projects / BearSSL / blob
? search:


fc16692c54334c4bb5a158017e7dcaf1e2a87a38
[BearSSL] / tools / server.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <netdb.h>
34 #include <netinet/in.h>
35 #include <arpa/inet.h>
36 #include <unistd.h>
37 #include <fcntl.h>
38 #include <sys/poll.h>
39
40 #include "brssl.h"
41 #include "bearssl.h"
42
43 static int
44 host_bind(const char *host, const char *port, int verbose)
45 {
46 struct addrinfo hints, *si, *p;
47 int fd;
48 int err;
49
50 memset(&hints, 0, sizeof hints);
51 hints.ai_family = PF_UNSPEC;
52 hints.ai_socktype = SOCK_STREAM;
53 err = getaddrinfo(host, port, &hints, &si);
54 if (err != 0) {
55 fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
56 gai_strerror(err));
57 return -1;
58 }
59 fd = -1;
60 for (p = si; p != NULL; p = p->ai_next) {
61 struct sockaddr *sa;
62 struct sockaddr_in sa4;
63 struct sockaddr_in6 sa6;
64 size_t sa_len;
65 void *addr;
66 char tmp[INET6_ADDRSTRLEN + 50];
67 int opt;
68
69 sa = (struct sockaddr *)p->ai_addr;
70 if (sa->sa_family == AF_INET) {
71 sa4 = *(struct sockaddr_in *)sa;
72 sa = (struct sockaddr *)&sa4;
73 sa_len = sizeof sa4;
74 addr = &sa4.sin_addr;
75 if (host == NULL) {
76 sa4.sin_addr.s_addr = INADDR_ANY;
77 }
78 } else if (sa->sa_family == AF_INET6) {
79 sa6 = *(struct sockaddr_in6 *)sa;
80 sa = (struct sockaddr *)&sa6;
81 sa_len = sizeof sa6;
82 addr = &sa6.sin6_addr;
83 if (host == NULL) {
84 sa6.sin6_addr = in6addr_any;
85 }
86 } else {
87 addr = NULL;
88 sa_len = p->ai_addrlen;
89 }
90 if (addr != NULL) {
91 inet_ntop(p->ai_family, addr, tmp, sizeof tmp);
92 } else {
93 sprintf(tmp, "<unknown family: %d>",
94 (int)sa->sa_family);
95 }
96 if (verbose) {
97 fprintf(stderr, "binding to: %s\n", tmp);
98 }
99 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
100 if (fd < 0) {
101 if (verbose) {
102 perror("socket()");
103 }
104 continue;
105 }
106 opt = 1;
107 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);
108 opt = 0;
109 setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt);
110 if (bind(fd, sa, sa_len) < 0) {
111 if (verbose) {
112 perror("bind()");
113 }
114 close(fd);
115 continue;
116 }
117 break;
118 }
119 if (p == NULL) {
120 freeaddrinfo(si);
121 fprintf(stderr, "ERROR: failed to bind\n");
122 return -1;
123 }
124 freeaddrinfo(si);
125 if (listen(fd, 5) < 0) {
126 if (verbose) {
127 perror("listen()");
128 }
129 close(fd);
130 return -1;
131 }
132 if (verbose) {
133 fprintf(stderr, "bound.\n");
134 }
135 return fd;
136 }
137
138 static int
139 accept_client(int server_fd, int verbose)
140 {
141 int fd;
142 struct sockaddr sa;
143 socklen_t sa_len;
144
145 sa_len = sizeof sa;
146 fd = accept(server_fd, &sa, &sa_len);
147 if (fd < 0) {
148 if (verbose) {
149 perror("accept()");
150 }
151 return -1;
152 }
153 if (verbose) {
154 char tmp[INET6_ADDRSTRLEN + 50];
155 const char *name;
156
157 name = NULL;
158 switch (sa.sa_family) {
159 case AF_INET:
160 name = inet_ntop(AF_INET,
161 &((struct sockaddr_in *)&sa)->sin_addr,
162 tmp, sizeof tmp);
163 break;
164 case AF_INET6:
165 name = inet_ntop(AF_INET,
166 &((struct sockaddr_in *)&sa)->sin_addr,
167 tmp, sizeof tmp);
168 break;
169 }
170 if (name == NULL) {
171 sprintf(tmp, "<unknown: %lu>",
172 (unsigned long)sa.sa_family);
173 name = tmp;
174 }
175 fprintf(stderr, "accepting connection from: %s\n", name);
176 }
177
178 /*
179 * We make the socket non-blocking, since we are going to use
180 * poll() to organise I/O.
