Added macro that indicates presence of the time callback feature. Also added C++...
[BearSSL] / tools / client.c
index 200cb16..9838857 100644 (file)
 #include <errno.h>
 #include <signal.h>
 
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>
 #include <unistd.h>
 #include <fcntl.h>
 
+#define SOCKET             int
+#define INVALID_SOCKET     (-1)
+#endif
+
 #include "brssl.h"
-#include "bearssl.h"
 
 static int
 host_connect(const char *host, const char *port, int verbose)
 {
        struct addrinfo hints, *si, *p;
-       int fd;
+       SOCKET fd;
        int err;
 
        memset(&hints, 0, sizeof hints);
@@ -54,9 +61,9 @@ host_connect(const char *host, const char *port, int verbose)
        if (err != 0) {
                fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
                        gai_strerror(err));
-               return -1;
+               return INVALID_SOCKET;
        }
-       fd = -1;
+       fd = INVALID_SOCKET;
        for (p = si; p != NULL; p = p->ai_next) {
                if (verbose) {
                        struct sockaddr *sa;
@@ -65,9 +72,11 @@ host_connect(const char *host, const char *port, int verbose)
 
                        sa = (struct sockaddr *)p->ai_addr;
                        if (sa->sa_family == AF_INET) {
-                               addr = &((struct sockaddr_in *)sa)->sin_addr;
+                               addr = &((struct sockaddr_in *)
+                                       (void *)sa)->sin_addr;
                        } else if (sa->sa_family == AF_INET6) {
-                               addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+                               addr = &((struct sockaddr_in6 *)
+                                       (void *)sa)->sin6_addr;
                        } else {
                                addr = NULL;
                        }
@@ -84,17 +93,21 @@ host_connect(const char *host, const char *port, int verbose)
                        fprintf(stderr, "connecting to: %s\n", tmp);
                }
                fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
-               if (fd < 0) {
+               if (fd == INVALID_SOCKET) {
                        if (verbose) {
                                perror("socket()");
                        }
                        continue;
                }
-               if (connect(fd, p->ai_addr, p->ai_addrlen) < 0) {
+               if (connect(fd, p->ai_addr, p->ai_addrlen) == INVALID_SOCKET) {
                        if (verbose) {
                                perror("connect()");
                        }
+#ifdef _WIN32
+                       closesocket(fd);
+#else
                        close(fd);
+#endif
                        continue;
                }
                break;
@@ -102,7 +115,7 @@ host_connect(const char *host, const char *port, int verbose)
        if (p == NULL) {
                freeaddrinfo(si);
                fprintf(stderr, "ERROR: failed to connect\n");
-               return -1;
+               return INVALID_SOCKET;
        }
        freeaddrinfo(si);
        if (verbose) {
@@ -111,9 +124,18 @@ host_connect(const char *host, const char *port, int verbose)
 
        /*
         * We make the socket non-blocking, since we are going to use
-        * poll() to organise I/O.
+        * poll() or select() to organise I/O.
         */
+#ifdef _WIN32
+       {
+               u_long arg;
+
+               arg = 1;
+               ioctlsocket(fd, FIONBIO, &arg);
+       }
+#else
        fcntl(fd, F_SETFL, O_NONBLOCK);
+#endif
        return fd;
 }
 
@@ -319,13 +341,21 @@ cc_choose(const br_ssl_client_certificate_class **pctx,
 
 static uint32_t
 cc_do_keyx(const br_ssl_client_certificate_class **pctx,
-       unsigned char *data, size_t len)
+       unsigned char *data, size_t *len)
 {
+       const br_ec_impl *iec;
        ccert_context *zc;
+       size_t xoff, xlen;
+       uint32_t r;
 
