2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
35 #include <sys/types.h>
36 #include <sys/socket.h>
38 #include <netinet/in.h>
39 #include <arpa/inet.h>
45 #define INVALID_SOCKET (-1)
51 dump_blob(const char *name
, const void *data
, size_t len
)
53 const unsigned char *buf
;
57 fprintf(stderr
, "%s (len = %lu)", name
, (unsigned long)len
);
58 for (u
= 0; u
< len
; u
++) {
60 fprintf(stderr
, "\n%08lX ", (unsigned long)u
);
61 } else if ((u
& 7) == 0) {
64 fprintf(stderr
, " %02x", buf
[u
]);
66 fprintf(stderr
, "\n");
70 * Inspect the provided data in case it is a "command" to trigger a
71 * special behaviour. If the command is recognised, then it is executed
72 * and this function returns 1. Otherwise, this function returns 0.
75 run_command(br_ssl_engine_context
*cc
, unsigned char *buf
, size_t len
)
78 * A single static slot for saving session parameters.
80 static br_ssl_session_parameters slot
;
81 static int slot_used
= 0;
85 if (len
< 2 || len
> 3) {
88 if (len
== 3 && (buf
[1] != '\r' || buf
[2] != '\n')) {
91 if (len
== 2 && buf
[1] != '\n') {
96 fprintf(stderr
, "closing...\n");
97 br_ssl_engine_close(cc
);
100 if (br_ssl_engine_renegotiate(cc
)) {
101 fprintf(stderr
, "renegotiating...\n");
103 fprintf(stderr
, "not renegotiating.\n");
108 * Session forget is nominally client-only. But the
109 * session parameters are in the engine structure, which
110 * is the first field of the client context, so the cast
111 * still works properly. On the server, this forgetting
114 fprintf(stderr
, "forgetting session...\n");
115 br_ssl_client_forget_session((br_ssl_client_context
*)cc
);
118 fprintf(stderr
, "saving session parameters...\n");
119 br_ssl_engine_get_session_parameters(cc
, &slot
);
120 fprintf(stderr
, " id = ");
121 for (u
= 0; u
< slot
.session_id_len
; u
++) {
122 fprintf(stderr
, "%02X", slot
.session_id
[u
]);
124 fprintf(stderr
, "\n");
129 fprintf(stderr
, "restoring session parameters...\n");
130 fprintf(stderr
, " id = ");
131 for (u
= 0; u
< slot
.session_id_len
; u
++) {
132 fprintf(stderr
, "%02X", slot
.session_id
[u
]);
134 fprintf(stderr
, "\n");
135 br_ssl_engine_set_session_parameters(cc
, &slot
);
147 unsigned char buf
[1024];
152 in_return_bytes(in_buffer
*bb
, unsigned char *buf
, size_t len
)
154 if (bb
->ptr
< bb
->len
) {
160 clen
= bb
->len
- bb
->ptr
;
164 memcpy(buf
, bb
->buf
+ bb
->ptr
, clen
);
166 if (bb
->ptr
== bb
->len
) {
167 bb
->ptr
= bb
->len
= 0;
175 * A buffered version of in_read(), using a buffer to return only
176 * full lines when feasible.