181 */
182 fcntl(fd, F_SETFL, O_NONBLOCK);
183 return fd;
184 }
185
186 static void
187 usage_server(void)
188 {
189 fprintf(stderr,
190 "usage: brssl server [ options ]\n");
191 fprintf(stderr,
192 "options:\n");
193 fprintf(stderr,
194 " -q suppress verbose messages\n");
195 fprintf(stderr,
196 " -trace activate extra debug messages (dump of all packets)\n");
197 fprintf(stderr,
198 " -b name bind to a specific address or host name\n");
199 fprintf(stderr,
200 " -p port bind to a specific port (default: 4433)\n");
201 fprintf(stderr,
202 " -mono use monodirectional buffering\n");
203 fprintf(stderr,
204 " -buf length set the I/O buffer length (in bytes)\n");
205 fprintf(stderr,
206 " -cache length set the session cache storage length (in bytes)\n");
207 fprintf(stderr,
208 " -cert fname read certificate chain from file 'fname'\n");
209 fprintf(stderr,
210 " -key fname read private key from file 'fname'\n");
211 fprintf(stderr,
212 " -list list supported names (protocols, algorithms...)\n");
213 fprintf(stderr,
214 " -vmin name set minimum supported version (default: TLS-1.0)\n");
215 fprintf(stderr,
216 " -vmax name set maximum supported version (default: TLS-1.2)\n");
217 fprintf(stderr,
218 " -cs names set list of supported cipher suites (comma-separated)\n");
219 fprintf(stderr,
220 " -hf names add support for some hash functions (comma-separated)\n");
221 fprintf(stderr,
222 " -serverpref enforce server's preferences for cipher suites\n");
223 exit(EXIT_FAILURE);
224 }
225
226 typedef struct {
227 const br_ssl_server_policy_class *vtable;
228 int verbose;
229 br_x509_certificate *chain;
230 size_t chain_len;
231 int cert_signer_algo;
232 private_key *sk;
233 } policy_context;
234
235 static int
236 get_cert_signer_algo(br_x509_certificate *xc)
237 {
238 br_x509_decoder_context dc;
239 int err;
240
241 br_x509_decoder_init(&dc, 0, 0);
242 br_x509_decoder_push(&dc, xc->data, xc->data_len);
243 err = br_x509_decoder_last_error(&dc);
244 if (err != 0) {
245 return -err;
246 } else {
247 return br_x509_decoder_get_signer_key_type(&dc);
248 }
249 }
250
251 static int
252 sp_choose(const br_ssl_server_policy_class **pctx,
253 const br_ssl_server_context *cc,
254 br_ssl_server_choices *choices)
255 {
256 policy_context *pc;
257 const br_suite_translated *st;
258 size_t u, st_num;
259 unsigned chashes;
260 int hash_id;
261
262 pc = (policy_context *)pctx;
263 st = br_ssl_server_get_client_suites(cc, &st_num);
264 chashes = br_ssl_server_get_client_hashes(cc);
265 for (hash_id = 6; hash_id >= 2; hash_id --) {
266 if ((chashes >> hash_id) & 1) {
267 break;
268 }
269 }
270 if (pc->verbose) {
271 fprintf(stderr, "Client parameters:\n");
272 fprintf(stderr, " Maximum version: ");
273 switch (cc->client_max_version) {
274 case BR_SSL30:
275 fprintf(stderr, "SSL 3.0");
276 break;
277 case BR_TLS10:
