#include <string.h>
#include <stdint.h>
#include <errno.h>
+#include <signal.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <unistd.h>
#include <fcntl.h>
+#define SOCKET int
+#define INVALID_SOCKET (-1)
+#endif
+
#include "brssl.h"
-#include "bearssl.h"
static int
host_connect(const char *host, const char *port, int verbose)
{
struct addrinfo hints, *si, *p;
- int fd;
+ SOCKET fd;
int err;
memset(&hints, 0, sizeof hints);
if (err != 0) {
fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
gai_strerror(err));
- return -1;
+ return INVALID_SOCKET;
}
- fd = -1;
+ fd = INVALID_SOCKET;
for (p = si; p != NULL; p = p->ai_next) {
if (verbose) {
struct sockaddr *sa;
sa = (struct sockaddr *)p->ai_addr;
if (sa->sa_family == AF_INET) {
- addr = &((struct sockaddr_in *)sa)->sin_addr;
+ addr = &((struct sockaddr_in *)
+ (void *)sa)->sin_addr;
} else if (sa->sa_family == AF_INET6) {
- addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+ addr = &((struct sockaddr_in6 *)
+ (void *)sa)->sin6_addr;
} else {
addr = NULL;
}
fprintf(stderr, "connecting to: %s\n", tmp);
}
fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
- if (fd < 0) {
+ if (fd == INVALID_SOCKET) {
if (verbose) {
perror("socket()");
}
continue;
}
- if (connect(fd, p->ai_addr, p->ai_addrlen) < 0) {
+ if (connect(fd, p->ai_addr, p->ai_addrlen) == INVALID_SOCKET) {
if (verbose) {
perror("connect()");
}
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
+#endif
continue;
}
break;
if (p == NULL) {
freeaddrinfo(si);
fprintf(stderr, "ERROR: failed to connect\n");
- return -1;
+ return INVALID_SOCKET;
}
freeaddrinfo(si);
if (verbose) {
/*
* We make the socket non-blocking, since we are going to use
- * poll() to organise I/O.
+ * poll() or select() to organise I/O.
*/
+#ifdef _WIN32
+ {
+ u_long arg;
+
+ arg = 1;
+ ioctlsocket(fd, FIONBIO, &arg);
+ }
+#else
fcntl(fd, F_SETFL, O_NONBLOCK);
+#endif
return fd;
}
+typedef struct {
+ const br_ssl_client_certificate_class *vtable;
+ int verbose;
+ br_x509_certificate *chain;
+ size_t chain_len;
+ private_key *sk;
+ int issuer_key_type;
+} ccert_context;
+
+static void
+cc_start_name_list(const br_ssl_client_certificate_class **pctx)
+{
+ ccert_context *zc;
+
+ zc = (ccert_context *)pctx;
+ if (zc->verbose) {
+ fprintf(stderr, "Server requests a client certificate.\n");
+ fprintf(stderr, "--- anchor DN list start ---\n");
+ }
+}
+
+static void
+cc_start_name(const br_ssl_client_certificate_class **pctx, size_t len)
+{
+ ccert_context *zc;
+
+ zc = (ccert_context *)pctx;
+ if (zc->verbose) {
+ fprintf(stderr, "new anchor name, length = %u\n",
+ (unsigned)len);
+ }
+}
+
+static void
+cc_append_name(const br_ssl_client_certificate_class **pctx,
+ const unsigned char *data, size_t len)
+{
+ ccert_context *zc;
+
+ zc = (ccert_context *)pctx;
+ if (zc->verbose) {
+ size_t u;
+
+ for (u = 0; u < len; u ++) {
+ if (u == 0) {
+ fprintf(stderr, " ");
+ } else if (u > 0 && u % 16 == 0) {
+ fprintf(stderr, "\n ");
+ }
+ fprintf(stderr, " %02x", data[u]);
+ }
+ if (len > 0) {
+ fprintf(stderr, "\n");
+ }
+ }
+}
+
+static void
+cc_end_name(const br_ssl_client_certificate_class **pctx)
+{
+ (void)pctx;
+}
+
+static void
+cc_end_name_list(const br_ssl_client_certificate_class **pctx)
