projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Optimised code for encoding/decoding integers when the underlying architecture has...
[BearSSL] / tools / server.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30 #include <signal.h>
31
32 #ifdef _WIN32
33 #include <winsock2.h>
34 #include <ws2tcpip.h>
35 #else
36 #include <sys/types.h>
37 #include <sys/socket.h>
38 #include <netdb.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
41 #include <unistd.h>
42 #include <fcntl.h>
43
44 #define SOCKET int
45 #define INVALID_SOCKET (-1)
46 #define SOCKADDR_STORAGE struct sockaddr_storage
47 #endif
48
49 #include "brssl.h"
50
51 static SOCKET
52 host_bind(const char *host, const char *port, int verbose)
53 {
54 struct addrinfo hints, *si, *p;
55 SOCKET fd;
56 int err;
57
58 memset(&hints, 0, sizeof hints);
59 hints.ai_family = PF_UNSPEC;
60 hints.ai_socktype = SOCK_STREAM;
61 err = getaddrinfo(host, port, &hints, &si);
62 if (err != 0) {
63 fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
64 gai_strerror(err));
65 return INVALID_SOCKET;
66 }
67 fd = INVALID_SOCKET;
68 for (p = si; p != NULL; p = p->ai_next) {
69 struct sockaddr *sa;
70 struct sockaddr_in sa4;
71 struct sockaddr_in6 sa6;
72 size_t sa_len;
73 void *addr;
74 int opt;
75
76 sa = (struct sockaddr *)p->ai_addr;
77 if (sa->sa_family == AF_INET) {
78 sa4 = *(struct sockaddr_in *)sa;
79 sa = (struct sockaddr *)&sa4;
80 sa_len = sizeof sa4;
81 addr = &sa4.sin_addr;
82 if (host == NULL) {
83 sa4.sin_addr.s_addr = INADDR_ANY;
84 }
85 } else if (sa->sa_family == AF_INET6) {
86 sa6 = *(struct sockaddr_in6 *)sa;
87 sa = (struct sockaddr *)&sa6;
88 sa_len = sizeof sa6;
89 addr = &sa6.sin6_addr;
90 if (host == NULL) {
91 sa6.sin6_addr = in6addr_any;
92 }
93 } else {
94 addr = NULL;
95 sa_len = p->ai_addrlen;
96 }
97 if (verbose) {
98 char tmp[INET6_ADDRSTRLEN + 50];
99
100 if (addr != NULL) {
101 if (!inet_ntop(p->ai_family, addr,
102 tmp, sizeof tmp))
103 {
104 strcpy(tmp, "<invalid>");
105 }
106 } else {
107 sprintf(tmp, "<unknown family: %d>",
108 (int)sa->sa_family);
109 }
110 fprintf(stderr, "binding to: %s\n", tmp);
111 }
112 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
113 if (fd == INVALID_SOCKET) {
114 if (verbose) {
115 perror("socket()");
116 }
117 continue;
118 }
119 opt = 1;
120 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
121 (void *)&opt, sizeof opt);
122 opt = 0;
123 setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
124 (void *)&opt, sizeof opt);
125 if (bind(fd, sa, sa_len) < 0) {
126 if (verbose) {
127 perror("bind()");
128 }
129 #ifdef _WIN32
130 closesocket(fd);
131 #else
132 close(fd);
133 #endif
134 continue;
135 }
136 break;
137 }
138 if (p == NULL) {
139 freeaddrinfo(si);
140 fprintf(stderr, "ERROR: failed to bind\n");
141 return INVALID_SOCKET;
142 }
143 freeaddrinfo(si);
144 if (listen(fd, 5) < 0) {
145 if (verbose) {
146 perror("listen()");
147 }
148 #ifdef _WIN32
149 closesocket(fd);
150 #else
151 close(fd);
152 #endif
153 return INVALID_SOCKET;
154 }
155 if (verbose) {
156 fprintf(stderr, "bound.\n");
157 }
158 return fd;
159 }
160
161 static SOCKET
162 accept_client(SOCKET server_fd, int verbose)
163 {
164 int fd;
165 SOCKADDR_STORAGE sa;
166 socklen_t sa_len;
167
168 sa_len = sizeof sa;
169 fd = accept(server_fd, (struct sockaddr *)&sa, &sa_len);
170 if (fd == INVALID_SOCKET) {
171 if (verbose) {
172 perror("accept()");
173 }
174 return INVALID_SOCKET;
175 }
176 if (verbose) {
177 char tmp[INET6_ADDRSTRLEN + 50];
178 const char *name;
179
180 name = NULL;
181 switch (((struct sockaddr *)&sa)->sa_family) {
182 case AF_INET:
183 name = inet_ntop(AF_INET,
184 &((struct sockaddr_in *)&sa)->sin_addr,
185 tmp, sizeof tmp);
186 break;
187 case AF_INET6:
188 name = inet_ntop(AF_INET6,
189 &((struct sockaddr_in6 *)&sa)->sin6_addr,
190 tmp, sizeof tmp);
191 break;
192 }
193 if (name == NULL) {
194 sprintf(tmp, "<unknown: %lu>", (unsigned long)
195 ((struct sockaddr *)&sa)->sa_family);
196 name = tmp;
197 }
198 fprintf(stderr, "accepting connection from: %s\n", name);
199 }
200
201 /*
202 * We make the socket non-blocking, since we are going to use
203 * poll() or select() to organise I/O.