278 fprintf(stderr, "TLS 1.0");
279 break;
280 case BR_TLS11:
281 fprintf(stderr, "TLS 1.1");
282 break;
283 case BR_TLS12:
284 fprintf(stderr, "TLS 1.2");
285 break;
286 default:
287 fprintf(stderr, "unknown (0x%04X)",
288 (unsigned)cc->client_max_version);
289 break;
290 }
291 fprintf(stderr, "\n");
292 fprintf(stderr, " Compatible cipher suites:\n");
293 for (u = 0; u < st_num; u ++) {
294 char csn[80];
295
296 get_suite_name_ext(st[u][0], csn, sizeof csn);
297 fprintf(stderr, " %s\n", csn);
298 }
299 fprintf(stderr, " Common hash functions:");
300 for (u = 2; u <= 6; u ++) {
301 if ((chashes >> u) & 1) {
302 int z;
303
304 switch (u) {
305 case 3: z = 224; break;
306 case 4: z = 256; break;
307 case 5: z = 384; break;
308 case 6: z = 512; break;
309 default:
310 z = 1;
311 break;
312 }
313 fprintf(stderr, " sha%d", z);
314 }
315 }
316 fprintf(stderr, "\n");
317 }
318 for (u = 0; u < st_num; u ++) {
319 unsigned tt;
320
321 tt = st[u][1];
322 switch (tt >> 12) {
323 case BR_SSLKEYX_RSA:
324 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
325 choices->cipher_suite = st[u][0];
326 goto choose_ok;
327 }
328 break;
329 case BR_SSLKEYX_ECDHE_RSA:
330 if (pc->sk->key_type == BR_KEYTYPE_RSA) {
331 choices->cipher_suite = st[u][0];
332 choices->hash_id = hash_id;
333 goto choose_ok;
334 }
335 break;
336 case BR_SSLKEYX_ECDHE_ECDSA:
337 if (pc->sk->key_type == BR_KEYTYPE_EC) {
338 choices->cipher_suite = st[u][0];
339 choices->hash_id = hash_id;
340 goto choose_ok;
341 }
342 break;
343 case BR_SSLKEYX_ECDH_RSA:
344 if (pc->sk->key_type == BR_KEYTYPE_EC
345 && pc->cert_signer_algo == BR_KEYTYPE_RSA)
346 {
347 choices->cipher_suite = st[u][0];
348 goto choose_ok;
349 }
350 break;
351 case BR_SSLKEYX_ECDH_ECDSA:
352 if (pc->sk->key_type == BR_KEYTYPE_EC
353 && pc->cert_signer_algo == BR_KEYTYPE_EC)
354 {
355 choices->cipher_suite = st[u][0];
356 goto choose_ok;
357 }
358 break;
359 }
360 }
361 return 0;
362
363 choose_ok:
364 choices->chain = pc->chain;
365 choices->chain_len = pc->chain_len;
366 if (pc->verbose) {
367 char csn[80];
368
369 get_suite_name_ext(choices->cipher_suite, csn, sizeof csn);
370 fprintf(stderr, "Using: %s\n", csn);
371 }
372 return 1;
373 }
374
375 static uint32_t
376 sp_do_keyx(const br_ssl_server_policy_class **pctx,
377 unsigned char *data, size_t len)
378 {
379 policy_context *pc;
380
381 pc = (policy_context *)pctx;
382 switch (pc->sk->key_type) {
383 case BR_KEYTYPE_RSA:
384 return br_rsa_ssl_decrypt(
385 &br_rsa_i31_private, &pc->sk->key.rsa,
386 data, len);
387 case BR_KEYTYPE_EC:
388 return br_ec_prime_i31.mul(data, len, pc->sk->key.ec.x,
389 pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
390 default:
391 fprintf(stderr, "ERROR: unknown private key type (%d)\n",
392 (int)pc->sk->key_type);
393 return 0;
394 }
395 }
396
397 /*
398 * OID for hash functions in RSA signatures.
