HS 2.0: OSU server test functionality for incorrect behavior

Add a mechanism to allow special incorrect behavior to be requested from
OSU server by adding an optional parameter test=<value> to the initial
signup URL. This is for protocol testing purposes for the OSU client.

This commit adds two special behavior cases: corrupt_aaa_hash and
corrupt_subrem_hash. These can be used to generate PPS MO with invalid
CertSHA256Fingerprint values for AAAServerTrustRoot and
SubscriptionUpdate nodes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/hs20/server/hs20_spp_server.c b/hs20/server/hs20_spp_server.c
index 591f66bbd0482a615f87024cd9647fc1081cca94..abd6867ddcf1eb4141dcda29b6ede1e192a3be44 100644 (file)
--- a/hs20/server/hs20_spp_server.c
+++ b/hs20/server/hs20_spp_server.c
@@ -70,6 +70,10 @@ static int process(struct hs20_svc *ctx)
        ctx->addr = getenv("HS20ADDR");
        if (ctx->addr)
                debug_print(ctx, 1, "Connection from %s", ctx->addr);
+       ctx->test = getenv("HS20TEST");
+       if (ctx->test)
+               debug_print(ctx, 1, "Requested test functionality: %s",
+                           ctx->test);
 
        user = getenv("HS20USER");
        if (user && strlen(user) == 0)

diff --git a/hs20/server/spp_server.c b/hs20/server/spp_server.c
index 389f6b0a7e4c22c9b6a2cb877d655d0b4581b7cf..18290d9e81ed1483e1f67f9a194d906987884d2f 100644 (file)
--- a/hs20/server/spp_server.c
+++ b/hs20/server/spp_server.c
@@ -69,14 +69,14 @@ static int db_add_session(struct hs20_svc *ctx,
        else
                addr[0] = '\0';
        sql = sqlite3_mprintf("INSERT INTO sessions(timestamp,id,user,realm,"
-                             "operation,password,redirect_uri,mac_addr) "
+                             "operation,password,redirect_uri,mac_addr,test) "
                              "VALUES "
                              "(strftime('%%Y-%%m-%%d %%H:%%M:%%f','now'),"
-                             "%Q,%Q,%Q,%d,%Q,%Q,%Q)",
+                             "%Q,%Q,%Q,%d,%Q,%Q,%Q,%Q)",
                              sessionid, user ? user : "", realm ? realm : "",
                              operation, pw ? pw : "",
                              redirect_uri ? redirect_uri : "",
-                             addr);
+                             addr, ctx->test);
        if (sql == NULL)
                return -1;
        debug_print(ctx, 1, "DB: %s", sql);
@@ -336,6 +336,29 @@ static void add_text_node_conf(struct hs20_svc *ctx, const char *realm,
 }
 
 
+static void add_text_node_conf_corrupt(struct hs20_svc *ctx, const char *realm,
+                                      xml_node_t *parent, const char *name,
+                                      const char *field)
+{
+       char *val;
+
+       val = db_get_osu_config_val(ctx, realm, field);
+       if (val) {
+               size_t len;
+
+               len = os_strlen(val);
+               if (len > 0) {
+                       if (val[len - 1] == '0')
+                               val[len - 1] = '1';
+                       else
+                               val[len - 1] = '0';
+               }
+       }
+       xml_node_create_text(ctx->xml, parent, NULL, name, val ? val : "");
+       os_free(val);
+}
+
+
 static int new_password(char *buf, int buflen)
 {
        int i;
@@ -1241,7 +1264,7 @@ static char * db_get_osu_config_val(struct hs20_svc *ctx, const char *realm,
 static xml_node_t * build_pps(struct hs20_svc *ctx,
                              const char *user, const char *realm,
                              const char *pw, const char *cert,
-                             int machine_managed)
+                             int machine_managed, const char *test)
 {
        xml_node_t *pps, *c, *trust, *aaa, *aaa1, *upd, *homesp;
        xml_node_t *cred, *eap, *userpw;
@@ -1261,8 +1284,16 @@ static xml_node_t * build_pps(struct hs20_svc *ctx,
        aaa1 = xml_node_create(ctx->xml, aaa, NULL, "AAA1");
        add_text_node_conf(ctx, realm, aaa1, "CertURL",
                           "aaa_trust_root_cert_url");
-       add_text_node_conf(ctx, realm, aaa1, "CertSHA256Fingerprint",
-                          "aaa_trust_root_cert_fingerprint");
+       if (test && os_strcmp(test, "corrupt_aaa_hash") == 0) {
+               debug_print(ctx, 1,
+                           "TEST: Corrupt PPS/Cred*/AAAServerTrustRoot/Root*/CertSHA256FingerPrint");
+               add_text_node_conf_corrupt(ctx, realm, aaa1,
+                                          "CertSHA256Fingerprint",
+                                          "aaa_trust_root_cert_fingerprint");
+       } else {
+               add_text_node_conf(ctx, realm, aaa1, "CertSHA256Fingerprint",
+                                  "aaa_trust_root_cert_fingerprint");
+       }
 