204 */
205 #ifdef _WIN32
206 {
207 u_long arg;
208
209 arg = 1;
210 ioctlsocket(fd, FIONBIO, &arg);
211 }
212 #else
213 fcntl(fd, F_SETFL, O_NONBLOCK);
214 #endif
215 return fd;
216 }
217
218 static void
219 usage_server(void)
220 {
221 fprintf(stderr,
222 "usage: brssl server [ options ]\n");
223 fprintf(stderr,
224 "options:\n");
225 fprintf(stderr,
226 " -q suppress verbose messages\n");
227 fprintf(stderr,
228 " -trace activate extra debug messages (dump of all packets)\n");
229 fprintf(stderr,
230 " -b name bind to a specific address or host name\n");
231 fprintf(stderr,
232 " -p port bind to a specific port (default: 4433)\n");
233 fprintf(stderr,
234 " -mono use monodirectional buffering\n");
235 fprintf(stderr,
236 " -buf length set the I/O buffer length (in bytes)\n");
237 fprintf(stderr,
238 " -cache length set the session cache storage length (in bytes)\n");
239 fprintf(stderr,
240 " -cert fname read certificate chain from file 'fname'\n");
241 fprintf(stderr,
242 " -key fname read private key from file 'fname'\n");
243 fprintf(stderr,
244 " -CA file add trust anchors from 'file' (for client auth)\n");
245 fprintf(stderr,
246 " -anon_ok request but do not require a client certificate\n");
247 fprintf(stderr,
248 " -list list supported names (protocols, algorithms...)\n");
249 fprintf(stderr,
250 " -vmin name set minimum supported version (default: TLS-1.0)\n");
251 fprintf(stderr,
252 " -vmax name set maximum supported version (default: TLS-1.2)\n");
253 fprintf(stderr,
254 " -cs names set list of supported cipher suites (comma-separated)\n");
255 fprintf(stderr,
256 " -hf names add support for some hash functions (comma-separated)\n");
257 fprintf(stderr,
258 " -cbhash test hashing in policy callback\n");
259 fprintf(stderr,
260 " -serverpref enforce server's preferences for cipher suites\n");
261 fprintf(stderr,
262 " -noreneg prohibit renegotiations\n");
263 fprintf(stderr,
264 " -alpn name add protocol name to list of protocols (ALPN extension)\n");
265 fprintf(stderr,
266 " -strictalpn fail on ALPN mismatch\n");
267 exit(EXIT_FAILURE);
268 }
269
270 typedef struct {
271 const br_ssl_server_policy_class *vtable;
272 int verbose;
273 br_x509_certificate *chain;
274 size_t chain_len;
275 int cert_signer_algo;
276 private_key *sk;
277 int cbhash;
278 } policy_context;
279
280 static void
281 print_hashes(unsigned chashes)
282 {
283 int i;
284
285 for (i = 2; i <= 6; i ++) {
286 if ((chashes >> i) & 1) {
287 int z;
288
289 switch (i) {
290 case 3: z = 224; break;
291 case 4: z = 256; break;
292 case 5: z = 384; break;
293 case 6: z = 512; break;
294 default:
295 z = 1;
296 break;
297 }
298 fprintf(stderr, " sha%d", z);
299 }
300 }
301 }
302
303 static unsigned
304 choose_hash(unsigned chashes)
305 {
306 unsigned hash_id;
307
308 for (hash_id = 6; hash_id >= 2; hash_id --) {
309 if (((chashes >> hash_id) & 1) != 0) {
310 return hash_id;
311 }
312 }
313 /*
314 * Normally unreachable.