399 */
400 static const unsigned char HASH_OID_SHA1[] = {
401 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
402 };
403
404 static const unsigned char HASH_OID_SHA224[] = {
405 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
406 };
407
408 static const unsigned char HASH_OID_SHA256[] = {
409 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
410 };
411
412 static const unsigned char HASH_OID_SHA384[] = {
413 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
414 };
415
416 static const unsigned char HASH_OID_SHA512[] = {
417 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
418 };
419
420 static const unsigned char *HASH_OID[] = {
421 HASH_OID_SHA1,
422 HASH_OID_SHA224,
423 HASH_OID_SHA256,
424 HASH_OID_SHA384,
425 HASH_OID_SHA512
426 };
427
428 static const br_hash_class *
429 get_hash_impl(int hash_id)
430 {
431 size_t u;
432
433 for (u = 0; hash_functions[u].name; u ++) {
434 const br_hash_class *hc;
435 int id;
436
437 hc = hash_functions[u].hclass;
438 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK;
439 if (id == hash_id) {
440 return hc;
441 }
442 }
443 return NULL;
444 }
445
446 static size_t
447 sp_do_sign(const br_ssl_server_policy_class **pctx,
448 int hash_id, size_t hv_len, unsigned char *data, size_t len)
449 {
450 policy_context *pc;
451 unsigned char hv[64];
452
453 pc = (policy_context *)pctx;
454 memcpy(hv, data, hv_len);
455 switch (pc->sk->key_type) {
456 size_t sig_len;
457 uint32_t x;
458 const unsigned char *hash_oid;
459 const br_hash_class *hc;
460
461 case BR_KEYTYPE_RSA:
462 if (hash_id == 0) {
463 hash_oid = NULL;
464 } else if (hash_id >= 2 && hash_id <= 6) {
465 hash_oid = HASH_OID[hash_id - 2];
466 } else {
467 if (pc->verbose) {
468 fprintf(stderr, "ERROR: cannot RSA-sign with"
469 " unknown hash function: %d\n",
470 hash_id);
471 }
472 return 0;
473 }
474 sig_len = (pc->sk->key.rsa.n_bitlen + 7) >> 3;
475 if (len < sig_len) {
476 if (pc->verbose) {
477 fprintf(stderr, "ERROR: cannot RSA-sign,"
478 " buffer is too small"
479 " (sig=%lu, buf=%lu)\n",
480 (unsigned long)sig_len,
481 (unsigned long)len);
482 }
483 return 0;
484 }
485 x = br_rsa_i31_pkcs1_sign(hash_oid, hv, hv_len,
486 &pc->sk->key.rsa, data);
487 if (!x) {
488 if (pc->verbose) {
489 fprintf(stderr, "ERROR: RSA-sign failure\n");
490 }
491 return 0;
492 }
493 return sig_len;
494
495 case BR_KEYTYPE_EC:
496 hc = get_hash_impl(hash_id);
497 if (hc == NULL) {
498 if (pc->verbose) {
499 fprintf(stderr, "ERROR: cannot RSA-sign with"
500 " unknown hash function: %d\n",
501 hash_id);
502 }
503 return 0;
504 }
505 if (len < 139) {
506 if (pc->verbose) {
507 fprintf(stderr, "ERROR: cannot ECDSA-sign"
508 " (output buffer = %lu)\n",
509 (unsigned long)len);
510 }
511 return 0;
512 }
513 sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31,
514 hc, hv, &pc->sk->key.ec, data);
515 if (sig_len == 0) {
516 if (pc->verbose) {
517 fprintf(stderr, "ERROR: ECDSA-sign failure\n");
518 }
519 return 0;
520 }
521 return sig_len;
522
523 default:
524 return 0;
525 }
526 }
527
528 static const br_ssl_server_policy_class policy_vtable = {
529 sizeof(policy_context),
530 sp_choose,
531 sp_do_keyx,
532 sp_do_sign
533 };
534
535 /* see brssl.h */
536 int
537 do_server(int argc, char *argv[])
538 {
539 int retcode;