179 in_read_buffered(HANDLE h_in
, in_buffer
*bb
, unsigned char *buf
, size_t len
)
186 n
= in_return_bytes(bb
, buf
, len
);
194 if (!PeekConsoleInput(h_in
, &inrec
, 1, &v
)) {
195 fprintf(stderr
, "ERROR: PeekConsoleInput()"
196 " failed with 0x%08lX\n",
197 (unsigned long)GetLastError());
203 if (!ReadConsoleInput(h_in
, &inrec
, 1, &v
)) {
204 fprintf(stderr
, "ERROR: ReadConsoleInput()"
205 " failed with 0x%08lX\n",
206 (unsigned long)GetLastError());
212 if (inrec
.EventType
== KEY_EVENT
213 && inrec
.Event
.KeyEvent
.bKeyDown
)
217 c
= inrec
.Event
.KeyEvent
.uChar
.AsciiChar
;
218 if (c
== '\n' || c
== '\r' || c
== '\t'
219 || (c
>= 32 && c
!= 127))
224 bb
->buf
[bb
->ptr
++] = (unsigned char)c
;
228 if (bb
->len
== sizeof bb
->buf
|| c
== '\n') {
230 return in_return_bytes(bb
, buf
, len
);
238 in_avail_buffered(HANDLE h_in
, in_buffer
*bb
)
240 return in_read_buffered(h_in
, bb
, NULL
, 1);
247 run_ssl_engine(br_ssl_engine_context
*cc
, unsigned long fd
, unsigned flags
)
255 int can_send
, can_recv
;
262 verbose
= (flags
& RUN_ENGINE_VERBOSE
) != 0;
263 trace
= (flags
& RUN_ENGINE_TRACE
) != 0;
266 * Print algorithm details.
271 fprintf(stderr
, "Algorithms:\n");
272 br_prng_seeder_system(&rngname
);
273 fprintf(stderr
, " RNG: %s\n", rngname
);
274 if (cc
->iaes_cbcenc
!= 0) {
275 fprintf(stderr
, " AES/CBC (enc): %s\n",
276 get_algo_name(cc
->iaes_cbcenc
, 0));
278 if (cc
->iaes_cbcdec
!= 0) {
279 fprintf(stderr
, " AES/CBC (dec): %s\n",
280 get_algo_name(cc
->iaes_cbcdec
, 0));
282 if (cc
->iaes_ctr
!= 0) {
283 fprintf(stderr
, " AES/CTR: %s\n",
284 get_algo_name(cc
->iaes_cbcdec
, 0));
286 if (cc
->ides_cbcenc
!= 0) {
287 fprintf(stderr
, " DES/CBC (enc): %s\n",
288 get_algo_name(cc
->ides_cbcenc
, 0));
290 if (cc
->ides_cbcdec
!= 0) {
291 fprintf(stderr
, " DES/CBC (dec): %s\n",
292 get_algo_name(cc
->ides_cbcdec
, 0));
294 if (cc
->ighash
!= 0) {
295 fprintf(stderr
, " GHASH (GCM): %s\n",
296 get_algo_name(cc
->ighash
, 0));
298 if (cc
->ichacha
!= 0) {
299 fprintf(stderr
, " ChaCha20: %s\n",
300 get_algo_name(cc
->ichacha
, 0));
302 if (cc
->ipoly
!= 0) {
303 fprintf(stderr
, " Poly1305: %s\n",
304 get_algo_name(cc
->ipoly
, 0));
307 fprintf(stderr
, " EC: %s\n",
308 get_algo_name(cc
->iec
, 0));
310 if (cc
->iecdsa
!= 0) {
311 fprintf(stderr
, " ECDSA: %s\n",
312 get_algo_name(cc
->iecdsa
, 0));
314 if (cc
->irsavrfy
!= 0) {
315 fprintf(stderr
, " RSA (vrfy): %s\n",
316 get_algo_name(cc
->irsavrfy
, 0));
321 fd_event
= WSA_INVALID_EVENT
;
328 * On Unix systems, we need to follow three descriptors:
329 * standard input (0), standard output (1), and the socket
330 * itself (for both read and write). This is done with a poll()
333 * On Windows systems, we use WSAEventSelect() to associate
334 * an event handle with the network activity, and we use
335 * WaitForMultipleObjectsEx() on that handle and the standard
336 * input handle, when appropriate. Standard output is assumed
337 * to be always writeable, and standard input to be the console;
338 * this does not work well (or at all) with redirections (to
339 * pipes or files) but it should be enough for a debug tool
340 * (TODO: make something that handles redirections as well).