        upd = xml_node_create(ctx->xml, c, NULL, "SubscriptionUpdate");
        add_text_node(ctx, upd, "UpdateInterval", "4294967295");
@@ -1271,8 +1302,16 @@ static xml_node_t * build_pps(struct hs20_svc *ctx,
        add_text_node_conf(ctx, realm, upd, "URI", "spp_http_auth_url");
        trust = xml_node_create(ctx->xml, upd, NULL, "TrustRoot");
        add_text_node_conf(ctx, realm, trust, "CertURL", "trust_root_cert_url");
-       add_text_node_conf(ctx, realm, trust, "CertSHA256Fingerprint",
-                          "trust_root_cert_fingerprint");
+       if (test && os_strcmp(test, "corrupt_subrem_hash") == 0) {
+               debug_print(ctx, 1,
+                           "TEST: Corrupt PPS/Cred*/SubscriptionUpdate/Trustroot/CertSHA256FingerPrint");
+               add_text_node_conf_corrupt(ctx, realm, trust,
+                                          "CertSHA256Fingerprint",
+                                          "trust_root_cert_fingerprint");
+       } else {
+               add_text_node_conf(ctx, realm, trust, "CertSHA256Fingerprint",
+                                  "trust_root_cert_fingerprint");
+       }
 
        homesp = xml_node_create(ctx->xml, c, NULL, "HomeSP");
        add_text_node_conf(ctx, realm, homesp, "FriendlyName", "friendly_name");
@@ -1356,7 +1395,7 @@ static xml_node_t * hs20_user_input_registration(struct hs20_svc *ctx,
        xml_node_t *pps, *tnds;
        char buf[400];
        char *str;
-       char *user, *realm, *pw, *type, *mm;
+       char *user, *realm, *pw, *type, *mm, *test;
        const char *status;
        int cert = 0;
        int machine_managed = 0;
@@ -1415,9 +1454,15 @@ static xml_node_t * hs20_user_input_registration(struct hs20_svc *ctx,
                return NULL;
 
        fingerprint = db_get_session_val(ctx, NULL, NULL, session_id, "cert");
+       test = db_get_session_val(ctx, NULL, NULL, session_id, "test");
+       if (test)
+               debug_print(ctx, 1, "TEST: Requested special behavior: %s",
+                           test);
        pps = build_pps(ctx, user, realm, pw,
-                       fingerprint ? fingerprint : NULL, machine_managed);
+                       fingerprint ? fingerprint : NULL, machine_managed,
+                       test);
        free(fingerprint);
+       free(test);
        if (!pps) {
                xml_node_free(ctx->xml, spp_node);
                free(user);

diff --git a/hs20/server/spp_server.h b/hs20/server/spp_server.h
index 7b27be3c1b68809d67054814af3245322572f662..3556f5c9da13dd7335c0667979fe7ac3550c8d64 100644 (file)
--- a/hs20/server/spp_server.h
+++ b/hs20/server/spp_server.h
@@ -16,6 +16,7 @@ struct hs20_svc {
        FILE *debug_log;
        sqlite3 *db;
        const char *addr;
+       const char *test;
 };
 
 

diff --git a/hs20/server/sql.txt b/hs20/server/sql.txt
index 75d2700e558991ca4355ce039d62d45f008fe145..8fa019f574b196603f4468c95316a40508727d2f 100644 (file)
--- a/hs20/server/sql.txt
+++ b/hs20/server/sql.txt
@@ -23,7 +23,8 @@ CREATE TABLE sessions(
        devdetail TEXT,
        cert TEXT,
        cert_pem TEXT,
-       mac_addr TEXT
+       mac_addr TEXT,
+       test TEXT
 );
 
 CREATE index sessions_id_index ON sessions(id);

diff --git a/hs20/server/www/signup.php b/hs20/server/www/signup.php
index 25dc332029cf4a4e1954d42f942fe9d3f42c9102..80a9d403e8fc0395c25b5f0a68d25a498dd13478 100644 (file)
--- a/hs20/server/www/signup.php
+++ b/hs20/server/www/signup.php
@@ -15,11 +15,16 @@ if (!$db) {
    die($sqliteerror);
 }
 
-$row = $db->query("SELECT realm FROM sessions WHERE id='$id'")->fetch();
+$row = $db->query("SELECT realm,test FROM sessions WHERE id='$id'")->fetch();
 if ($row == false) {
    die("Session not found for id: $id");
 }
 $realm = $row['realm'];
+$test = $row['test'];
+
+if (strlen($test) > 0) {
+  echo "<p style=\"color:#FF0000\">Special test functionality: $test</red></big></p>\n";
+}
 
 echo "<h3>Sign up for a subscription - $realm</h3>\n";
 

diff --git a/hs20/server/www/spp.php b/hs20/server/www/spp.php
index 002d0280fbe5be1157640b6c689f1992e64d28e8..f10e5ab812454198f9cd4230c79e43fdef5f7e63 100644 (file)
--- a/hs20/server/www/spp.php
+++ b/hs20/server/www/spp.php
@@ -20,6 +20,11 @@ if (isset($_GET["realm"])) {
   die("Realm not specified");
 }
 
+if (isset($_GET["test"]))
+  $test = PREG_REPLACE("/[^0-9a-zA-Z\_\-]/i", '', $_GET["test"]);
+else
+  $test = "";
+
 unset($user);
 putenv("HS20CERT");
 
@@ -100,6 +105,7 @@ $postdata = file_get_contents("php://input");
 putenv("HS20POST=$postdata");
 $addr = $_SERVER["REMOTE_ADDR"];
 putenv("HS20ADDR=$addr");
+putenv("HS20TEST=$test");
 
 $last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret);