projects / BearSSL / blob
? search:


fbc778686eda58fb886138b5b9b1ea04b37c1a16
[BearSSL] / tools / server.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30 #include <signal.h>
31
32 #ifdef _WIN32
33 #include <winsock2.h>
34 #include <ws2tcpip.h>
35 #else
36 #include <sys/types.h>
37 #include <sys/socket.h>
38 #include <netdb.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
41 #include <unistd.h>
42 #include <fcntl.h>
43
44 #define SOCKET int
45 #define INVALID_SOCKET (-1)
46 #define SOCKADDR_STORAGE struct sockaddr_storage
47 #endif
48
49 #include "brssl.h"
50
51 static SOCKET
52 host_bind(const char *host, const char *port, int verbose)
53 {
54 struct addrinfo hints, *si, *p;
55 SOCKET fd;
56 int err;
57
58 memset(&hints, 0, sizeof hints);
59 hints.ai_family = PF_UNSPEC;
60 hints.ai_socktype = SOCK_STREAM;
61 err = getaddrinfo(host, port, &hints, &si);
62 if (err != 0) {
63 fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
64 gai_strerror(err));
65 return INVALID_SOCKET;
66 }
67 fd = INVALID_SOCKET;
68 for (p = si; p != NULL; p = p->ai_next) {
69 struct sockaddr *sa;
70 struct sockaddr_in sa4;
71 struct sockaddr_in6 sa6;
72 size_t sa_len;
73 void *addr;
74 int opt;
75
76 sa = (struct sockaddr *)p->ai_addr;
77 if (sa->sa_family == AF_INET) {
78 sa4 = *(struct sockaddr_in *)sa;
79 sa = (struct sockaddr *)&sa4;
80 sa_len = sizeof sa4;
81 addr = &sa4.sin_addr;
82 if (host == NULL) {
83 sa4.sin_addr.s_addr = INADDR_ANY;
84 }
85 } else if (sa->sa_family == AF_INET6) {
86 sa6 = *(struct sockaddr_in6 *)sa;
87 sa = (struct sockaddr *)&sa6;
88 sa_len = sizeof sa6;
89 addr = &sa6.sin6_addr;
90 if (host == NULL) {
91 sa6.sin6_addr = in6addr_any;
92 }
93 } else {
94 addr = NULL;
95 sa_len = p->ai_addrlen;
96 }
97 if (verbose) {
98 char tmp[INET6_ADDRSTRLEN + 50];
99
100 if (addr != NULL) {
101 if (!inet_ntop(p->ai_family, addr,
102 tmp, sizeof tmp))
103 {
104 strcpy(tmp, "<invalid>");
105 }
106 } else {
107 sprintf(tmp, "<unknown family: %d>",
108 (int)sa->sa_family);
109 }
110 fprintf(stderr, "binding to: %s\n", tmp);
111 }
112 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
113 if (fd == INVALID_SOCKET) {
114 if (verbose) {
115 perror("socket()");
116 }
117 continue;
118 }
119 opt = 1;
120 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
121 (void *)&opt, sizeof opt);
122 opt = 0;
123 setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
124 (void *)&opt, sizeof opt);
125 if (bind(fd, sa, sa_len) < 0) {
126 if (verbose) {
127 perror("bind()");
128 }
129 #ifdef _WIN32
130 closesocket(fd);
131 #else
132 close(fd);
133 #endif
134 continue;
135 }
136 break;
137 }
138 if (p == NULL) {
139 freeaddrinfo(si);
140 fprintf(stderr, "ERROR: failed to bind\n");
141 return INVALID_SOCKET;
142 }
143 freeaddrinfo(si);
144 if (listen(fd, 5) < 0) {
145 if (verbose) {
146 perror("listen()");
147 }
148 #ifdef _WIN32
149 closesocket(fd);
150 #else
151 close(fd);
152 #endif
153 return INVALID_SOCKET;
154 }
155 if (verbose) {
156 fprintf(stderr, "bound.\n");
157 }
158 return fd;
159 }
160
161 static SOCKET
162 accept_client(SOCKET server_fd, int verbose)
163 {
164 int fd;
165 SOCKADDR_STORAGE sa;
166 socklen_t sa_len;
167
168 sa_len = sizeof sa;
169 fd = accept(server_fd, (struct sockaddr *)&sa, &sa_len);
170 if (fd == INVALID_SOCKET) {
171 if (verbose) {
172 perror("accept()");
173 }
174 return INVALID_SOCKET;
175 }
176 if (verbose) {
177 char tmp[INET6_ADDRSTRLEN + 50];
178 const char *name;
179
180 name = NULL;
181 switch (((struct sockaddr *)&sa)->sa_family) {
182 case AF_INET:
183 name = inet_ntop(AF_INET,
184 &((struct sockaddr_in *)&sa)->sin_addr,
185 tmp, sizeof tmp);
186 break;
187 case AF_INET6:
188 name = inet_ntop(AF_INET6,
189 &((struct sockaddr_in6 *)&sa)->sin6_addr,
190 tmp, sizeof tmp);
191 break;
192 }
193 if (name == NULL) {
194 sprintf(tmp, "<unknown: %lu>", (unsigned long)
195 ((struct sockaddr *)&sa)->sa_family);
196 name = tmp;
197 }
198 fprintf(stderr, "accepting connection from: %s\n", name);
199 }
200
201 /*
202 * We make the socket non-blocking, since we are going to use
203 * poll() or select() to organise I/O.