344 fd_event
= WSACreateEvent();
345 if (fd_event
== WSA_INVALID_EVENT
) {
346 fprintf(stderr
, "ERROR: WSACreateEvent() failed with %d\n",
351 WSAEventSelect(fd
, fd_event
, FD_READ
| FD_WRITE
| FD_CLOSE
);
352 h_in
= GetStdHandle(STD_INPUT_HANDLE
);
353 h_out
= GetStdHandle(STD_OUTPUT_HANDLE
);
354 SetConsoleMode(h_in
, ENABLE_ECHO_INPUT
356 | ENABLE_PROCESSED_INPUT
357 | ENABLE_PROCESSED_OUTPUT
358 | ENABLE_WRAP_AT_EOL_OUTPUT
);
361 * Make sure that stdin and stdout are non-blocking.
363 fcntl(0, F_SETFL
, O_NONBLOCK
);
364 fcntl(1, F_SETFL
, O_NONBLOCK
);
372 int sendrec
, recvrec
, sendapp
, recvapp
;
377 struct pollfd pfd
[3];
380 size_t u
, k_fd
, k_in
, k_out
;
381 int sendrec_ok
, recvrec_ok
, sendapp_ok
, recvapp_ok
;
384 * Get current engine state.
386 st
= br_ssl_engine_current_state(cc
);
387 if (st
== BR_SSL_CLOSED
) {
390 err
= br_ssl_engine_last_error(cc
);
391 if (err
== BR_ERR_OK
) {
394 "SSL closed normally\n");
399 fprintf(stderr
, "ERROR: SSL error %d", err
);
401 if (err
>= BR_ERR_SEND_FATAL_ALERT
) {
402 err
-= BR_ERR_SEND_FATAL_ALERT
;
404 " (sent alert %d)\n", err
);
405 } else if (err
>= BR_ERR_RECV_FATAL_ALERT
) {
406 err
-= BR_ERR_RECV_FATAL_ALERT
;
408 " (received alert %d)\n", err
);
412 ename
= find_error_name(err
, NULL
);
416 fprintf(stderr
, " (%s)\n", ename
);
423 * Compute descriptors that must be polled, depending
426 sendrec
= ((st
& BR_SSL_SENDREC
) != 0);
427 recvrec
= ((st
& BR_SSL_RECVREC
) != 0);
428 sendapp
= ((st
& BR_SSL_SENDAPP
) != 0);
429 recvapp
= ((st
& BR_SSL_RECVAPP
) != 0);
430 if (verbose
&& sendapp
&& !hsdetails
) {
434 fprintf(stderr
, "Handshake completed\n");
435 fprintf(stderr
, " version: ");
436 switch (cc
->session
.version
) {
438 fprintf(stderr
, "SSL 3.0");
441 fprintf(stderr
, "TLS 1.0");
444 fprintf(stderr
, "TLS 1.1");
447 fprintf(stderr
, "TLS 1.2");
450 fprintf(stderr
, "unknown (0x%04X)",
451 (unsigned)cc
->session
.version
);
454 fprintf(stderr
, "\n");
456 cc
->session
.cipher_suite
, csn
, sizeof csn
);
457 fprintf(stderr
, " cipher suite: %s\n", csn
);
458 if (uses_ecdhe(cc
->session
.cipher_suite
)) {
460 br_ssl_engine_get_ecdhe_curve(cc
),
463 " ECDHE curve: %s\n", csn
);
465 fprintf(stderr
, " secure renegotiation: %s\n",
466 cc
->reneg
== 1 ? "no" : "yes");
467 pname
= br_ssl_engine_get_selected_protocol(cc
);
470 " protocol name (ALPN): %s\n",
483 * If we recorded that we can send or receive data, and we
484 * want to do exactly that, then we don't wait; we just do
492 if (sendrec
&& can_send
) {
494 } else if (recvrec
&& can_recv
) {
496 } else if (recvapp
) {
498 } else if (sendapp
&& in_avail_buffered(h_in
, &bb
)) {
502 * If we cannot do I/O right away, then we must
503 * wait for some event, and try again.