315 */
316 return 0;
317 }
318
319 static int
320 sp_choose(const br_ssl_server_policy_class **pctx,
321 const br_ssl_server_context *cc,
322 br_ssl_server_choices *choices)
323 {
324 policy_context *pc;
325 const br_suite_translated *st;
326 size_t u, st_num;
327 unsigned chashes;
328
329 pc = (policy_context *)pctx;
330 st = br_ssl_server_get_client_suites(cc, &st_num);
331 chashes = br_ssl_server_get_client_hashes(cc);
332 if (pc->verbose) {
333 fprintf(stderr, "Client parameters:\n");
334 fprintf(stderr, " Maximum version: ");
335 switch (cc->client_max_version) {
336 case BR_SSL30:
337 fprintf(stderr, "SSL 3.0");
338 break;
339 case BR_TLS10:
340 fprintf(stderr, "TLS 1.0");
341 break;
342 case BR_TLS11:
343 fprintf(stderr, "TLS 1.1");
344 break;
345 case BR_TLS12:
346 fprintf(stderr, "TLS 1.2");
347 break;
348 default:
349 fprintf(stderr, "unknown (0x%04X)",
350 (unsigned)cc->client_max_version);
351 break;
352 }
353 fprintf(stderr, "\n");
354 fprintf(stderr, " Compatible cipher suites:\n");
355 for (u = 0; u < st_num; u ++) {
356 char csn[80];
357
358 get_suite_name_ext(st[u][0], csn, sizeof csn);
359 fprintf(stderr, " %s\n", csn);
360 }
361 fprintf(stderr, " Common sign+hash functions:\n");
362 if ((chashes & 0xFF) != 0) {
363 fprintf(stderr, " with RSA:");
364 print_hashes(chashes);
365 fprintf(stderr, "\n");
366 }
367 if ((chashes >> 8) != 0) {
368 fprintf(stderr, " with ECDSA:");
369 print_hashes(chashes >> 8);
370 fprintf(stderr, "\n");
371 }
372 }
373 for (u = 0; u < st_num; u ++) {
374 unsigned tt;
375
376 tt = st[u][1];
377 switch (tt >> 12) {
378 case BR_SSLKEYX_RSA:
379 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
380 choices->cipher_suite = st[u][0];
381 goto choose_ok;
382 }
383 break;
384 case BR_SSLKEYX_ECDHE_RSA:
385 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
386 choices->cipher_suite = st[u][0];
387 if (br_ssl_engine_get_version(&cc->eng)
388 < BR_TLS12)
389 {
390 if (pc->cbhash) {
391 choices->algo_id = 0x0001;
392 } else {
393 choices->algo_id = 0xFF00;
394 }
395 } else {
396 unsigned id;
397
398 id = choose_hash(chashes);
399 if (pc->cbhash) {
400 choices->algo_id =
401 (id << 8) + 0x01;
402 } else {
403 choices->algo_id = 0xFF00 + id;
404 }
405 }
406 goto choose_ok;
407 }
408 break;
409 case BR_SSLKEYX_ECDHE_ECDSA:
410 if (pc->sk->key_type == BR_KEYTYPE_EC) {
411 choices->cipher_suite = st[u][0];
412 if (br_ssl_engine_get_version(&cc->eng)
413 < BR_TLS12)
414 {
415 if (pc->cbhash) {
416 choices->algo_id = 0x0203;
417 } else {
418 choices->algo_id =
419 0xFF00 + br_sha1_ID;
420 }
421 } else {
422 unsigned id;
423
424 id = choose_hash(chashes >> 8);
425 if (pc->cbhash) {
426 choices->algo_id =
427 (id << 8) + 0x03;
428 } else {
429 choices->algo_id =
430 0xFF00 + id;
431 }
432 }
433 goto choose_ok;
434 }
435 break;
436 case BR_SSLKEYX_ECDH_RSA:
437 if (pc->sk->key_type == BR_KEYTYPE_EC
438 && pc->cert_signer_algo == BR_KEYTYPE_RSA)
439 {
440 choices->cipher_suite = st[u][0];
441 goto choose_ok;
442 }
443 break;
444 case BR_SSLKEYX_ECDH_ECDSA:
445 if (pc->sk->key_type == BR_KEYTYPE_EC
446 && pc->cert_signer_algo == BR_KEYTYPE_EC)
447 {
448 choices->cipher_suite = st[u][0];
449 goto choose_ok;
450 }
451 break;
452 }
453 }
454 return 0;
455
456 choose_ok:
457 choices->chain = pc->chain;
458 choices->chain_len = pc->chain_len;
459 if (pc->verbose) {
460 char csn[80];
461
462 get_suite_name_ext(choices->cipher_suite, csn, sizeof csn);
463 fprintf(stderr, "Using: %s\n", csn);
464 }
465 return 1;
466 }
467
468 static uint32_t
469 sp_do_keyx(const br_ssl_server_policy_class **pctx,
470 unsigned char *data, size_t *len)
471 {
472 policy_context *pc;
473 uint32_t r;
474 size_t xoff, xlen;
475
476 pc = (policy_context *)pctx;
477 switch (pc->sk->key_type) {
478 const br_ec_impl *iec;
479
480 case BR_KEYTYPE_RSA:
481 return br_rsa_ssl_decrypt(
482 br_rsa_private_get_default(),
483 &pc->sk->key.rsa, data, *len);
484 case BR_KEYTYPE_EC:
485 iec = br_ec_get_default();