        zc = (ccert_context *)pctx;
-       return br_ec_prime_i31.mul(data, len, zc->sk->key.ec.x,
+       iec = br_ec_get_default();
+       r = iec->mul(data, *len, zc->sk->key.ec.x,
                zc->sk->key.ec.xlen, zc->sk->key.ec.curve);
+       xoff = iec->xoff(zc->sk->key.ec.curve, &xlen);
+       memmove(data, data + xoff, xlen);
+       *len = xlen;
+       return r;
 }
 
 static size_t
@@ -364,8 +394,8 @@ cc_do_sign(const br_ssl_client_certificate_class **pctx,
                        }
                        return 0;
                }
-               x = br_rsa_i31_pkcs1_sign(hash_oid, hv, hv_len,
-                       &zc->sk->key.rsa, data);
+               x = br_rsa_pkcs1_sign_get_default()(
+                       hash_oid, hv, hv_len, &zc->sk->key.rsa, data);
                if (!x) {
                        if (zc->verbose) {
                                fprintf(stderr, "ERROR: RSA-sign failure\n");
@@ -392,8 +422,8 @@ cc_do_sign(const br_ssl_client_certificate_class **pctx,
                        }
                        return 0;
                }
-               sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31,
-                       hc, hv, &zc->sk->key.ec, data);
+               sig_len = br_ecdsa_sign_asn1_get_default()(
+                       br_ec_get_default(), hc, hv, &zc->sk->key.ec, data);
                if (sig_len == 0) {
                        if (zc->verbose) {
                                fprintf(stderr, "ERROR: ECDSA-sign failure\n");
@@ -488,7 +518,7 @@ do_client(int argc, char *argv[])
        const char *sni;
        anchor_list anchors = VEC_INIT;
        unsigned vmin, vmax;
-       VECTOR(const char *) alpn_names = VEC_INIT;
+       VECTOR(char *) alpn_names = VEC_INIT;
        cipher_suite *suites;
        size_t num_suites;
        uint16_t *suite_ids;
@@ -508,7 +538,7 @@ do_client(int argc, char *argv[])
        size_t minhello_len;
        int fallback;
        uint32_t flags;
-       int fd;
+       SOCKET fd;
 
        retcode = 0;
        verbose = 1;
@@ -533,7 +563,7 @@ do_client(int argc, char *argv[])
        minhello_len = (size_t)-1;
        fallback = 0;
        flags = 0;
-       fd = -1;
+       fd = INVALID_SOCKET;
        for (i = 0; i < argc; i ++) {
                const char *arg;
 
