Initial checkin of my attempt at TLS with NSS, may become IRC client

2017-07-06 14:46:18 -07:00 · 2017-07-06 14:46:18 -07:00 · c422d26a63
commit c422d26a63
6 changed files with 400 additions and 0 deletions
--- a/main.cpp
+++ b/main.cpp
@ -0,0 +1,90 @@
+#include <iostream>
+#include <fox-1.6/fx.h>
+
+// NSPR include files
+#include <prerror.h>
+#include <prinit.h>
+
+// NSS include files
+#include <nss.h>
+#include <pk11pub.h>
+#include <secmod.h>
+#include <ssl.h>
+#include <sslproto.h>
+
+// PK11 Password Function typedef
+typedef char *(*PK11PasswordFunc)(
+     PK11SlotInfo *slot,
+     PRBool retry,
+     void *arg);
+
+
+int main(int argc, char* argv[]) {
+   // NSPR Init
+   PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+   NSSInitContext *const nssContext =
+        NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+
+   if(nssContext == NULL) {
+      const PRErrorCode err = PR_GetError();
+      fprintf(stderr, "NSSInitContext failed: Error code %d: %s\n", err, PR_ErrorToName(err));
+      exit(1);
+   }
+
+   // Ciphers to enable
+   static const PRUint16 goodCiphers[] = {
+        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+        SSL_NULL_WITH_NULL_NULL // Sentinel value
+   };
+
+   PRBool foundGoodCipher = PR_FALSE;
+   for(const PRUint16 *p = goodCiphers; *p != SSL_NULL_WITH_NULL_NULL; ++p) {
+      PRInt32 policy;
+      if(SSL_CipherPolicyGet(*p, &policy) != SECSuccess) {
+         const PRErrorCode err = PR_GetError();
+         fprintf(stderr, "Error: Policy for cipher %u: error %d: %s\n",
+                 (unsigned)*p, err, PR_ErrorToName(err));
+         exit(1);
+      }
+      if(policy == SSL_ALLOWED) {
+         // Policy allowed this cipher choice
+         fprintf(stderr, "Info: found cipher %x\n", (unsigned) *p);
+         foundGoodCipher = PR_TRUE;
+         break;
+      }
+   }
+
+   if(!foundGoodCipher) {
+      if(NSS_SetDomesticPolicy() != SECSuccess) {
+         const PRErrorCode err = PR_GetError();
+         fprintf(stderr, "Error: NSS_SetDomesticPolicy: error %d: %s\n",
+                 err, PR_ErrorToName(err));
+         exit(1);
+      }
+   }
+
+   // Initialize trusted certificate store
+   char module_name[] = "library=libnssckbi.so name=\"Root Certs\"";
+   SECMODModule *builtInRootsMod = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
+   if(builtInRootsMod == NULL || !builtInRootsMod->loaded) {
+      const PRErrorCode err = PR_GetError();
+      fprintf(stderr, "Error: Loading built in roots module failed code %d: %s\n",
+           err, PR_ErrorToName(err));
+      exit(1);
+   }
+
+   FXApp app("Hello", "FoxTest");
+   app.init(argc, argv);
+
+   FXMainWindow *mainWindow = new FXMainWindow(&app, "Hello", NULL, NULL, DECOR_ALL);
+   new FXButton(mainWindow, "&Hello World!", NULL, &app, FXApp::ID_QUIT);
+   app.create();
+   mainWindow->show(PLACEMENT_SCREEN);
+   int foxRetCode = app.run();
+
+   SECMOD_DestroyModule(builtInRootsMod);
+   NSS_ShutdownContext(nssContext);
+
+   return app.run();
+}