540 int verbose;
541 int trace;
542 int i, bidi;
543 const char *bind_name;
544 const char *port;
545 unsigned vmin, vmax;
546 cipher_suite *suites;
547 size_t num_suites;
548 uint16_t *suite_ids;
549 unsigned hfuns;
550 br_x509_certificate *chain;
551 size_t chain_len;
552 int cert_signer_algo;
553 private_key *sk;
554 size_t u;
555 br_ssl_server_context cc;
556 policy_context pc;
557 br_ssl_session_cache_lru lru;
558 unsigned char *iobuf, *cache;
559 size_t iobuf_len, cache_len;
560 uint32_t flags;
561 int server_fd, fd;
562
563 retcode = 0;
564 verbose = 1;
565 trace = 0;
566 bind_name = NULL;
567 port = NULL;
568 bidi = 1;
569 vmin = 0;
570 vmax = 0;
571 suites = NULL;
572 num_suites = 0;
573 hfuns = 0;
574 suite_ids = NULL;
575 chain = NULL;
576 chain_len = 0;
577 sk = NULL;
578 iobuf = NULL;
579 iobuf_len = 0;
580 cache = NULL;
581 cache_len = (size_t)-1;
582 flags = 0;
583 server_fd = -1;
584 fd = -1;
585 for (i = 0; i < argc; i ++) {
586 const char *arg;
587
588 arg = argv[i];
589 if (arg[0] != '-') {
590 usage_server();
591 goto server_exit_error;
592 }
593 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
594 verbose = 1;
595 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
596 verbose = 0;
597 } else if (eqstr(arg, "-trace")) {
598 trace = 1;
599 } else if (eqstr(arg, "-b")) {
600 if (++ i >= argc) {
601 fprintf(stderr,
602 "ERROR: no argument for '-b'\n");
603 usage_server();
604 goto server_exit_error;
605 }
606 if (bind_name != NULL) {
607 fprintf(stderr, "ERROR: duplicate bind host\n");
608 usage_server();
609 goto server_exit_error;
610 }
611 bind_name = argv[i];
612 } else if (eqstr(arg, "-p")) {
613 if (++ i >= argc) {
614 fprintf(stderr,
615 "ERROR: no argument for '-p'\n");
616 usage_server();
617 goto server_exit_error;
618 }
619 if (port != NULL) {
620 fprintf(stderr, "ERROR: duplicate bind port\n");
621 usage_server();
622 goto server_exit_error;
623 }
624 port = argv[i];
625 } else if (eqstr(arg, "-mono")) {
626 bidi = 0;
627 } else if (eqstr(arg, "-buf")) {
628 if (++ i >= argc) {
629 fprintf(stderr,
630 "ERROR: no argument for '-buf'\n");
631 usage_server();
632 goto server_exit_error;
633 }
634 arg = argv[i];
635 if (iobuf_len != 0) {
636 fprintf(stderr,
637 "ERROR: duplicate I/O buffer length\n");
638 usage_server();
639 goto server_exit_error;
640 }
641 iobuf_len = strtoul(arg, 0, 10);
642 } else if (eqstr(arg, "-cache")) {
643 if (++ i >= argc) {
644 fprintf(stderr,
645 "ERROR: no argument for '-cache'\n");
646 usage_server();
647 goto server_exit_error;
648 }
649 arg = argv[i];
650 if (cache_len != (size_t)-1) {
651 fprintf(stderr, "ERROR: duplicate session"
652 " cache length\n");
653 usage_server();
654 goto server_exit_error;
655 }
656 cache_len = strtoul(arg, 0, 10);
657 } else if (eqstr(arg, "-cert")) {
658 if (++ i >= argc) {
659 fprintf(stderr,
660 "ERROR: no argument for '-cert'\n");
661 usage_server();
662 goto server_exit_error;
663 }
664 if (chain != NULL) {
665 fprintf(stderr,
666 "ERROR: duplicate certificate chain\n");
667 usage_server();
668 goto server_exit_error;
669 }
670 arg = argv[i];
671 chain = read_certificates(arg, &chain_len);
672 if (chain == NULL || chain_len == 0) {
673 goto server_exit_error;
674 }
675 } else if (eqstr(arg, "-key")) {