@@ -736,7 +766,7 @@ do_client(int argc, char *argv[])
                        }
                        arg = argv[i];
                        if (minhello_len != (size_t)-1) {
-                               fprintf(stderr, "ERROR: duplicate minium"
+                               fprintf(stderr, "ERROR: duplicate minimum"
                                        " ClientHello length\n");
                                usage_client();
                                goto client_exit_error;
@@ -920,54 +950,32 @@ do_client(int argc, char *argv[])
                }
                /* TODO: algorithm implementation selection */
                if ((req & REQ_AESCBC) != 0) {
-                       br_ssl_engine_set_aes_cbc(&cc.eng,
-                               &br_aes_ct_cbcenc_vtable,
-                               &br_aes_ct_cbcdec_vtable);
-                       br_ssl_engine_set_cbc(&cc.eng,
-                               &br_sslrec_in_cbc_vtable,
-                               &br_sslrec_out_cbc_vtable);
+                       br_ssl_engine_set_default_aes_cbc(&cc.eng);
+               }
+               if ((req & REQ_AESCCM) != 0) {
+                       br_ssl_engine_set_default_aes_ccm(&cc.eng);
                }
                if ((req & REQ_AESGCM) != 0) {
-                       br_ssl_engine_set_aes_ctr(&cc.eng,
-                               &br_aes_ct_ctr_vtable);
-                       br_ssl_engine_set_ghash(&cc.eng,
-                               &br_ghash_ctmul);
-                       br_ssl_engine_set_gcm(&cc.eng,
-                               &br_sslrec_in_gcm_vtable,
-                               &br_sslrec_out_gcm_vtable);
+                       br_ssl_engine_set_default_aes_gcm(&cc.eng);
                }
                if ((req & REQ_CHAPOL) != 0) {
-                       br_ssl_engine_set_chacha20(&cc.eng,
-                               &br_chacha20_ct_run);
-                       br_ssl_engine_set_poly1305(&cc.eng,
-                               &br_poly1305_ctmul_run);
-                       br_ssl_engine_set_chapol(&cc.eng,
-                               &br_sslrec_in_chapol_vtable,
-                               &br_sslrec_out_chapol_vtable);
+                       br_ssl_engine_set_default_chapol(&cc.eng);
                }
                if ((req & REQ_3DESCBC) != 0) {
-                       br_ssl_engine_set_des_cbc(&cc.eng,
-                               &br_des_ct_cbcenc_vtable,
-                               &br_des_ct_cbcdec_vtable);
-                       br_ssl_engine_set_cbc(&cc.eng,
-                               &br_sslrec_in_cbc_vtable,
-                               &br_sslrec_out_cbc_vtable);
+                       br_ssl_engine_set_default_des_cbc(&cc.eng);
                }
                if ((req & REQ_RSAKEYX) != 0) {
-                       br_ssl_client_set_rsapub(&cc, &br_rsa_i31_public);
+                       br_ssl_client_set_default_rsapub(&cc);
                }
                if ((req & REQ_ECDHE_RSA) != 0) {
-                       br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
-                       br_ssl_engine_set_rsavrfy(&cc.eng,
-                               &br_rsa_i31_pkcs1_vrfy);
+                       br_ssl_engine_set_default_ec(&cc.eng);
+                       br_ssl_engine_set_default_rsavrfy(&cc.eng);
                }
                if ((req & REQ_ECDHE_ECDSA) != 0) {
-                       br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
-                       br_ssl_engine_set_ecdsa(&cc.eng,
-                               &br_ecdsa_i31_vrfy_asn1);
+                       br_ssl_engine_set_default_ecdsa(&cc.eng);
                }
                if ((req & REQ_ECDH) != 0) {
-                       br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+                       br_ssl_engine_set_default_ec(&cc.eng);
                }
        }
        if (fallback) {
@@ -999,9 +1007,9 @@ do_client(int argc, char *argv[])
                                &br_tls12_sha384_prf);
                }
        }
-       br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
+       br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default());
        br_x509_minimal_set_ecdsa(&xc,
-               &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
+               br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default());
 
        /*
         * If there is no provided trust anchor, then certificate validation
@@ -1025,7 +1033,8 @@ do_client(int argc, char *argv[])
        br_ssl_engine_set_all_flags(&cc.eng, flags);
        if (VEC_LEN(alpn_names) != 0) {
                br_ssl_engine_set_protocol_names(&cc.eng,
-                       &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+                       (const char **)&VEC_ELT(alpn_names, 0),
+                       VEC_LEN(alpn_names));
        }
 
        if (chain != NULL) {
@@ -1049,15 +1058,17 @@ do_client(int argc, char *argv[])
        br_ssl_client_reset(&cc, sni, 0);
 
        /*
-        * We need to avoid SIGPIPE.
+        * On Unix systems, we need to avoid SIGPIPE.
         */
+#ifndef _WIN32
        signal(SIGPIPE, SIG_IGN);
+#endif
 
        /*
         * Connect to the peer.
         */
        fd = host_connect(host, port, verbose);
-       if (fd < 0) {
+       if (fd == INVALID_SOCKET) {
                goto client_exit_error;
        }
 
@@ -1086,8 +1097,12 @@ client_exit:
        free_certificates(chain, chain_len);
        free_private_key(sk);
        xfree(iobuf);
-       if (fd >= 0) {
+       if (fd != INVALID_SOCKET) {
+#ifdef _WIN32
+               closesocket(fd);
+#else
                close(fd);
+#endif
        }
        return retcode;