204 */
205 #ifdef _WIN32
206 {
207 u_long arg;
208
209 arg = 1;
210 ioctlsocket(fd, FIONBIO, &arg);
211 }
212 #else
213 fcntl(fd, F_SETFL, O_NONBLOCK);
214 #endif
215 return fd;
216 }
217
218 static void
219 usage_server(void)
220 {
221 fprintf(stderr,
222 "usage: brssl server [ options ]\n");
223 fprintf(stderr,
224 "options:\n");
225 fprintf(stderr,
226 " -q suppress verbose messages\n");
227 fprintf(stderr,
228 " -trace activate extra debug messages (dump of all packets)\n");
229 fprintf(stderr,
230 " -b name bind to a specific address or host name\n");
231 fprintf(stderr,
232 " -p port bind to a specific port (default: 4433)\n");
233 fprintf(stderr,
234 " -mono use monodirectional buffering\n");
235 fprintf(stderr,
236 " -buf length set the I/O buffer length (in bytes)\n");
237 fprintf(stderr,
238 " -cache length set the session cache storage length (in bytes)\n");
239 fprintf(stderr,
240 " -cert fname read certificate chain from file 'fname'\n");
241 fprintf(stderr,
242 " -key fname read private key from file 'fname'\n");
243 fprintf(stderr,
244 " -CA file add trust anchors from 'file' (for client auth)\n");
245 fprintf(stderr,
246 " -anon_ok request but do not require a client certificate\n");
247 fprintf(stderr,
248 " -list list supported names (protocols, algorithms...)\n");
249 fprintf(stderr,
250 " -vmin name set minimum supported version (default: TLS-1.0)\n");
251 fprintf(stderr,
252 " -vmax name set maximum supported version (default: TLS-1.2)\n");
253 fprintf(stderr,
254 " -cs names set list of supported cipher suites (comma-separated)\n");
255 fprintf(stderr,
256 " -hf names add support for some hash functions (comma-separated)\n");
257 fprintf(stderr,
258 " -cbhash test hashing in policy callback\n");
259 fprintf(stderr,
260 " -serverpref enforce server's preferences for cipher suites\n");
261 fprintf(stderr,
262 " -noreneg prohibit renegotiations\n");
263 fprintf(stderr,
264 " -alpn name add protocol name to list of protocols (ALPN extension)\n");
265 fprintf(stderr,
266 " -strictalpn fail on ALPN mismatch\n");
267 exit(EXIT_FAILURE);
268 }
269
270 typedef struct {
271 const br_ssl_server_policy_class *vtable;
272 int verbose;
273 br_x509_certificate *chain;
274 size_t chain_len;
275 int cert_signer_algo;
276 private_key *sk;
277 int cbhash;
278 } policy_context;
279
280 static void
281 print_hashes(unsigned chashes)
282 {
283 int i;
284
285 for (i = 2; i <= 6; i ++) {
286 if ((chashes >> i) & 1) {
287 int z;
288
289 switch (i) {
290 case 3: z = 224; break;
291 case 4: z = 256; break;
292 case 5: z = 384; break;
293 case 6: z = 512; break;
294 default:
295 z = 1;
296 break;
297 }
298 fprintf(stderr, " sha%d", z);
299 }
300 }
301 }
302
303 static unsigned
304 choose_hash(unsigned chashes)
305 {
306 unsigned hash_id;
307
308 for (hash_id = 6; hash_id >= 2; hash_id --) {
309 if (((chashes >> hash_id) & 1) != 0) {
310 return hash_id;
311 }
312 }
313 /*
314 * Normally unreachable.