486 r = iec->mul(data, *len, pc->sk->key.ec.x,
487 pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
488 xoff = iec->xoff(pc->sk->key.ec.curve, &xlen);
489 memmove(data, data + xoff, xlen);
490 *len = xlen;
491 return r;
492 default:
493 fprintf(stderr, "ERROR: unknown private key type (%d)\n",
494 (int)pc->sk->key_type);
495 return 0;
496 }
497 }
498
499 static size_t
500 sp_do_sign(const br_ssl_server_policy_class **pctx,
501 unsigned algo_id, unsigned char *data, size_t hv_len, size_t len)
502 {
503 policy_context *pc;
504 unsigned char hv[64];
505
506 pc = (policy_context *)pctx;
507 if (algo_id >= 0xFF00) {
508 algo_id &= 0xFF;
509 memcpy(hv, data, hv_len);
510 } else {
511 const br_hash_class *hc;
512 br_hash_compat_context zc;
513
514 if (pc->verbose) {
515 fprintf(stderr, "Callback hashing, algo = 0x%04X,"
516 " data_len = %lu\n",
517 algo_id, (unsigned long)hv_len);
518 }
519 algo_id >>= 8;
520 hc = get_hash_impl(algo_id);
521 if (hc == NULL) {
522 if (pc->verbose) {
523 fprintf(stderr,
524 "ERROR: unsupported hash function %u\n",
525 algo_id);
526 }
527 return 0;
528 }
529 hc->init(&zc.vtable);
530 hc->update(&zc.vtable, data, hv_len);
531 hc->out(&zc.vtable, hv);
532 hv_len = (hc->desc >> BR_HASHDESC_OUT_OFF)
533 & BR_HASHDESC_OUT_MASK;
534 }
535 switch (pc->sk->key_type) {
536 size_t sig_len;
537 uint32_t x;
538 const unsigned char *hash_oid;
539 const br_hash_class *hc;
540
541 case BR_KEYTYPE_RSA:
542 hash_oid = get_hash_oid(algo_id);
543 if (hash_oid == NULL && algo_id != 0) {
544 if (pc->verbose) {
545 fprintf(stderr, "ERROR: cannot RSA-sign with"
546 " unknown hash function: %u\n",
547 algo_id);
548 }
549 return 0;
550 }
551 sig_len = (pc->sk->key.rsa.n_bitlen + 7) >> 3;
552 if (len < sig_len) {
553 if (pc->verbose) {
554 fprintf(stderr, "ERROR: cannot RSA-sign,"
555 " buffer is too small"
556 " (sig=%lu, buf=%lu)\n",
557 (unsigned long)sig_len,
558 (unsigned long)len);
559 }
560 return 0;
561 }
562 x = br_rsa_pkcs1_sign_get_default()(
563 hash_oid, hv, hv_len, &pc->sk->key.rsa, data);
564 if (!x) {
565 if (pc->verbose) {
566 fprintf(stderr, "ERROR: RSA-sign failure\n");
567 }
568 return 0;
569 }
570 return sig_len;
571
572 case BR_KEYTYPE_EC:
573 hc = get_hash_impl(algo_id);
574 if (hc == NULL) {
575 if (pc->verbose) {
576 fprintf(stderr, "ERROR: cannot ECDSA-sign with"
577 " unknown hash function: %u\n",
578 algo_id);
579 }
580 return 0;
581 }
582 if (len < 139) {
583 if (pc->verbose) {
584 fprintf(stderr, "ERROR: cannot ECDSA-sign"
585 " (output buffer = %lu)\n",
586 (unsigned long)len);
587 }
588 return 0;
589 }
590 sig_len = br_ecdsa_sign_asn1_get_default()(
591 br_ec_get_default(), hc, hv, &pc->sk->key.ec, data);
592 if (sig_len == 0) {
593 if (pc->verbose) {
594 fprintf(stderr, "ERROR: ECDSA-sign failure\n");
595 }
596 return 0;
597 }
598 return sig_len;
599
600 default:
601 return 0;
602 }
603 }
604
605 static const br_ssl_server_policy_class policy_vtable = {
606 sizeof(policy_context),
607 sp_choose,
608 sp_do_keyx,
609 sp_do_sign
610 };
611
612 void
613 free_alpn(void *alpn)
614 {
615 xfree(*(char **)alpn);
616 }
617
618 /* see brssl.h */
619 int
620 do_server(int argc, char *argv[])
621 {
622 int retcode;
623 int verbose;
624 int trace;
625 int i, bidi;
626 const char *bind_name;
627 const char *port;
628 unsigned vmin, vmax;
629 cipher_suite *suites;
630 size_t num_suites;
631 uint16_t *suite_ids;
632 unsigned hfuns;
633 int cbhash;
634 br_x509_certificate *chain;
635 size_t chain_len;
636 int cert_signer_algo;
637 private_key *sk;
638 anchor_list anchors = VEC_INIT;
639 VECTOR(char *) alpn_names = VEC_INIT;
640 br_x509_minimal_context xc;
641 const br_hash_class *dnhash;
642 size_t u;
643 br_ssl_server_context cc;
644 policy_context pc;
645 br_ssl_session_cache_lru lru;
646 unsigned char *iobuf, *cache;
647 size_t iobuf_len, cache_len;
648 uint32_t flags;
649 SOCKET server_fd, fd;
650
651 retcode = 0;
652 verbose = 1;
653 trace = 0;