505 pfd
[u
] = (HANDLE
)fd_event
;
513 wt
= WaitForMultipleObjectsEx(u
, pfd
,
514 FALSE
, INFINITE
, FALSE
);
515 if (wt
== WAIT_FAILED
) {
516 fprintf(stderr
, "ERROR:"
517 " WaitForMultipleObjectsEx()"
518 " failed with 0x%08lX",
519 (unsigned long)GetLastError());
526 if (WSAEnumNetworkEvents(fd
, fd_event
, &e
)) {
527 fprintf(stderr
, "ERROR:"
528 " WSAEnumNetworkEvents()"
534 if (e
.lNetworkEvents
& (FD_WRITE
| FD_CLOSE
)) {
537 if (e
.lNetworkEvents
& (FD_READ
| FD_CLOSE
)) {
544 if (sendrec
|| recvrec
) {
549 pfd
[u
].events
|= POLLOUT
;
552 pfd
[u
].events
|= POLLIN
;
560 pfd
[u
].events
= POLLIN
;
567 pfd
[u
].events
= POLLOUT
;
571 n
= poll(pfd
, u
, -1);
573 if (errno
== EINTR
) {
576 perror("ERROR: poll()");
585 * We transform closures/errors into read+write accesses
586 * so as to force the read() or write() call that will
587 * detect the situation.
590 if (pfd
[u
].revents
& (POLLERR
| POLLHUP
)) {
591 pfd
[u
].revents
|= POLLIN
| POLLOUT
;
595 recvapp_ok
= recvapp
&& (pfd
[k_out
].revents
& POLLOUT
) != 0;
596 sendrec_ok
= sendrec
&& (pfd
[k_fd
].revents
& POLLOUT
) != 0;
597 recvrec_ok
= recvrec
&& (pfd
[k_fd
].revents
& POLLIN
) != 0;
598 sendapp_ok
= sendapp
&& (pfd
[k_in
].revents
& POLLIN
) != 0;
602 * We give preference to outgoing data, on stdout and on
614 buf
= br_ssl_engine_recvapp_buf(cc
, &len
);
616 if (!WriteFile(h_out
, buf
, len
, &wlen
, NULL
)) {
618 fprintf(stderr
, "stdout closed...\n");
624 wlen
= write(1, buf
, len
);
627 fprintf(stderr
, "stdout closed...\n");
633 br_ssl_engine_recvapp_ack(cc
, wlen
);
641 buf
= br_ssl_engine_sendrec_buf(cc
, &len
);
642 wlen
= send(fd
, buf
, len
, 0);
647 err
= WSAGetLastError();
648 if (err
== EWOULDBLOCK
649 || err
== WSAEWOULDBLOCK
)
655 if (errno
== EINTR
|| errno
== EWOULDBLOCK
) {
660 fprintf(stderr
, "socket closed...\n");
666 dump_blob("Outgoing bytes", buf
, wlen
);
668 br_ssl_engine_sendrec_ack(cc
, wlen
);
676 buf
= br_ssl_engine_recvrec_buf(cc
, &len
);
677 rlen
= recv(fd
, buf
, len
, 0);
680 fprintf(stderr
, "socket closed...\n");
689 err
= WSAGetLastError();
690 if (err
== EWOULDBLOCK
691 || err
== WSAEWOULDBLOCK
)
697 if (errno
== EINTR
|| errno
== EWOULDBLOCK
) {
702 fprintf(stderr
, "socket broke...\n");
708 dump_blob("Incoming bytes", buf
, rlen
);
710 br_ssl_engine_recvrec_ack(cc
, rlen
);
722 buf
= br_ssl_engine_sendapp_buf(cc
, &len
);
724 rlen
= in_read_buffered(h_in
, &bb
, buf
, len
);
726 rlen
= read(0, buf
, len
);
730 fprintf(stderr
, "stdin closed...\n");
732 br_ssl_engine_close(cc
);
733 } else if (!run_command(cc
, buf
, rlen
)) {
734 br_ssl_engine_sendapp_ack(cc
, rlen
);
736 br_ssl_engine_flush(cc
, 0);
740 /* We should never reach that point. */
741 fprintf(stderr
, "ERROR: poll() misbehaves\n");
747 * Release allocated structures.
751 if (fd_event
!= WSA_INVALID_EVENT
) {
752 WSACloseEvent(fd_event
);