315 */
316 return 0;
317 }
318
319 static int
320 sp_choose(const br_ssl_server_policy_class **pctx,
321 const br_ssl_server_context *cc,
322 br_ssl_server_choices *choices)
323 {
324 policy_context *pc;
325 const br_suite_translated *st;
326 size_t u, st_num;
327 unsigned chashes;
328
329 pc = (policy_context *)pctx;
330 st = br_ssl_server_get_client_suites(cc, &st_num);
331 chashes = br_ssl_server_get_client_hashes(cc);
332 if (pc->verbose) {
333 fprintf(stderr, "Client parameters:\n");
334 fprintf(stderr, " Maximum version: ");
335 switch (cc->client_max_version) {
336 case BR_SSL30:
337 fprintf(stderr, "SSL 3.0");
338 break;
339 case BR_TLS10:
340 fprintf(stderr, "TLS 1.0");
341 break;
342 case BR_TLS11:
343 fprintf(stderr, "TLS 1.1");
344 break;
345 case BR_TLS12:
346 fprintf(stderr, "TLS 1.2");
347 break;
348 default:
349 fprintf(stderr, "unknown (0x%04X)",
350 (unsigned)cc->client_max_version);
351 break;
352 }
353 fprintf(stderr, "\n");
354 fprintf(stderr, " Compatible cipher suites:\n");
355 for (u = 0; u < st_num; u ++) {
356 char csn[80];
357
358 get_suite_name_ext(st[u][0], csn, sizeof csn);
359 fprintf(stderr, " %s\n", csn);
360 }
361 fprintf(stderr, " Common sign+hash functions:\n");
362 if ((chashes & 0xFF) != 0) {
363 fprintf(stderr, " with RSA:");
364 print_hashes(chashes);
365 fprintf(stderr, "\n");
366 }
367 if ((chashes >> 8) != 0) {
368 fprintf(stderr, " with ECDSA:");
369 print_hashes(chashes >> 8);
370 fprintf(stderr, "\n");
371 }
372 }
373 for (u = 0; u < st_num; u ++) {
374 unsigned tt;
375
376 tt = st[u][1];
377 switch (tt >> 12) {
378 case BR_SSLKEYX_RSA:
379 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
380 choices->cipher_suite = st[u][0];
381 goto choose_ok;
382 }
383 break;
384 case BR_SSLKEYX_ECDHE_RSA:
385 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
386 choices->cipher_suite = st[u][0];
387 if (br_ssl_engine_get_version(&cc->eng)
388 < BR_TLS12)
389 {
390 if (pc->cbhash) {
391 choices->algo_id = 0x0001;
392 } else {
393 choices->algo_id = 0xFF00;
394 }
395 } else {
396 unsigned id;
397
398 id = choose_hash(chashes);
399 if (pc->cbhash) {
400 choices->algo_id =
401 (id << 8) + 0x01;
402 } else {
403 choices->algo_id = 0xFF00 + id;
404 }
405 }
406 goto choose_ok;
407 }
408 break;
409 case BR_SSLKEYX_ECDHE_ECDSA:
410 if (pc->sk->key_type == BR_KEYTYPE_EC) {
411 choices->cipher_suite = st[u][0];
412 if (br_ssl_engine_get_version(&cc->eng)
413 < BR_TLS12)
414 {
415 if (pc->cbhash) {
416 choices->algo_id = 0x0203;
417 } else {
418 choices->algo_id =
419 0xFF00 + br_sha1_ID;
420 }
421 } else {
422 unsigned id;
423
424 id = choose_hash(chashes >> 8);
425 if (pc->cbhash) {
426 choices->algo_id =
427 (id << 8) + 0x03;
428 } else {
429 choices->algo_id =
430 0xFF00 + id;
431 }
432 }
433 goto choose_ok;
434 }
435 break;
436 case BR_SSLKEYX_ECDH_RSA:
437 if (pc->sk->key_type == BR_KEYTYPE_EC
438 && pc->cert_signer_algo == BR_KEYTYPE_RSA)
439 {
440 choices->cipher_suite = st[u][0];
441 goto choose_ok;
442 }
443 break;
444 case BR_SSLKEYX_ECDH_ECDSA:
445 if (pc->sk->key_type == BR_KEYTYPE_EC
446 && pc->cert_signer_algo == BR_KEYTYPE_EC)
447 {
448 choices->cipher_suite = st[u][0];
449 goto choose_ok;
450 }
451 break;
452 }
453 }
454 return 0;
455
456 choose_ok:
457 choices->chain = pc->chain;
458 choices->chain_len = pc->chain_len;
459 if (pc->verbose) {
460 char csn[80];
461
462 get_suite_name_ext(choices->cipher_suite, csn, sizeof csn);
463 fprintf(stderr, "Using: %s\n", csn);
464 }
465 return 1;
466 }
467
468 static uint32_t
469 sp_do_keyx(const br_ssl_server_policy_class **pctx,
470 unsigned char *data, size_t *len)
471 {
472 policy_context *pc;
473 uint32_t r;
474 size_t xoff, xlen;
475
476 pc = (policy_context *)pctx;
477 switch (pc->sk->key_type) {
478 case BR_KEYTYPE_RSA:
479 return br_rsa_ssl_decrypt(
480 &br_rsa_i31_private, &pc->sk->key.rsa,
481 data, *len);
482 case BR_KEYTYPE_EC:
483 r = br_ec_all_m15.mul(data, *len, pc->sk->key.ec.x,
484 pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
485 xoff = br_ec_all_m15.xoff(pc->sk->key.ec.curve, &xlen);
486 memmove(data, data + xoff, xlen);