+{
+ ccert_context *zc;
+
+ zc = (ccert_context *)pctx;
+ if (zc->verbose) {
+ fprintf(stderr, "--- anchor DN list end ---\n");
+ }
+}
+
+static void
+print_hashes(unsigned hh, unsigned hh2)
+{
+ int i;
+
+ for (i = 0; i < 8; i ++) {
+ const char *name;
+
+ name = hash_function_name(i);
+ if (((hh >> i) & 1) != 0) {
+ fprintf(stderr, " %s", name);
+ } else if (((hh2 >> i) & 1) != 0) {
+ fprintf(stderr, " (%s)", name);
+ }
+ }
+}
+
+static int
+choose_hash(unsigned hh)
+{
+ static const int f[] = {
+ br_sha256_ID, br_sha224_ID, br_sha384_ID, br_sha512_ID,
+ br_sha1_ID, br_md5sha1_ID, -1
+ };
+
+ size_t u;
+
+ for (u = 0; f[u] >= 0; u ++) {
+ if (((hh >> f[u]) & 1) != 0) {
+ return f[u];
+ }
+ }
+ return -1;
+}
+
+static void
+cc_choose(const br_ssl_client_certificate_class **pctx,
+ const br_ssl_client_context *cc, uint32_t auth_types,
+ br_ssl_client_certificate *choices)
+{
+ ccert_context *zc;
+ int scurve;
+
+ zc = (ccert_context *)pctx;
+ scurve = br_ssl_client_get_server_curve(cc);
+ if (zc->verbose) {
+ unsigned hashes;
+
+ hashes = br_ssl_client_get_server_hashes(cc);
+ if ((auth_types & 0x00FF) != 0) {
+ fprintf(stderr, "supported: RSA signatures:");
+ print_hashes(auth_types, hashes);
+ fprintf(stderr, "\n");
+ }
+ if ((auth_types & 0xFF00) != 0) {
+ fprintf(stderr, "supported: ECDSA signatures:");
+ print_hashes(auth_types >> 8, hashes >> 8);
+ fprintf(stderr, "\n");
+ }
+ if ((auth_types & 0x010000) != 0) {
+ fprintf(stderr, "supported:"
+ " fixed ECDH (cert signed with RSA)\n");
+ }
+ if ((auth_types & 0x020000) != 0) {
+ fprintf(stderr, "supported:"
+ " fixed ECDH (cert signed with ECDSA)\n");
+ }
+ if (scurve) {
+ fprintf(stderr, "server key curve: %s (%d)\n",
+ ec_curve_name(scurve), scurve);
+ } else {
+ fprintf(stderr, "server key is not EC\n");
+ }
+ }
+ switch (zc->sk->key_type) {
+ case BR_KEYTYPE_RSA:
+ if ((choices->hash_id = choose_hash(auth_types)) >= 0) {
+ if (zc->verbose) {
+ fprintf(stderr, "using RSA, hash = %d (%s)\n",
+ choices->hash_id,
+ hash_function_name(choices->hash_id));
+ }
+ choices->auth_type = BR_AUTH_RSA;
+ choices->chain = zc->chain;
+ choices->chain_len = zc->chain_len;
+ return;
+ }
+ break;
+ case BR_KEYTYPE_EC:
+ if (zc->issuer_key_type != 0
+ && scurve == zc->sk->key.ec.curve)
+ {
+ int x;
+
+ x = (zc->issuer_key_type == BR_KEYTYPE_RSA) ? 16 : 17;
+ if (((auth_types >> x) & 1) != 0) {
+ if (zc->verbose) {
+ fprintf(stderr, "using static ECDH\n");
+ }
+ choices->auth_type = BR_AUTH_ECDH;
+ choices->hash_id = -1;
+ choices->chain = zc->chain;
+ choices->chain_len = zc->chain_len;
+ return;
+ }
+ }
+ if ((choices->hash_id = choose_hash(auth_types >> 8)) >= 0) {
+ if (zc->verbose) {
+ fprintf(stderr, "using ECDSA, hash = %d (%s)\n",
+ choices->hash_id,
+ hash_function_name(choices->hash_id));
+ }
+ choices->auth_type = BR_AUTH_ECDSA;
+ choices->chain = zc->chain;
+ choices->chain_len = zc->chain_len;
+ return;
+ }
+ break;
+ }
+ if (zc->verbose) {
+ fprintf(stderr, "no matching client certificate\n");
+ }
+ choices->chain = NULL;
+ choices->chain_len = 0;
+}
+
+static uint32_t
+cc_do_keyx(const br_ssl_client_certificate_class **pctx,
+ unsigned char *data, size_t *len)
+{
+ const br_ec_impl *iec;
+ ccert_context *zc;