654 bind_name = NULL;
655 port = NULL;
656 bidi = 1;
657 vmin = 0;
658 vmax = 0;
659 suites = NULL;
660 num_suites = 0;
661 hfuns = 0;
662 cbhash = 0;
663 suite_ids = NULL;
664 chain = NULL;
665 chain_len = 0;
666 sk = NULL;
667 iobuf = NULL;
668 iobuf_len = 0;
669 cache = NULL;
670 cache_len = (size_t)-1;
671 flags = 0;
672 server_fd = INVALID_SOCKET;
673 fd = INVALID_SOCKET;
674 for (i = 0; i < argc; i ++) {
675 const char *arg;
676
677 arg = argv[i];
678 if (arg[0] != '-') {
679 usage_server();
680 goto server_exit_error;
681 }
682 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
683 verbose = 1;
684 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
685 verbose = 0;
686 } else if (eqstr(arg, "-trace")) {
687 trace = 1;
688 } else if (eqstr(arg, "-b")) {
689 if (++ i >= argc) {
690 fprintf(stderr,
691 "ERROR: no argument for '-b'\n");
692 usage_server();
693 goto server_exit_error;
694 }
695 if (bind_name != NULL) {
696 fprintf(stderr, "ERROR: duplicate bind host\n");
697 usage_server();
698 goto server_exit_error;
699 }
700 bind_name = argv[i];
701 } else if (eqstr(arg, "-p")) {
702 if (++ i >= argc) {
703 fprintf(stderr,
704 "ERROR: no argument for '-p'\n");
705 usage_server();
706 goto server_exit_error;
707 }
708 if (port != NULL) {
709 fprintf(stderr, "ERROR: duplicate bind port\n");
710 usage_server();
711 goto server_exit_error;
712 }
713 port = argv[i];
714 } else if (eqstr(arg, "-mono")) {
715 bidi = 0;
716 } else if (eqstr(arg, "-buf")) {
717 if (++ i >= argc) {
718 fprintf(stderr,
719 "ERROR: no argument for '-buf'\n");
720 usage_server();
721 goto server_exit_error;
722 }
723 arg = argv[i];
724 if (iobuf_len != 0) {
725 fprintf(stderr,
726 "ERROR: duplicate I/O buffer length\n");
727 usage_server();
728 goto server_exit_error;
729 }
730 iobuf_len = parse_size(arg);
731 if (iobuf_len == (size_t)-1) {
732 usage_server();
733 goto server_exit_error;
734 }
735 } else if (eqstr(arg, "-cache")) {
736 if (++ i >= argc) {
737 fprintf(stderr,
738 "ERROR: no argument for '-cache'\n");
739 usage_server();
740 goto server_exit_error;
741 }
742 arg = argv[i];
743 if (cache_len != (size_t)-1) {
744 fprintf(stderr, "ERROR: duplicate session"
745 " cache length\n");
746 usage_server();
747 goto server_exit_error;
748 }
749 cache_len = parse_size(arg);
750 if (cache_len == (size_t)-1) {
751 usage_server();
752 goto server_exit_error;
753 }
754 } else if (eqstr(arg, "-cert")) {
755 if (++ i >= argc) {
756 fprintf(stderr,
757 "ERROR: no argument for '-cert'\n");
758 usage_server();
759 goto server_exit_error;
760 }
761 if (chain != NULL) {
762 fprintf(stderr,
763 "ERROR: duplicate certificate chain\n");
764 usage_server();
765 goto server_exit_error;
766 }
767 arg = argv[i];
768 chain = read_certificates(arg, &chain_len);
769 if (chain == NULL || chain_len == 0) {
770 goto server_exit_error;
771 }
772 } else if (eqstr(arg, "-key")) {
773 if (++ i >= argc) {
774 fprintf(stderr,
775 "ERROR: no argument for '-key'\n");
776 usage_server();
777 goto server_exit_error;
778 }
779 if (sk != NULL) {
780 fprintf(stderr,
781 "ERROR: duplicate private key\n");
782 usage_server();
783 goto server_exit_error;
784 }
785 arg = argv[i];
786 sk = read_private_key(arg);
787 if (sk == NULL) {
788 goto server_exit_error;
789 }
790 } else if (eqstr(arg, "-CA")) {
791 if (++ i >= argc) {
792 fprintf(stderr,
793 "ERROR: no argument for '-CA'\n");
794 usage_server();
795 goto server_exit_error;
796 }
797 arg = argv[i];
798 if (read_trust_anchors(&anchors, arg) == 0) {
799 usage_server();
800 goto server_exit_error;
801 }
802 } else if (eqstr(arg, "-anon_ok")) {
803 flags |= BR_OPT_TOLERATE_NO_CLIENT_AUTH;
804 } else if (eqstr(arg, "-list")) {
805 list_names();
806 goto server_exit;
807 } else if (eqstr(arg, "-vmin")) {
808 if (++ i >= argc) {
809 fprintf(stderr,
810 "ERROR: no argument for '-vmin'\n");
811 usage_server();
812 goto server_exit_error;
813 }
814 arg = argv[i];
815 if (vmin != 0) {
816 fprintf(stderr,