676 if (++ i >= argc) {
677 fprintf(stderr,
678 "ERROR: no argument for '-key'\n");
679 usage_server();
680 goto server_exit_error;
681 }
682 if (sk != NULL) {
683 fprintf(stderr,
684 "ERROR: duplicate private key\n");
685 usage_server();
686 goto server_exit_error;
687 }
688 arg = argv[i];
689 sk = read_private_key(arg);
690 if (sk == NULL) {
691 goto server_exit_error;
692 }
693 } else if (eqstr(arg, "-list")) {
694 list_names();
695 goto server_exit;
696 } else if (eqstr(arg, "-vmin")) {
697 if (++ i >= argc) {
698 fprintf(stderr,
699 "ERROR: no argument for '-vmin'\n");
700 usage_server();
701 goto server_exit_error;
702 }
703 arg = argv[i];
704 if (vmin != 0) {
705 fprintf(stderr,
706 "ERROR: duplicate minimum version\n");
707 usage_server();
708 goto server_exit_error;
709 }
710 vmin = parse_version(arg, strlen(arg));
711 if (vmin == 0) {
712 fprintf(stderr,
713 "ERROR: unrecognised version '%s'\n",
714 arg);
715 usage_server();
716 goto server_exit_error;
717 }
718 } else if (eqstr(arg, "-vmax")) {
719 if (++ i >= argc) {
720 fprintf(stderr,
721 "ERROR: no argument for '-vmax'\n");
722 usage_server();
723 goto server_exit_error;
724 }
725 arg = argv[i];
726 if (vmax != 0) {
727 fprintf(stderr,
728 "ERROR: duplicate maximum version\n");
729 usage_server();
730 goto server_exit_error;
731 }
732 vmax = parse_version(arg, strlen(arg));
733 if (vmax == 0) {
734 fprintf(stderr,
735 "ERROR: unrecognised version '%s'\n",
736 arg);
737 usage_server();
738 goto server_exit_error;
739 }
740 } else if (eqstr(arg, "-cs")) {
741 if (++ i >= argc) {
742 fprintf(stderr,
743 "ERROR: no argument for '-cs'\n");
744 usage_server();
745 goto server_exit_error;
746 }
747 arg = argv[i];
748 if (suites != NULL) {
749 fprintf(stderr, "ERROR: duplicate list"
750 " of cipher suites\n");
751 usage_server();
752 goto server_exit_error;
753 }
754 suites = parse_suites(arg, &num_suites);
755 if (suites == NULL) {
756 usage_server();
757 goto server_exit_error;
758 }
759 } else if (eqstr(arg, "-hf")) {
760 unsigned x;
761
762 if (++ i >= argc) {
763 fprintf(stderr,
764 "ERROR: no argument for '-hf'\n");
765 usage_server();
766 goto server_exit_error;
767 }
768 arg = argv[i];
769 x = parse_hash_functions(arg);
770 if (x == 0) {
771 usage_server();
772 goto server_exit_error;
773 }
774 hfuns |= x;
775 } else if (eqstr(arg, "-serverpref")) {
776 flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
777 } else {
778 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
779 usage_server();
780 goto server_exit_error;
781 }
782 }
783 if (port == NULL) {
784 port = "4433";
785 }
786 if (vmin == 0) {
787 vmin = BR_TLS10;
788 }
789 if (vmax == 0) {
790 vmax = BR_TLS12;
791 }
792 if (vmax < vmin) {
793 fprintf(stderr, "ERROR: impossible minimum/maximum protocol"
794 " version combination\n");
795 usage_server();
796 goto server_exit_error;
797 }
798 if (suites == NULL) {
799 num_suites = 0;
800
801 for (u = 0; cipher_suites[u].name; u ++) {
802 if ((cipher_suites[u].req & REQ_TLS12) == 0
803 || vmax >= BR_TLS12)
804 {
805 num_suites ++;
806 }
807 }
808 suites = xmalloc(num_suites * sizeof *suites);
809 num_suites = 0;
810 for (u = 0; cipher_suites[u].name; u ++) {
811 if ((cipher_suites[u].req & REQ_TLS12) == 0
812 || vmax >= BR_TLS12)
813 {
