projects / BearSSL / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Activated Curve25519 support for ECDHE cipher suites.
[BearSSL] / tools / server.c
diff --git a/tools/server.c b/tools/server.c
index 5e9315d..a62302f 100644 (file)
--- a/tools/server.c
+++ b/tools/server.c
@@ -228,7 +228,15 @@ usage_server(void)
        fprintf(stderr,
 "   -hf names       add support for some hash functions (comma-separated)\n");
        fprintf(stderr,
+"   -cbhash         test hashing in policy callback\n");
+       fprintf(stderr,
 "   -serverpref     enforce server's preferences for cipher suites\n");
+       fprintf(stderr,
+"   -noreneg        prohibit renegotiations\n");
+       fprintf(stderr,
+"   -alpn name      add protocol name to list of protocols (ALPN extension)\n");
+       fprintf(stderr,
+"   -strictalpn     fail on ALPN mismatch\n");
        exit(EXIT_FAILURE);
 }
 
@@ -239,6 +247,7 @@ typedef struct {
        size_t chain_len;
        int cert_signer_algo;
        private_key *sk;
+       int cbhash;
 } policy_context;
 
 static void
@@ -264,10 +273,10 @@ print_hashes(unsigned chashes)
        }
 }
 
-static int
+static unsigned
 choose_hash(unsigned chashes)
 {
-       int hash_id;
+       unsigned hash_id;
 
        for (hash_id = 6; hash_id >= 2; hash_id --) {
                if (((chashes >> hash_id) & 1) != 0) {
@@ -351,9 +360,21 @@ sp_choose(const br_ssl_server_policy_class **pctx,
                                if (br_ssl_engine_get_version(&cc->eng)
                                        < BR_TLS12)
                                {
-                                       choices->hash_id = 0;
+                                       if (pc->cbhash) {
+                                               choices->algo_id = 0x0001;
+                                       } else {
+                                               choices->algo_id = 0xFF00;
+                                       }
                                } else {
-                                       choices->hash_id = choose_hash(chashes);
+                                       unsigned id;
+
+                                       id = choose_hash(chashes);
+                                       if (pc->cbhash) {
+                                               choices->algo_id =
+                                                       (id << 8) + 0x01;
+                                       } else {
+                                               choices->algo_id = 0xFF00 + id;
+                                       }
                                }
                                goto choose_ok;
                        }
@@ -364,10 +385,23 @@ sp_choose(const br_ssl_server_policy_class **pctx,
                                if (br_ssl_engine_get_version(&cc->eng)
                                        < BR_TLS12)
                                {
-                                       choices->hash_id = br_sha1_ID;
+                                       if (pc->cbhash) {
+                                               choices->algo_id = 0x0203;
+                                       } else {
+                                               choices->algo_id =
+                                                       0xFF00 + br_sha1_ID;
+                                       }
                                } else {
-                                       choices->hash_id =
-                                               choose_hash(chashes >> 8);
+                                       unsigned id;
+
+                                       id = choose_hash(chashes >> 8);
+                                       if (pc->cbhash) {
+                                               choices->algo_id =
+                                                       (id << 8) + 0x03;
+                                       } else {
+                                               choices->algo_id =
+                                                       0xFF00 + id;
+                                       }
                                }
                                goto choose_ok;
                        }
@@ -406,19 +440,25 @@ choose_ok:
 
 static uint32_t
 sp_do_keyx(const br_ssl_server_policy_class **pctx,
-       unsigned char *data, size_t len)
+       unsigned char *data, size_t *len)
 {
        policy_context *pc;
+       uint32_t r;
+       size_t xoff, xlen;
 
        pc = (policy_context *)pctx;
        switch (pc->sk->key_type) {
        case BR_KEYTYPE_RSA:
                return br_rsa_ssl_decrypt(
                        &br_rsa_i31_private, &pc->sk->key.rsa,
-                       data, len);
+                       data, *len);
        case BR_KEYTYPE_EC:
-               return br_ec_prime_i31.mul(data, len, pc->sk->key.ec.x,
+               r = br_ec_all_m15.mul(data, *len, pc->sk->key.ec.x,
                        pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
+               xoff = br_ec_all_m15.xoff(pc->sk->key.ec.curve, &xlen);
+               memmove(data, data + xoff, xlen);
+               *len = xlen;
+               return r;
        default:
                fprintf(stderr, "ERROR: unknown private key type (%d)\n",
                        (int)pc->sk->key_type);
@@ -428,13 +468,40 @@ sp_do_keyx(const br_ssl_server_policy_class **pctx,
 
