include + +// NSPR include files +#include +#include + +// NSS include files +#include +#include +#include +#include +#include + +// PK11 Password Function typedef +typedef char *(*PK11PasswordFunc)( + PK11SlotInfo *slot, + PRBool retry, + void *arg); + + +int main(int argc, char* argv[]) { + // NSPR Init + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); + NSSInitContext *const nssContext = + NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); + + if(nssContext == NULL) { + const PRErrorCode err = PR_GetError(); + fprintf(stderr, "NSSInitContext failed: Error code %d: %s\n", err, PR_ErrorToName(err)); + exit(1); + } + + // Ciphers to enable + static const PRUint16 goodCiphers[] = { + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_NULL_WITH_NULL_NULL // Sentinel value + }; + + PRBool foundGoodCipher = PR_FALSE; + for(const PRUint16 *p = goodCiphers; *p != SSL_NULL_WITH_NULL_NULL; ++p) { + PRInt32 policy; + if(SSL_CipherPolicyGet(*p, &policy) != SECSuccess) { + const PRErrorCode err = PR_GetError(); + fprintf(stderr, "Error: Policy for cipher %u: error %d: %s\n", + (unsigned)*p, err, PR_ErrorToName(err)); + exit(1); + } + if(policy == SSL_ALLOWED) { + // Policy allowed this cipher choice + fprintf(stderr, "Info: found cipher %x\n", (unsigned) *p); + foundGoodCipher = PR_TRUE; + break; + } + } + + if(!foundGoodCipher) { + if(NSS_SetDomesticPolicy() != SECSuccess) { + const PRErrorCode err = PR_GetError(); + fprintf(stderr, "Error: NSS_SetDomesticPolicy: error %d: %s\n", + err, PR_ErrorToName(err)); + exit(1); + } + } + + // Initialize trusted certificate store + char module_name[] = "library=libnssckbi.so name=\"Root Certs\""; + SECMODModule *builtInRootsMod = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE); + if(builtInRootsMod == NULL || !builtInRootsMod->loaded) { + const PRErrorCode err = PR_GetError(); + fprintf(stderr, "Error: Loading built in roots module failed code %d: %s\n", + err, PR_ErrorToName(err)); + exit(1); + } + + FXApp app("Hello", "FoxTest"); + app.init(argc, argv); + + FXMainWindow *mainWindow = new FXMainWindow(&app, "Hello", NULL, NULL, DECOR_ALL); + new FXButton(mainWindow, "&Hello World!", NULL, &app, FXApp::ID_QUIT); + app.create(); + mainWindow->show(PLACEMENT_SCREEN); + int foxRetCode = app.run(); + + SECMOD_DestroyModule(builtInRootsMod); + NSS_ShutdownContext(nssContext); + + return app.run(); +} \ No newline at end of file