814 suites[num_suites ++] = cipher_suites[u];
815 }
816 }
817 }
818 if (hfuns == 0) {
819 hfuns = (unsigned)-1;
820 }
821 if (chain == NULL || chain_len == 0) {
822 fprintf(stderr, "ERROR: no certificate chain provided\n");
823 goto server_exit_error;
824 }
825 if (sk == NULL) {
826 fprintf(stderr, "ERROR: no private key provided\n");
827 goto server_exit_error;
828 }
829 switch (sk->key_type) {
830 int curve;
831 uint32_t supp;
832
833 case BR_KEYTYPE_RSA:
834 break;
835 case BR_KEYTYPE_EC:
836 curve = sk->key.ec.curve;
837 supp = br_ec_prime_i31.supported_curves;
838 if (curve > 31 || !((supp >> curve) & 1)) {
839 fprintf(stderr, "ERROR: private key curve (%d)"
840 " is not supported\n", curve);
841 goto server_exit_error;
842 }
843 break;
844 default:
845 fprintf(stderr, "ERROR: unsupported private key type (%d)\n",
846 sk->key_type);
847 break;
848 }
849 cert_signer_algo = get_cert_signer_algo(chain);
850 if (cert_signer_algo < 0) {
851 fprintf(stderr, "ERROR: server certificate cannot be"
852 " decoded (err=%d)\n", -cert_signer_algo);
853 goto server_exit_error;
854 } else if (verbose) {
855 const char *csas;
856
857 switch (cert_signer_algo) {
858 case BR_KEYTYPE_RSA: csas = "RSA"; break;
859 case BR_KEYTYPE_EC: csas = "EC"; break;
860 default:
861 csas = "unknown";
862 break;
863 }
864 fprintf(stderr, "Issuing CA key type: %d (%s)\n",
865 cert_signer_algo, csas);
866 }
867 if (iobuf_len == 0) {
868 if (bidi) {
869 iobuf_len = BR_SSL_BUFSIZE_BIDI;
870 } else {
871 iobuf_len = BR_SSL_BUFSIZE_MONO;
872 }
873 }
874 iobuf = xmalloc(iobuf_len);
875 if (cache_len == (size_t)-1) {
876 cache_len = 5000;
877 }
878 cache = xmalloc(cache_len);
879
880 /*
881 * Compute implementation requirements and inject implementations.
882 */
883 suite_ids = xmalloc(num_suites * sizeof *suite_ids);
884 br_ssl_server_zero(&cc);
885 br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
886 br_ssl_server_set_all_flags(&cc, flags);
887 if (vmin <= BR_TLS11) {
888 if (!(hfuns & (1 << br_md5_ID))) {
889 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n");
890 goto server_exit_error;
891 }
892 if (!(hfuns & (1 << br_sha1_ID))) {
893 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need SHA-1\n");
894 goto server_exit_error;
895 }
896 }
897 for (u = 0; u < num_suites; u ++) {
898 unsigned req;
899
900 req = suites[u].req;
901 suite_ids[u] = suites[u].suite;
902 if ((req & REQ_TLS12) != 0 && vmax < BR_TLS12) {
903 fprintf(stderr,
904 "ERROR: cipher suite %s requires TLS 1.2\n",
905 suites[u].name);
906 goto server_exit_error;
907 }
908 if ((req & REQ_SHA1) != 0 && !(hfuns & (1 << br_sha1_ID))) {
909 fprintf(stderr,
910 "ERROR: cipher suite %s requires SHA-1\n",
911 suites[u].name);
912 goto server_exit_error;
913 }
914 if ((req & REQ_SHA256) != 0 && !(hfuns & (1 << br_sha256_ID))) {
915 fprintf(stderr,
916 "ERROR: cipher suite %s requires SHA-256\n",
917 suites[u].name);
918 goto server_exit_error;
919 }
920 if ((req & REQ_SHA384) != 0 && !(hfuns & (1 << br_sha384_ID))) {
921 fprintf(stderr,
922 "ERROR: cipher suite %s requires SHA-384\n",
923 suites[u].name);
924 goto server_exit_error;
925 }
926 /* TODO: algorithm implementation selection */
927 if ((req & REQ_AESCBC) != 0) {
928 br_ssl_engine_set_aes_cbc(&cc.eng,
929 &br_aes_ct_cbcenc_vtable,