+ size_t xoff, xlen;
+ uint32_t r;
+
+ zc = (ccert_context *)pctx;
+ iec = br_ec_get_default();
+ r = iec->mul(data, *len, zc->sk->key.ec.x,
+ zc->sk->key.ec.xlen, zc->sk->key.ec.curve);
+ xoff = iec->xoff(zc->sk->key.ec.curve, &xlen);
+ memmove(data, data + xoff, xlen);
+ *len = xlen;
+ return r;
+}
+
+static size_t
+cc_do_sign(const br_ssl_client_certificate_class **pctx,
+ int hash_id, size_t hv_len, unsigned char *data, size_t len)
+{
+ ccert_context *zc;
+ unsigned char hv[64];
+
+ zc = (ccert_context *)pctx;
+ memcpy(hv, data, hv_len);
+ switch (zc->sk->key_type) {
+ const br_hash_class *hc;
+ const unsigned char *hash_oid;
+ uint32_t x;
+ size_t sig_len;
+
+ case BR_KEYTYPE_RSA:
+ hash_oid = get_hash_oid(hash_id);
+ if (hash_oid == NULL && hash_id != 0) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: cannot RSA-sign with"
+ " unknown hash function: %d\n",
+ hash_id);
+ }
+ return 0;
+ }
+ sig_len = (zc->sk->key.rsa.n_bitlen + 7) >> 3;
+ if (len < sig_len) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: cannot RSA-sign,"
+ " buffer is too small"
+ " (sig=%lu, buf=%lu)\n",
+ (unsigned long)sig_len,
+ (unsigned long)len);
+ }
+ return 0;
+ }
+ x = br_rsa_pkcs1_sign_get_default()(
+ hash_oid, hv, hv_len, &zc->sk->key.rsa, data);
+ if (!x) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: RSA-sign failure\n");
+ }
+ return 0;
+ }
+ return sig_len;
+
+ case BR_KEYTYPE_EC:
+ hc = get_hash_impl(hash_id);
+ if (hc == NULL) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: cannot ECDSA-sign with"
+ " unknown hash function: %d\n",
+ hash_id);
+ }
+ return 0;
+ }
+ if (len < 139) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: cannot ECDSA-sign"
+ " (output buffer = %lu)\n",
+ (unsigned long)len);
+ }
+ return 0;
+ }
+ sig_len = br_ecdsa_sign_asn1_get_default()(
+ br_ec_get_default(), hc, hv, &zc->sk->key.ec, data);
+ if (sig_len == 0) {
+ if (zc->verbose) {
+ fprintf(stderr, "ERROR: ECDSA-sign failure\n");
+ }
+ return 0;
+ }
+ return sig_len;
+
+ default:
+ return 0;
+ }
+}
+
+static const br_ssl_client_certificate_class ccert_vtable = {
+ sizeof(ccert_context),
+ cc_start_name_list,
+ cc_start_name,
+ cc_append_name,
+ cc_end_name,
+ cc_end_name_list,
+ cc_choose,
+ cc_do_keyx,
+ cc_do_sign
+};
+
+static void
+free_alpn(void *alpn)
+{
+ xfree(*(char **)alpn);
+}
+
static void
usage_client(void)
{
fprintf(stderr,
" -CA file add certificates in 'file' to trust anchors\n");
fprintf(stderr,
+" -cert file set client certificate chain\n");
+ fprintf(stderr,
+" -key file set client private key (for certificate authentication)\n");
+ fprintf(stderr,
+" -nostaticecdh prohibit full-static ECDH (client certificate)\n");
+ fprintf(stderr,
" -list list supported names (protocols, algorithms...)\n");
fprintf(stderr,
" -vmin name set minimum supported version (default: TLS-1.0)\n");
" -hf names add support for some hash functions (comma-separated)\n");
fprintf(stderr,
" -minhello len set minimum ClientHello length (in bytes)\n");
+ fprintf(stderr,
+" -fallback send the TLS_FALLBACK_SCSV (i.e. claim a downgrade)\n");
+ fprintf(stderr,
+" -noreneg prohibit renegotiations\n");
+ fprintf(stderr,
+" -alpn name add protocol name to list of protocols (ALPN extension)\n");