487 *len = xlen;
488 return r;
489 default:
490 fprintf(stderr, "ERROR: unknown private key type (%d)\n",
491 (int)pc->sk->key_type);
492 return 0;
493 }
494 }
495
496 static size_t
497 sp_do_sign(const br_ssl_server_policy_class **pctx,
498 unsigned algo_id, unsigned char *data, size_t hv_len, size_t len)
499 {
500 policy_context *pc;
501 unsigned char hv[64];
502
503 pc = (policy_context *)pctx;
504 if (algo_id >= 0xFF00) {
505 algo_id &= 0xFF;
506 memcpy(hv, data, hv_len);
507 } else {
508 const br_hash_class *hc;
509 br_hash_compat_context zc;
510
511 if (pc->verbose) {
512 fprintf(stderr, "Callback hashing, algo = 0x%04X,"
513 " data_len = %lu\n",
514 algo_id, (unsigned long)hv_len);
515 }
516 algo_id >>= 8;
517 hc = get_hash_impl(algo_id);
518 if (hc == NULL) {
519 if (pc->verbose) {
520 fprintf(stderr,
521 "ERROR: unsupported hash function %u\n",
522 algo_id);
523 }
524 return 0;
525 }
526 hc->init(&zc.vtable);
527 hc->update(&zc.vtable, data, hv_len);
528 hc->out(&zc.vtable, hv);
529 hv_len = (hc->desc >> BR_HASHDESC_OUT_OFF)
530 & BR_HASHDESC_OUT_MASK;
531 }
532 switch (pc->sk->key_type) {
533 size_t sig_len;
534 uint32_t x;
535 const unsigned char *hash_oid;
536 const br_hash_class *hc;
537
538 case BR_KEYTYPE_RSA:
539 hash_oid = get_hash_oid(algo_id);
540 if (hash_oid == NULL && algo_id != 0) {
541 if (pc->verbose) {
542 fprintf(stderr, "ERROR: cannot RSA-sign with"
543 " unknown hash function: %u\n",
544 algo_id);
545 }
546 return 0;
547 }
548 sig_len = (pc->sk->key.rsa.n_bitlen + 7) >> 3;
549 if (len < sig_len) {
550 if (pc->verbose) {
551 fprintf(stderr, "ERROR: cannot RSA-sign,"
552 " buffer is too small"
553 " (sig=%lu, buf=%lu)\n",
554 (unsigned long)sig_len,
555 (unsigned long)len);
556 }
557 return 0;
558 }
559 x = br_rsa_i31_pkcs1_sign(hash_oid, hv, hv_len,
560 &pc->sk->key.rsa, data);
561 if (!x) {
562 if (pc->verbose) {
563 fprintf(stderr, "ERROR: RSA-sign failure\n");
564 }
565 return 0;
566 }
567 return sig_len;
568
569 case BR_KEYTYPE_EC:
570 hc = get_hash_impl(algo_id);
571 if (hc == NULL) {
572 if (pc->verbose) {
573 fprintf(stderr, "ERROR: cannot ECDSA-sign with"
574 " unknown hash function: %u\n",
575 algo_id);
576 }
577 return 0;
578 }
579 if (len < 139) {
580 if (pc->verbose) {
581 fprintf(stderr, "ERROR: cannot ECDSA-sign"
582 " (output buffer = %lu)\n",
583 (unsigned long)len);
584 }
585 return 0;
586 }
587 sig_len = br_ecdsa_i31_sign_asn1(&br_ec_all_m15,
588 hc, hv, &pc->sk->key.ec, data);
589 if (sig_len == 0) {
590 if (pc->verbose) {
591 fprintf(stderr, "ERROR: ECDSA-sign failure\n");
592 }
593 return 0;
594 }
595 return sig_len;
596
597 default:
598 return 0;
599 }
600 }
601
602 static const br_ssl_server_policy_class policy_vtable = {
603 sizeof(policy_context),
604 sp_choose,
605 sp_do_keyx,
606 sp_do_sign
607 };
608
609 void
610 free_alpn(void *alpn)
611 {
612 xfree(*(char **)alpn);
613 }
614
615 /* see brssl.h */
616 int
617 do_server(int argc, char *argv[])
618 {
619 int retcode;
620 int verbose;
621 int trace;
622 int i, bidi;
623 const char *bind_name;
624 const char *port;
625 unsigned vmin, vmax;
626 cipher_suite *suites;
627 size_t num_suites;
628 uint16_t *suite_ids;
629 unsigned hfuns;
630 int cbhash;
631 br_x509_certificate *chain;
632 size_t chain_len;
633 int cert_signer_algo;
634 private_key *sk;
635 anchor_list anchors = VEC_INIT;
636 VECTOR(char *) alpn_names = VEC_INIT;
637 br_x509_minimal_context xc;
638 const br_hash_class *dnhash;
639 size_t u;
640 br_ssl_server_context cc;
641 policy_context pc;
642 br_ssl_session_cache_lru lru;
643 unsigned char *iobuf, *cache;
644 size_t iobuf_len, cache_len;
645 uint32_t flags;
646 SOCKET server_fd, fd;
647
648 retcode = 0;
649 verbose = 1;
650 trace = 0;
651 bind_name = NULL;
652 port = NULL;
653 bidi = 1;
654 vmin = 0;
655 vmax = 0;
656 suites = NULL;
657 num_suites = 0;
658 hfuns = 0;
659 cbhash = 0;
660 suite_ids = NULL;
661 chain = NULL;
662 chain_len = 0;
663 sk = NULL;
664 iobuf = NULL;
665 iobuf_len = 0;
666 cache = NULL;
667 cache_len = (size_t)-1;
668 flags = 0;
669 server_fd = INVALID_SOCKET;
670 fd = INVALID_SOCKET;
671 for (i = 0; i < argc; i ++) {