930 &br_aes_ct_cbcdec_vtable);
931 br_ssl_engine_set_cbc(&cc.eng,
932 &br_sslrec_in_cbc_vtable,
933 &br_sslrec_out_cbc_vtable);
934 }
935 if ((req & REQ_AESGCM) != 0) {
936 br_ssl_engine_set_aes_ctr(&cc.eng,
937 &br_aes_ct_ctr_vtable);
938 br_ssl_engine_set_ghash(&cc.eng,
939 &br_ghash_ctmul);
940 br_ssl_engine_set_gcm(&cc.eng,
941 &br_sslrec_in_gcm_vtable,
942 &br_sslrec_out_gcm_vtable);
943 }
944 if ((req & REQ_3DESCBC) != 0) {
945 br_ssl_engine_set_des_cbc(&cc.eng,
946 &br_des_ct_cbcenc_vtable,
947 &br_des_ct_cbcdec_vtable);
948 br_ssl_engine_set_cbc(&cc.eng,
949 &br_sslrec_in_cbc_vtable,
950 &br_sslrec_out_cbc_vtable);
951 }
952 if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
953 br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
954 }
955 }
956 br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
957
958 for (u = 0; hash_functions[u].name; u ++) {
959 const br_hash_class *hc;
960 int id;
961
962 hc = hash_functions[u].hclass;
963 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK;
964 if ((hfuns & ((unsigned)1 << id)) != 0) {
965 br_ssl_engine_set_hash(&cc.eng, id, hc);
966 }
967 }
968 if (vmin <= BR_TLS11) {
969 br_ssl_engine_set_prf10(&cc.eng, &br_tls10_prf);
970 }
971 if (vmax >= BR_TLS12) {
972 if ((hfuns & ((unsigned)1 << br_sha256_ID)) != 0) {
973 br_ssl_engine_set_prf_sha256(&cc.eng,
974 &br_tls12_sha256_prf);
975 }
976 if ((hfuns & ((unsigned)1 << br_sha384_ID)) != 0) {
977 br_ssl_engine_set_prf_sha384(&cc.eng,
978 &br_tls12_sha384_prf);
979 }
980 }
981
982 br_ssl_session_cache_lru_init(&lru, cache, cache_len);
983 br_ssl_server_set_cache(&cc, &lru.vtable);
984
985 pc.vtable = &policy_vtable;
986 pc.verbose = verbose;
987 pc.chain = chain;
988 pc.chain_len = chain_len;
989 pc.cert_signer_algo = cert_signer_algo;
990 pc.sk = sk;
991 br_ssl_server_set_policy(&cc, &pc.vtable);
992
993 br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
994
995 /*
996 * Open the server socket.
997 */
998 server_fd = host_bind(bind_name, port, verbose);
999 if (server_fd < 0) {
1000 goto server_exit_error;
1001 }
1002
1003 /*
1004 * Process incoming clients, one at a time. Note that we do not
1005 * accept any client until the previous connection has finished:
1006 * this is voluntary, since the tool uses stdin/stdout for
1007 * application data, and thus cannot really run two connections
1008 * simultaneously.
1009 */
1010 for (;;) {
1011 int x;
1012
1013 fd = accept_client(server_fd, verbose);
1014 if (fd < 0) {
1015 goto server_exit_error;
1016 }
1017 br_ssl_server_reset(&cc);
1018 x = run_ssl_engine(&cc.eng, fd,
1019 (verbose ? RUN_ENGINE_VERBOSE : 0)
1020 | (trace ? RUN_ENGINE_TRACE : 0));
1021 close(fd);
1022 fd = -1;
1023 if (x < -1) {
1024 goto server_exit_error;
1025 }
1026 }
1027
1028 /*
1029 * Release allocated structures.
1030 */
1031 server_exit:
1032 xfree(suites);
1033 xfree(suite_ids);
1034 if (chain != NULL) {
1035 for (u = 0; u < chain_len; u ++) {
1036 xfree(chain[u].data);
1037 }
1038 xfree(chain);
1039 }
1040 if (sk != NULL) {
1041 free_private_key(sk);
1042 }
1043 xfree(iobuf);
1044 xfree(cache);
1045 if (fd >= 0) {
1046 close(fd);
1047 }
1048 return retcode;
1049
1050 server_exit_error:
1051 retcode = -1;
1052 goto server_exit;
1053 }
The BearSSL library and tools.