817 "ERROR: duplicate minimum version\n");
818 usage_server();
819 goto server_exit_error;
820 }
821 vmin = parse_version(arg, strlen(arg));
822 if (vmin == 0) {
823 fprintf(stderr,
824 "ERROR: unrecognised version '%s'\n",
825 arg);
826 usage_server();
827 goto server_exit_error;
828 }
829 } else if (eqstr(arg, "-vmax")) {
830 if (++ i >= argc) {
831 fprintf(stderr,
832 "ERROR: no argument for '-vmax'\n");
833 usage_server();
834 goto server_exit_error;
835 }
836 arg = argv[i];
837 if (vmax != 0) {
838 fprintf(stderr,
839 "ERROR: duplicate maximum version\n");
840 usage_server();
841 goto server_exit_error;
842 }
843 vmax = parse_version(arg, strlen(arg));
844 if (vmax == 0) {
845 fprintf(stderr,
846 "ERROR: unrecognised version '%s'\n",
847 arg);
848 usage_server();
849 goto server_exit_error;
850 }
851 } else if (eqstr(arg, "-cs")) {
852 if (++ i >= argc) {
853 fprintf(stderr,
854 "ERROR: no argument for '-cs'\n");
855 usage_server();
856 goto server_exit_error;
857 }
858 arg = argv[i];
859 if (suites != NULL) {
860 fprintf(stderr, "ERROR: duplicate list"
861 " of cipher suites\n");
862 usage_server();
863 goto server_exit_error;
864 }
865 suites = parse_suites(arg, &num_suites);
866 if (suites == NULL) {
867 usage_server();
868 goto server_exit_error;
869 }
870 } else if (eqstr(arg, "-hf")) {
871 unsigned x;
872
873 if (++ i >= argc) {
874 fprintf(stderr,
875 "ERROR: no argument for '-hf'\n");
876 usage_server();
877 goto server_exit_error;
878 }
879 arg = argv[i];
880 x = parse_hash_functions(arg);
881 if (x == 0) {
882 usage_server();
883 goto server_exit_error;
884 }
885 hfuns |= x;
886 } else if (eqstr(arg, "-cbhash")) {
887 cbhash = 1;
888 } else if (eqstr(arg, "-serverpref")) {
889 flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
890 } else if (eqstr(arg, "-noreneg")) {
891 flags |= BR_OPT_NO_RENEGOTIATION;
892 } else if (eqstr(arg, "-alpn")) {
893 if (++ i >= argc) {
894 fprintf(stderr,
895 "ERROR: no argument for '-alpn'\n");
896 usage_server();
897 goto server_exit_error;
898 }
899 VEC_ADD(alpn_names, xstrdup(argv[i]));
900 } else if (eqstr(arg, "-strictalpn")) {
901 flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH;
902 } else {
903 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
904 usage_server();
905 goto server_exit_error;
906 }
907 }
908 if (port == NULL) {
909 port = "4433";
910 }
911 if (vmin == 0) {
912 vmin = BR_TLS10;
913 }
914 if (vmax == 0) {
915 vmax = BR_TLS12;
916 }
917 if (vmax < vmin) {
918 fprintf(stderr, "ERROR: impossible minimum/maximum protocol"
919 " version combination\n");
920 usage_server();
921 goto server_exit_error;
922 }
923 if (suites == NULL) {
924 num_suites = 0;
925
926 for (u = 0; cipher_suites[u].name; u ++) {
927 if ((cipher_suites[u].req & REQ_TLS12) == 0
928 || vmax >= BR_TLS12)
929 {
930 num_suites ++;
931 }
932 }
933 suites = xmalloc(num_suites * sizeof *suites);
934 num_suites = 0;
935 for (u = 0; cipher_suites[u].name; u ++) {
936 if ((cipher_suites[u].req & REQ_TLS12) == 0
937 || vmax >= BR_TLS12)
938 {
939 suites[num_suites ++] = cipher_suites[u];
940 }
941 }
942 }
943 if (hfuns == 0) {
944 hfuns = (unsigned)-1;
945 }
946 if (chain == NULL || chain_len == 0) {
947 fprintf(stderr, "ERROR: no certificate chain provided\n");
948 goto server_exit_error;
949 }
950 if (sk == NULL) {
951 fprintf(stderr, "ERROR: no private key provided\n");
952 goto server_exit_error;
953 }
954 switch (sk->key_type) {
955 int curve;
956 uint32_t supp;
957
958 case BR_KEYTYPE_RSA:
959 break;
960 case BR_KEYTYPE_EC:
961 curve = sk->key.ec.curve;
962 supp = br_ec_get_default()->supported_curves;
963 if (curve > 31 || !((supp >> curve) & 1)) {
964 fprintf(stderr, "ERROR: private key curve (%d)"
965 " is not supported\n", curve);
966 goto server_exit_error;
967 }
968 break;
969 default:
970 fprintf(stderr, "ERROR: unsupported private key type (%d)\n",
971 sk->key_type);
972 break;
973 }
974 cert_signer_algo = get_cert_signer_algo(chain);