+ fprintf(stderr,
+" -strictalpn fail on ALPN mismatch\n");
}
/* see brssl.h */
const char *sni;
anchor_list anchors = VEC_INIT;
unsigned vmin, vmax;
+ VECTOR(char *) alpn_names = VEC_INIT;
cipher_suite *suites;
size_t num_suites;
uint16_t *suite_ids;
br_x509_minimal_context xc;
x509_noanchor_context xwc;
const br_hash_class *dnhash;
+ ccert_context zc;
+ br_x509_certificate *chain;
+ size_t chain_len;
+ private_key *sk;
+ int nostaticecdh;
unsigned char *iobuf;
size_t iobuf_len;
size_t minhello_len;
- int fd;
+ int fallback;
+ uint32_t flags;
+ SOCKET fd;
retcode = 0;
verbose = 1;
num_suites = 0;
hfuns = 0;
suite_ids = NULL;
+ chain = NULL;
+ chain_len = 0;
+ sk = NULL;
+ nostaticecdh = 0;
iobuf = NULL;
iobuf_len = 0;
minhello_len = (size_t)-1;
- fd = -1;
+ fallback = 0;
+ flags = 0;
+ fd = INVALID_SOCKET;
for (i = 0; i < argc; i ++) {
const char *arg;
usage_client();
goto client_exit_error;
}
+ } else if (eqstr(arg, "-cert")) {
+ if (++ i >= argc) {
+ fprintf(stderr,
+ "ERROR: no argument for '-cert'\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ if (chain != NULL) {
+ fprintf(stderr,
+ "ERROR: duplicate certificate chain\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ arg = argv[i];
+ chain = read_certificates(arg, &chain_len);
+ if (chain == NULL || chain_len == 0) {
+ goto client_exit_error;
+ }
+ } else if (eqstr(arg, "-key")) {
+ if (++ i >= argc) {
+ fprintf(stderr,
+ "ERROR: no argument for '-key'\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ if (sk != NULL) {
+ fprintf(stderr,
+ "ERROR: duplicate private key\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ arg = argv[i];
+ sk = read_private_key(arg);
+ if (sk == NULL) {
+ goto client_exit_error;
+ }
+ } else if (eqstr(arg, "-nostaticecdh")) {
+ nostaticecdh = 1;
} else if (eqstr(arg, "-list")) {
list_names();
goto client_exit;
}
arg = argv[i];
if (minhello_len != (size_t)-1) {
- fprintf(stderr, "ERROR: duplicate minium"
+ fprintf(stderr, "ERROR: duplicate minimum"
" ClientHello length\n");
usage_client();
goto client_exit_error;
usage_client();
goto client_exit_error;
}
+ } else if (eqstr(arg, "-fallback")) {
+ fallback = 1;
+ } else if (eqstr(arg, "-noreneg")) {
+ flags |= BR_OPT_NO_RENEGOTIATION;
+ } else if (eqstr(arg, "-alpn")) {
+ if (++ i >= argc) {
+ fprintf(stderr,
+ "ERROR: no argument for '-alpn'\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ VEC_ADD(alpn_names, xstrdup(argv[i]));
+ } else if (eqstr(arg, "-strictalpn")) {
+ flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH;
} else {
fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
usage_client();
}
if (u == 0) {
host = xstrdup(server_name);
- port = "443";
+ port = xstrdup("443");
} else {
port = xstrdup(server_name + u);
host = xmalloc(u);
sni = host;
}
+ if (chain == NULL && sk != NULL) {
+ fprintf(stderr, "ERROR: private key specified, but"
+ " no certificate chain\n");
+ usage_client();
+ goto client_exit_error;
+ }
+ if (chain != NULL && sk == NULL) {
+ fprintf(stderr, "ERROR: certificate chain specified, but"
+ " no private key\n");
+ usage_client();
+ goto client_exit_error;
+ }
+
if (vmin == 0) {
vmin = BR_TLS10;
}
/*
* Compute implementation requirements and inject implementations.