672 const char *arg;
673
674 arg = argv[i];
675 if (arg[0] != '-') {
676 usage_server();
677 goto server_exit_error;
678 }
679 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
680 verbose = 1;
681 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
682 verbose = 0;
683 } else if (eqstr(arg, "-trace")) {
684 trace = 1;
685 } else if (eqstr(arg, "-b")) {
686 if (++ i >= argc) {
687 fprintf(stderr,
688 "ERROR: no argument for '-b'\n");
689 usage_server();
690 goto server_exit_error;
691 }
692 if (bind_name != NULL) {
693 fprintf(stderr, "ERROR: duplicate bind host\n");
694 usage_server();
695 goto server_exit_error;
696 }
697 bind_name = argv[i];
698 } else if (eqstr(arg, "-p")) {
699 if (++ i >= argc) {
700 fprintf(stderr,
701 "ERROR: no argument for '-p'\n");
702 usage_server();
703 goto server_exit_error;
704 }
705 if (port != NULL) {
706 fprintf(stderr, "ERROR: duplicate bind port\n");
707 usage_server();
708 goto server_exit_error;
709 }
710 port = argv[i];
711 } else if (eqstr(arg, "-mono")) {
712 bidi = 0;
713 } else if (eqstr(arg, "-buf")) {
714 if (++ i >= argc) {
715 fprintf(stderr,
716 "ERROR: no argument for '-buf'\n");
717 usage_server();
718 goto server_exit_error;
719 }
720 arg = argv[i];
721 if (iobuf_len != 0) {
722 fprintf(stderr,
723 "ERROR: duplicate I/O buffer length\n");
724 usage_server();
725 goto server_exit_error;
726 }
727 iobuf_len = parse_size(arg);
728 if (iobuf_len == (size_t)-1) {
729 usage_server();
730 goto server_exit_error;
731 }
732 } else if (eqstr(arg, "-cache")) {
733 if (++ i >= argc) {
734 fprintf(stderr,
735 "ERROR: no argument for '-cache'\n");
736 usage_server();
737 goto server_exit_error;
738 }
739 arg = argv[i];
740 if (cache_len != (size_t)-1) {
741 fprintf(stderr, "ERROR: duplicate session"
742 " cache length\n");
743 usage_server();
744 goto server_exit_error;
745 }
746 cache_len = parse_size(arg);
747 if (cache_len == (size_t)-1) {
748 usage_server();
749 goto server_exit_error;
750 }
751 } else if (eqstr(arg, "-cert")) {
752 if (++ i >= argc) {
753 fprintf(stderr,
754 "ERROR: no argument for '-cert'\n");
755 usage_server();
756 goto server_exit_error;
757 }
758 if (chain != NULL) {
759 fprintf(stderr,
760 "ERROR: duplicate certificate chain\n");
761 usage_server();
762 goto server_exit_error;
763 }
764 arg = argv[i];
765 chain = read_certificates(arg, &chain_len);
766 if (chain == NULL || chain_len == 0) {
767 goto server_exit_error;
768 }
769 } else if (eqstr(arg, "-key")) {
770 if (++ i >= argc) {
771 fprintf(stderr,
772 "ERROR: no argument for '-key'\n");
773 usage_server();
774 goto server_exit_error;
775 }
776 if (sk != NULL) {
777 fprintf(stderr,
778 "ERROR: duplicate private key\n");
779 usage_server();
780 goto server_exit_error;
781 }
782 arg = argv[i];
783 sk = read_private_key(arg);
784 if (sk == NULL) {
785 goto server_exit_error;
786 }
787 } else if (eqstr(arg, "-CA")) {
788 if (++ i >= argc) {
789 fprintf(stderr,
790 "ERROR: no argument for '-CA'\n");
791 usage_server();
792 goto server_exit_error;
793 }
794 arg = argv[i];
795 if (read_trust_anchors(&anchors, arg) == 0) {
796 usage_server();
797 goto server_exit_error;
798 }
799 } else if (eqstr(arg, "-anon_ok")) {
800 flags |= BR_OPT_TOLERATE_NO_CLIENT_AUTH;
801 } else if (eqstr(arg, "-list")) {
802 list_names();
803 goto server_exit;
804 } else if (eqstr(arg, "-vmin")) {
805 if (++ i >= argc) {
806 fprintf(stderr,
807 "ERROR: no argument for '-vmin'\n");
808 usage_server();
809 goto server_exit_error;
810 }
811 arg = argv[i];
812 if (vmin != 0) {
813 fprintf(stderr,
814 "ERROR: duplicate minimum version\n");
815 usage_server();
816 goto server_exit_error;
817 }
818 vmin = parse_version(arg, strlen(arg));
819 if (vmin == 0) {
820 fprintf(stderr,
821 "ERROR: unrecognised version '%s'\n",
822 arg);
823 usage_server();
824 goto server_exit_error;
825 }
826 } else if (eqstr(arg, "-vmax")) {
827 if (++ i >= argc) {
828 fprintf(stderr,
829 "ERROR: no argument for '-vmax'\n");
830 usage_server();
831 goto server_exit_error;
832 }
833 arg = argv[i];
834 if (vmax != 0) {
835 fprintf(stderr,
836 "ERROR: duplicate maximum version\n");