975 if (cert_signer_algo == 0) {
976 goto server_exit_error;
977 }
978 if (verbose) {
979 const char *csas;
980
981 switch (cert_signer_algo) {
982 case BR_KEYTYPE_RSA: csas = "RSA"; break;
983 case BR_KEYTYPE_EC: csas = "EC"; break;
984 default:
985 csas = "unknown";
986 break;
987 }
988 fprintf(stderr, "Issuing CA key type: %d (%s)\n",
989 cert_signer_algo, csas);
990 }
991 if (iobuf_len == 0) {
992 if (bidi) {
993 iobuf_len = BR_SSL_BUFSIZE_BIDI;
994 } else {
995 iobuf_len = BR_SSL_BUFSIZE_MONO;
996 }
997 }
998 iobuf = xmalloc(iobuf_len);
999 if (cache_len == (size_t)-1) {
1000 cache_len = 5000;
1001 }
1002 cache = xmalloc(cache_len);
1003
1004 /*
1005 * Compute implementation requirements and inject implementations.
1006 */
1007 suite_ids = xmalloc(num_suites * sizeof *suite_ids);
1008 br_ssl_server_zero(&cc);
1009 br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
1010 br_ssl_engine_set_all_flags(&cc.eng, flags);
1011 if (vmin <= BR_TLS11) {
1012 if (!(hfuns & (1 << br_md5_ID))) {
1013 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");
1014 goto server_exit_error;
1015 }
1016 if (!(hfuns & (1 << br_sha1_ID))) {
1017 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need SHA-1\n");
1018 goto server_exit_error;
1019 }
1020 }
1021 for (u = 0; u < num_suites; u ++) {
1022 unsigned req;
1023
1024 req = suites[u].req;
1025 suite_ids[u] = suites[u].suite;
1026 if ((req & REQ_TLS12) != 0 && vmax < BR_TLS12) {
1027 fprintf(stderr,
1028 "ERROR: cipher suite %s requires TLS 1.2\n",
1029 suites[u].name);
1030 goto server_exit_error;
1031 }
1032 if ((req & REQ_SHA1) != 0 && !(hfuns & (1 << br_sha1_ID))) {
1033 fprintf(stderr,
1034 "ERROR: cipher suite %s requires SHA-1\n",
1035 suites[u].name);
1036 goto server_exit_error;
1037 }
1038 if ((req & REQ_SHA256) != 0 && !(hfuns & (1 << br_sha256_ID))) {
1039 fprintf(stderr,
1040 "ERROR: cipher suite %s requires SHA-256\n",
1041 suites[u].name);
1042 goto server_exit_error;
1043 }
1044 if ((req & REQ_SHA384) != 0 && !(hfuns & (1 << br_sha384_ID))) {
1045 fprintf(stderr,
1046 "ERROR: cipher suite %s requires SHA-384\n",
1047 suites[u].name);
1048 goto server_exit_error;
1049 }
1050 /* TODO: algorithm implementation selection */
1051 if ((req & REQ_AESCBC) != 0) {
1052 br_ssl_engine_set_default_aes_cbc(&cc.eng);
1053 }
1054 if ((req & REQ_AESGCM) != 0) {
1055 br_ssl_engine_set_default_aes_gcm(&cc.eng);
1056 }
1057 if ((req & REQ_CHAPOL) != 0) {
1058 br_ssl_engine_set_default_chapol(&cc.eng);
1059 }
1060 if ((req & REQ_3DESCBC) != 0) {
1061 br_ssl_engine_set_default_des_cbc(&cc.eng);
1062 }
1063 if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
1064 br_ssl_engine_set_default_ec(&cc.eng);
1065 }
1066 }
1067 br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
1068
1069 dnhash = NULL;
1070 for (u = 0; hash_functions[u].name; u ++) {
1071 const br_hash_class *hc;
1072 int id;
1073
1074 hc = hash_functions[u].hclass;
1075 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK;
1076 if ((hfuns & ((unsigned)1 << id)) != 0) {
1077 dnhash = hc;
1078 br_ssl_engine_set_hash(&cc.eng, id, hc);
1079 }
1080 }
1081 if (vmin <= BR_TLS11) {
1082 br_ssl_engine_set_prf10(&cc.eng, &br_tls10_prf);
1083 }
1084 if (vmax >= BR_TLS12) {
1085 if ((hfuns & ((unsigned)1 << br_sha256_ID)) != 0) {
1086 br_ssl_engine_set_prf_sha256(&cc.eng,
1087 &br_tls12_sha256_prf);
1088 }
1089 if ((hfuns & ((unsigned)1 << br_sha384_ID)) != 0) {
1090 br_ssl_engine_set_prf_sha384(&cc.eng,
1091 &br_tls12_sha384_prf);
1092 }
1093 }
1094
1095 br_ssl_session_cache_lru_init(&lru, cache, cache_len);
1096 br_ssl_server_set_cache(&cc, &lru.vtable);
1097
1098 if (VEC_LEN(alpn_names) != 0) {
1099 br_ssl_engine_set_protocol_names(&cc.eng,
1100 (const char **)&VEC_ELT(alpn_names, 0),
1101 VEC_LEN(alpn_names));
1102 }
1103
1104 /*
1105 * Set the policy handler (that chooses the actual cipher suite,
1106 * selects the certificate chain, and runs the private key
1107 * operations).