*/
- suite_ids = xmalloc(num_suites * sizeof *suite_ids);
+ suite_ids = xmalloc((num_suites + 1) * sizeof *suite_ids);
br_ssl_client_zero(&cc);
br_ssl_engine_set_versions(&cc.eng, vmin, vmax);
dnhash = NULL;
}
/* TODO: algorithm implementation selection */
if ((req & REQ_AESCBC) != 0) {
- br_ssl_engine_set_aes_cbc(&cc.eng,
- &br_aes_ct_cbcenc_vtable,
- &br_aes_ct_cbcdec_vtable);
- br_ssl_engine_set_cbc(&cc.eng,
- &br_sslrec_in_cbc_vtable,
- &br_sslrec_out_cbc_vtable);
+ br_ssl_engine_set_default_aes_cbc(&cc.eng);
}
if ((req & REQ_AESGCM) != 0) {
- br_ssl_engine_set_aes_ctr(&cc.eng,
- &br_aes_ct_ctr_vtable);
- br_ssl_engine_set_ghash(&cc.eng,
- &br_ghash_ctmul);
- br_ssl_engine_set_gcm(&cc.eng,
- &br_sslrec_in_gcm_vtable,
- &br_sslrec_out_gcm_vtable);
+ br_ssl_engine_set_default_aes_gcm(&cc.eng);
+ }
+ if ((req & REQ_CHAPOL) != 0) {
+ br_ssl_engine_set_default_chapol(&cc.eng);
}
if ((req & REQ_3DESCBC) != 0) {
- br_ssl_engine_set_des_cbc(&cc.eng,
- &br_des_ct_cbcenc_vtable,
- &br_des_ct_cbcdec_vtable);
- br_ssl_engine_set_cbc(&cc.eng,
- &br_sslrec_in_cbc_vtable,
- &br_sslrec_out_cbc_vtable);
+ br_ssl_engine_set_default_des_cbc(&cc.eng);
}
if ((req & REQ_RSAKEYX) != 0) {
- br_ssl_client_set_rsapub(&cc, &br_rsa_i31_public);
+ br_ssl_client_set_default_rsapub(&cc);
}
if ((req & REQ_ECDHE_RSA) != 0) {
- br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
- br_ssl_client_set_rsavrfy(&cc, &br_rsa_i31_pkcs1_vrfy);
+ br_ssl_engine_set_default_ec(&cc.eng);
+ br_ssl_engine_set_default_rsavrfy(&cc.eng);
}
if ((req & REQ_ECDHE_ECDSA) != 0) {
- br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
- br_ssl_client_set_ecdsa(&cc, &br_ecdsa_i31_vrfy_asn1);
+ br_ssl_engine_set_default_ecdsa(&cc.eng);
}
if ((req & REQ_ECDH) != 0) {
- br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+ br_ssl_engine_set_default_ec(&cc.eng);
}
}
+ if (fallback) {
+ suite_ids[num_suites ++] = 0x5600;
+ }
br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
for (u = 0; hash_functions[u].name; u ++) {
&br_tls12_sha384_prf);
}
}
- br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
+ br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default());
br_x509_minimal_set_ecdsa(&xc,
- &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
+ br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default());
/*
* If there is no provided trust anchor, then certificate validation
if (minhello_len != (size_t)-1) {
br_ssl_client_set_min_clienthello_len(&cc, minhello_len);
}
+ br_ssl_engine_set_all_flags(&cc.eng, flags);
+ if (VEC_LEN(alpn_names) != 0) {
+ br_ssl_engine_set_protocol_names(&cc.eng,
+ (const char **)&VEC_ELT(alpn_names, 0),
+ VEC_LEN(alpn_names));
+ }
+
+ if (chain != NULL) {
+ zc.vtable = &ccert_vtable;
+ zc.verbose = verbose;
+ zc.chain = chain;
+ zc.chain_len = chain_len;
+ zc.sk = sk;
+ if (nostaticecdh || sk->key_type != BR_KEYTYPE_EC) {
+ zc.issuer_key_type = 0;
+ } else {
+ zc.issuer_key_type = get_cert_signer_algo(&chain[0]);
+ if (zc.issuer_key_type == 0) {
+ goto client_exit_error;
+ }
+ }
+ br_ssl_client_set_client_certificate(&cc, &zc.vtable);
+ }
br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
br_ssl_client_reset(&cc, sni, 0);
+ /*
+ * On Unix systems, we need to avoid SIGPIPE.
+ */
+#ifndef _WIN32
+ signal(SIGPIPE, SIG_IGN);
+#endif
+
/*
* Connect to the peer.
*/
fd = host_connect(host, port, verbose);
- if (fd < 0) {
+ if (fd == INVALID_SOCKET) {
goto client_exit_error;
}
*/
client_exit:
xfree(host);
+ xfree(port);
xfree(suites);
xfree(suite_ids);
VEC_CLEAREXT(anchors, &free_ta_contents);
+ VEC_CLEAREXT(alpn_names, &free_alpn);
+ free_certificates(chain, chain_len);
+ free_private_key(sk);
xfree(iobuf);
- if (fd >= 0) {
+ if (fd != INVALID_SOCKET) {
+#ifdef _WIN32
+ closesocket(fd);
+#else
close(fd);
+#endif
}
return retcode;