837 usage_server();
838 goto server_exit_error;
839 }
840 vmax = parse_version(arg, strlen(arg));
841 if (vmax == 0) {
842 fprintf(stderr,
843 "ERROR: unrecognised version '%s'\n",
844 arg);
845 usage_server();
846 goto server_exit_error;
847 }
848 } else if (eqstr(arg, "-cs")) {
849 if (++ i >= argc) {
850 fprintf(stderr,
851 "ERROR: no argument for '-cs'\n");
852 usage_server();
853 goto server_exit_error;
854 }
855 arg = argv[i];
856 if (suites != NULL) {
857 fprintf(stderr, "ERROR: duplicate list"
858 " of cipher suites\n");
859 usage_server();
860 goto server_exit_error;
861 }
862 suites = parse_suites(arg, &num_suites);
863 if (suites == NULL) {
864 usage_server();
865 goto server_exit_error;
866 }
867 } else if (eqstr(arg, "-hf")) {
868 unsigned x;
869
870 if (++ i >= argc) {
871 fprintf(stderr,
872 "ERROR: no argument for '-hf'\n");
873 usage_server();
874 goto server_exit_error;
875 }
876 arg = argv[i];
877 x = parse_hash_functions(arg);
878 if (x == 0) {
879 usage_server();
880 goto server_exit_error;
881 }
882 hfuns |= x;
883 } else if (eqstr(arg, "-cbhash")) {
884 cbhash = 1;
885 } else if (eqstr(arg, "-serverpref")) {
886 flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
887 } else if (eqstr(arg, "-noreneg")) {
888 flags |= BR_OPT_NO_RENEGOTIATION;
889 } else if (eqstr(arg, "-alpn")) {
890 if (++ i >= argc) {
891 fprintf(stderr,
892 "ERROR: no argument for '-alpn'\n");
893 usage_server();
894 goto server_exit_error;
895 }
896 VEC_ADD(alpn_names, xstrdup(argv[i]));
897 } else if (eqstr(arg, "-strictalpn")) {
898 flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH;
899 } else {
900 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
901 usage_server();
902 goto server_exit_error;
903 }
904 }
905 if (port == NULL) {
906 port = "4433";
907 }
908 if (vmin == 0) {
909 vmin = BR_TLS10;
910 }
911 if (vmax == 0) {
912 vmax = BR_TLS12;
913 }
914 if (vmax < vmin) {
915 fprintf(stderr, "ERROR: impossible minimum/maximum protocol"
916 " version combination\n");
917 usage_server();
918 goto server_exit_error;
919 }
920 if (suites == NULL) {
921 num_suites = 0;
922
923 for (u = 0; cipher_suites[u].name; u ++) {
924 if ((cipher_suites[u].req & REQ_TLS12) == 0
925 || vmax >= BR_TLS12)
926 {
927 num_suites ++;
928 }
929 }
930 suites = xmalloc(num_suites * sizeof *suites);
931 num_suites = 0;
932 for (u = 0; cipher_suites[u].name; u ++) {
933 if ((cipher_suites[u].req & REQ_TLS12) == 0
934 || vmax >= BR_TLS12)
935 {
936 suites[num_suites ++] = cipher_suites[u];
937 }
938 }
939 }
940 if (hfuns == 0) {
941 hfuns = (unsigned)-1;
942 }
943 if (chain == NULL || chain_len == 0) {
944 fprintf(stderr, "ERROR: no certificate chain provided\n");
945 goto server_exit_error;
946 }
947 if (sk == NULL) {
948 fprintf(stderr, "ERROR: no private key provided\n");
949 goto server_exit_error;
950 }
951 switch (sk->key_type) {
952 int curve;
953 uint32_t supp;
954
955 case BR_KEYTYPE_RSA:
956 break;
957 case BR_KEYTYPE_EC:
958 curve = sk->key.ec.curve;
959 supp = br_ec_all_m15.supported_curves;
960 if (curve > 31 || !((supp >> curve) & 1)) {
961 fprintf(stderr, "ERROR: private key curve (%d)"
962 " is not supported\n", curve);
963 goto server_exit_error;
964 }
965 break;
966 default:
967 fprintf(stderr, "ERROR: unsupported private key type (%d)\n",
968 sk->key_type);
969 break;
970 }
971 cert_signer_algo = get_cert_signer_algo(chain);
972 if (cert_signer_algo == 0) {
973 goto server_exit_error;
974 }
975 if (verbose) {
976 const char *csas;
977
978 switch (cert_signer_algo) {
979 case BR_KEYTYPE_RSA: csas = "RSA"; break;
980 case BR_KEYTYPE_EC: csas = "EC"; break;
981 default:
982 csas = "unknown";
983 break;
984 }
985 fprintf(stderr, "Issuing CA key type: %d (%s)\n",
986 cert_signer_algo, csas);
987 }
988 if (iobuf_len == 0) {
989 if (bidi) {
990 iobuf_len = BR_SSL_BUFSIZE_BIDI;
991 } else {
992 iobuf_len = BR_SSL_BUFSIZE_MONO;
993 }
994 }
995 iobuf = xmalloc(iobuf_len);
996 if (cache_len == (size_t)-1) {
997 cache_len = 5000;
998 }
999 cache = xmalloc(cache_len);
1000
1001 /*
1002 * Compute implementation requirements and inject implementations.