1108 */
1109 pc.vtable = &policy_vtable;
1110 pc.verbose = verbose;
1111 pc.chain = chain;
1112 pc.chain_len = chain_len;
1113 pc.cert_signer_algo = cert_signer_algo;
1114 pc.sk = sk;
1115 pc.cbhash = cbhash;
1116 br_ssl_server_set_policy(&cc, &pc.vtable);
1117
1118 /*
1119 * If trust anchors have been configured, then set an X.509
1120 * validation engine and activate client certificate
1121 * authentication.
1122 */
1123 if (VEC_LEN(anchors) != 0) {
1124 br_x509_minimal_init(&xc, dnhash,
1125 &VEC_ELT(anchors, 0), VEC_LEN(anchors));
1126 for (u = 0; hash_functions[u].name; u ++) {
1127 const br_hash_class *hc;
1128 int id;
1129
1130 hc = hash_functions[u].hclass;
1131 id = (hc->desc >> BR_HASHDESC_ID_OFF)
1132 & BR_HASHDESC_ID_MASK;
1133 if ((hfuns & ((unsigned)1 << id)) != 0) {
1134 br_x509_minimal_set_hash(&xc, id, hc);
1135 }
1136 }
1137 br_ssl_engine_set_default_rsavrfy(&cc.eng);
1138 br_ssl_engine_set_default_ecdsa(&cc.eng);
1139 br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default());
1140 br_x509_minimal_set_ecdsa(&xc,
1141 br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default());
1142 br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
1143 br_ssl_server_set_trust_anchor_names_alt(&cc,
1144 &VEC_ELT(anchors, 0), VEC_LEN(anchors));
1145 }
1146
1147 br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
1148
1149 /*
1150 * On Unix systems, we need to ignore SIGPIPE.
1151 */
1152 #ifndef _WIN32
1153 signal(SIGPIPE, SIG_IGN);
1154 #endif
1155
1156 /*
1157 * Open the server socket.
1158 */
1159 server_fd = host_bind(bind_name, port, verbose);
1160 if (server_fd == INVALID_SOCKET) {
1161 goto server_exit_error;
1162 }
1163
1164 /*
1165 * Process incoming clients, one at a time. Note that we do not
1166 * accept any client until the previous connection has finished:
1167 * this is voluntary, since the tool uses stdin/stdout for
1168 * application data, and thus cannot really run two connections
1169 * simultaneously.
1170 */
1171 for (;;) {
1172 int x;
1173
1174 fd = accept_client(server_fd, verbose);
1175 if (fd == INVALID_SOCKET) {
1176 goto server_exit_error;
1177 }
1178 br_ssl_server_reset(&cc);
1179 x = run_ssl_engine(&cc.eng, fd,
1180 (verbose ? RUN_ENGINE_VERBOSE : 0)
1181 | (trace ? RUN_ENGINE_TRACE : 0));
1182 #ifdef _WIN32
1183 closesocket(fd);
1184 #else
1185 close(fd);
1186 #endif
1187 fd = INVALID_SOCKET;
1188 if (x < -1) {
1189 goto server_exit_error;
1190 }
1191 }
1192
1193 /*
1194 * Release allocated structures.
1195 */
1196 server_exit:
1197 xfree(suites);
1198 xfree(suite_ids);
1199 free_certificates(chain, chain_len);
1200 free_private_key(sk);
1201 VEC_CLEAREXT(anchors, &free_ta_contents);
1202 VEC_CLEAREXT(alpn_names, &free_alpn);
1203 xfree(iobuf);
1204 xfree(cache);
1205 if (fd != INVALID_SOCKET) {
1206 #ifdef _WIN32
1207 closesocket(fd);
1208 #else
1209 close(fd);
1210 #endif
1211 }
1212 return retcode;
1213
1214 server_exit_error:
1215 retcode = -1;
1216 goto server_exit;
1217 }
The BearSSL library and tools.