1003 */
1004 suite_ids = xmalloc(num_suites * sizeof *suite_ids);
1005 br_ssl_server_zero(&cc);
1006 br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
1007 br_ssl_engine_set_all_flags(&cc.eng, flags);
1008 if (vmin <= BR_TLS11) {
1009 if (!(hfuns & (1 << br_md5_ID))) {
1010 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");
1011 goto server_exit_error;
1012 }
1013 if (!(hfuns & (1 << br_sha1_ID))) {
1014 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need SHA-1\n");
1015 goto server_exit_error;
1016 }
1017 }
1018 for (u = 0; u < num_suites; u ++) {
1019 unsigned req;
1020
1021 req = suites[u].req;
1022 suite_ids[u] = suites[u].suite;
1023 if ((req & REQ_TLS12) != 0 && vmax < BR_TLS12) {
1024 fprintf(stderr,
1025 "ERROR: cipher suite %s requires TLS 1.2\n",
1026 suites[u].name);
1027 goto server_exit_error;
1028 }
1029 if ((req & REQ_SHA1) != 0 && !(hfuns & (1 << br_sha1_ID))) {
1030 fprintf(stderr,
1031 "ERROR: cipher suite %s requires SHA-1\n",
1032 suites[u].name);
1033 goto server_exit_error;
1034 }
1035 if ((req & REQ_SHA256) != 0 && !(hfuns & (1 << br_sha256_ID))) {
1036 fprintf(stderr,
1037 "ERROR: cipher suite %s requires SHA-256\n",
1038 suites[u].name);
1039 goto server_exit_error;
1040 }
1041 if ((req & REQ_SHA384) != 0 && !(hfuns & (1 << br_sha384_ID))) {
1042 fprintf(stderr,
1043 "ERROR: cipher suite %s requires SHA-384\n",
1044 suites[u].name);
1045 goto server_exit_error;
1046 }
1047 /* TODO: algorithm implementation selection */
1048 if ((req & REQ_AESCBC) != 0) {
1049 br_ssl_engine_set_aes_cbc(&cc.eng,
1050 &br_aes_ct_cbcenc_vtable,
1051 &br_aes_ct_cbcdec_vtable);
1052 br_ssl_engine_set_cbc(&cc.eng,
1053 &br_sslrec_in_cbc_vtable,
1054 &br_sslrec_out_cbc_vtable);
1055 }
1056 if ((req & REQ_AESGCM) != 0) {
1057 br_ssl_engine_set_aes_ctr(&cc.eng,
1058 &br_aes_ct_ctr_vtable);
1059 br_ssl_engine_set_ghash(&cc.eng,
1060 &br_ghash_ctmul);
1061 br_ssl_engine_set_gcm(&cc.eng,
1062 &br_sslrec_in_gcm_vtable,
1063 &br_sslrec_out_gcm_vtable);
1064 }
1065 if ((req & REQ_CHAPOL) != 0) {
1066 br_ssl_engine_set_chacha20(&cc.eng,
1067 &br_chacha20_ct_run);
1068 br_ssl_engine_set_poly1305(&cc.eng,
1069 &br_poly1305_ctmul_run);
1070 br_ssl_engine_set_chapol(&cc.eng,
1071 &br_sslrec_in_chapol_vtable,
1072 &br_sslrec_out_chapol_vtable);
1073 }
1074 if ((req & REQ_3DESCBC) != 0) {
1075 br_ssl_engine_set_des_cbc(&cc.eng,
1076 &br_des_ct_cbcenc_vtable,
1077 &br_des_ct_cbcdec_vtable);
1078 br_ssl_engine_set_cbc(&cc.eng,
1079 &br_sslrec_in_cbc_vtable,
1080 &br_sslrec_out_cbc_vtable);
1081 }
1082 if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
1083 br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
1084 }
1085 }
1086 br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
1087
1088 dnhash = NULL;
1089 for (u = 0; hash_functions[u].name; u ++) {
1090 const br_hash_class *hc;
1091 int id;
1092
1093 hc = hash_functions[u].hclass;
1094 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK;
1095 if ((hfuns & ((unsigned)1 << id)) != 0) {
1096 dnhash = hc;
1097 br_ssl_engine_set_hash(&cc.eng, id, hc);
1098 }
1099 }
1100 if (vmin <= BR_TLS11) {
1101 br_ssl_engine_set_prf10(&cc.eng, &br_tls10_prf);
1102 }
1103 if (vmax >= BR_TLS12) {
1104 if ((hfuns & ((unsigned)1 << br_sha256_ID)) != 0) {
1105 br_ssl_engine_set_prf_sha256(&cc.eng,
1106 &br_tls12_sha256_prf);
1107 }
1108 if ((hfuns & ((unsigned)1 << br_sha384_ID)) != 0) {
1109 br_ssl_engine_set_prf_sha384(&cc.eng,
1110 &br_tls12_sha384_prf);
1111 }
1112 }
1113
1114 br_ssl_session_cache_lru_init(&lru, cache, cache_len);
1115 br_ssl_server_set_cache(&cc, &lru.vtable);
1116
1117 if (VEC_LEN(alpn_names) != 0) {
1118 br_ssl_engine_set_protocol_names(&cc.eng,
1119 (const char **)&VEC_ELT(alpn_names, 0),
1120 VEC_LEN(alpn_names));
1121 }
1122
1123 /*
1124 * Set the policy handler (that chooses the actual cipher suite,
1125 * selects the certificate chain, and runs the private key
1126 * operations).
1127 */
1128 pc.vtable = &policy_vtable;
1129 pc.verbose = verbose;
1130 pc.chain = chain;
1131 pc.chain_len = chain_len;
1132 pc.cert_signer_algo = cert_signer_algo;
1133 pc.sk = sk;
1134 pc.cbhash = cbhash;
1135 br_ssl_server_set_policy(&cc, &pc.vtable);
1136
1137 /*
1138 * If trust anchors have been configured, then set an X.509
1139 * validation engine and activate client certificate
1140 * authentication.
1141 */
1142 if (VEC_LEN(anchors) != 0) {
1143 br_x509_minimal_init(&xc, dnhash,
1144 &VEC_ELT(anchors, 0), VEC_LEN(anchors));
1145 for (u = 0; hash_functions[u].name; u ++) {
1146 const br_hash_class *hc;
1147 int id;
1148
1149 hc = hash_functions[u].hclass;
1150 id = (hc->desc >> BR_HASHDESC_ID_OFF)
1151 & BR_HASHDESC_ID_MASK;
1152 if ((hfuns & ((unsigned)1 << id)) != 0) {
1153 br_x509_minimal_set_hash(&xc, id, hc);
1154 }
1155 }
1156 br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
1157 br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
1158 br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
1159 br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
1160 br_x509_minimal_set_ecdsa(&xc,
1161 &br_ec_all_m15, &br_ecdsa_i31_vrfy_asn1);
1162 br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
1163 br_ssl_server_set_trust_anchor_names_alt(&cc,
1164 &VEC_ELT(anchors, 0), VEC_LEN(anchors));
1165 }
1166
1167 br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
1168
1169 /*
1170 * On Unix systems, we need to ignore SIGPIPE.
1171 */
1172 #ifndef _WIN32
1173 signal(SIGPIPE, SIG_IGN);
1174 #endif
1175
1176 /*
1177 * Open the server socket.
1178 */
1179 server_fd = host_bind(bind_name, port, verbose);
1180 if (server_fd == INVALID_SOCKET) {
1181 goto server_exit_error;
1182 }
1183
1184 /*
1185 * Process incoming clients, one at a time. Note that we do not
1186 * accept any client until the previous connection has finished:
1187 * this is voluntary, since the tool uses stdin/stdout for
1188 * application data, and thus cannot really run two connections
1189 * simultaneously.
1190 */
1191 for (;;) {
1192 int x;
1193
1194 fd = accept_client(server_fd, verbose);
1195 if (fd == INVALID_SOCKET) {
1196 goto server_exit_error;
1197 }
1198 br_ssl_server_reset(&cc);
1199 x = run_ssl_engine(&cc.eng, fd,
1200 (verbose ? RUN_ENGINE_VERBOSE : 0)
1201 | (trace ? RUN_ENGINE_TRACE : 0));
1202 #ifdef _WIN32
1203 closesocket(fd);
1204 #else
1205 close(fd);
1206 #endif
1207 fd = INVALID_SOCKET;
1208 if (x < -1) {
1209 goto server_exit_error;
1210 }
1211 }
1212
1213 /*
1214 * Release allocated structures.
1215 */
1216 server_exit:
1217 xfree(suites);
1218 xfree(suite_ids);
1219 free_certificates(chain, chain_len);
1220 free_private_key(sk);
1221 VEC_CLEAREXT(anchors, &free_ta_contents);
1222 VEC_CLEAREXT(alpn_names, &free_alpn);
1223 xfree(iobuf);
1224 xfree(cache);
1225 if (fd != INVALID_SOCKET) {
1226 #ifdef _WIN32
1227 closesocket(fd);
1228 #else
1229 close(fd);
1230 #endif
1231 }
1232 return retcode;
1233
1234 server_exit_error:
1235 retcode = -1;
1236 goto server_exit;
1237 }
The BearSSL library and tools.