 static size_t
 sp_do_sign(const br_ssl_server_policy_class **pctx,
-       int hash_id, size_t hv_len, unsigned char *data, size_t len)
+       unsigned algo_id, unsigned char *data, size_t hv_len, size_t len)
 {
        policy_context *pc;
        unsigned char hv[64];
 
        pc = (policy_context *)pctx;
-       memcpy(hv, data, hv_len);
+       if (algo_id >= 0xFF00) {
+               algo_id &= 0xFF;
+               memcpy(hv, data, hv_len);
+       } else {
+               const br_hash_class *hc;
+               br_hash_compat_context zc;
+
+               if (pc->verbose) {
+                       fprintf(stderr, "Callback hashing, algo = 0x%04X,"
+                               " data_len = %lu\n",
+                               algo_id, (unsigned long)hv_len);
+               }
+               algo_id >>= 8;
+               hc = get_hash_impl(algo_id);
+               if (hc == NULL) {
+                       if (pc->verbose) {
+                               fprintf(stderr,
+                                       "ERROR: unsupported hash function %u\n",
+                                       algo_id);
+                       }
+                       return 0;
+               }
+               hc->init(&zc.vtable);
+               hc->update(&zc.vtable, data, hv_len);
+               hc->out(&zc.vtable, hv);
+               hv_len = (hc->desc >> BR_HASHDESC_OUT_OFF)
+                       & BR_HASHDESC_OUT_MASK;
+       }
        switch (pc->sk->key_type) {
                size_t sig_len;
                uint32_t x;
@@ -442,12 +509,12 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
                const br_hash_class *hc;
 
        case BR_KEYTYPE_RSA:
-               hash_oid = get_hash_oid(hash_id);
-               if (hash_oid == NULL && hash_id != 0) {
+               hash_oid = get_hash_oid(algo_id);
+               if (hash_oid == NULL && algo_id != 0) {
                        if (pc->verbose) {
                                fprintf(stderr, "ERROR: cannot RSA-sign with"
-                                       " unknown hash function: %d\n",
-                                       hash_id);
+                                       " unknown hash function: %u\n",
+                                       algo_id);
                        }
                        return 0;
                }
@@ -473,12 +540,12 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
                return sig_len;
 
        case BR_KEYTYPE_EC:
-               hc = get_hash_impl(hash_id);
+               hc = get_hash_impl(algo_id);
                if (hc == NULL) {
                        if (pc->verbose) {
                                fprintf(stderr, "ERROR: cannot ECDSA-sign with"
-                                       " unknown hash function: %d\n",
-                                       hash_id);
+                                       " unknown hash function: %u\n",
+                                       algo_id);
                        }
                        return 0;
                }
@@ -490,7 +557,7 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
                        }
                        return 0;
                }
-               sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31
+               sig_len = br_ecdsa_i31_sign_asn1(&br_ec_all_m15
                        hc, hv, &pc->sk->key.ec, data);
                if (sig_len == 0) {
                        if (pc->verbose) {
@@ -512,6 +579,12 @@ static const br_ssl_server_policy_class policy_vtable = {
        sp_do_sign
 };
 
+void
+free_alpn(void *alpn)
+{
+       xfree(*(char **)alpn);
+}
+
 /* see brssl.h */
 int
 do_server(int argc, char *argv[])
@@ -527,11 +600,13 @@ do_server(int argc, char *argv[])
        size_t num_suites;
        uint16_t *suite_ids;
        unsigned hfuns;
+       int cbhash;
        br_x509_certificate *chain;
        size_t chain_len;
        int cert_signer_algo;
        private_key *sk;
        anchor_list anchors = VEC_INIT;
+       VECTOR(const char *) alpn_names = VEC_INIT;
        br_x509_minimal_context xc;
        const br_hash_class *dnhash;
        size_t u;
@@ -554,6 +629,7 @@ do_server(int argc, char *argv[])
        suites = NULL;
        num_suites = 0;
        hfuns = 0;
+       cbhash = 0;
        suite_ids = NULL;
        chain = NULL;
        chain_len = 0;
@@ -777,10 +853,22 @@ do_server(int argc, char *argv[])
                                goto server_exit_error;
                        }
                        hfuns |= x;
+               } else if (eqstr(arg, "-cbhash")) {
+                       cbhash = 1;
                } else if (eqstr(arg, "-serverpref")) {
                        flags |= BR_OPT_ENFORCE_SERVER_PREFERENCES;
                } else if (eqstr(arg, "-noreneg")) {
                        flags |= BR_OPT_NO_RENEGOTIATION;
+               } else if (eqstr(arg, "-alpn")) {
+                       if (++ i >= argc) {
+                               fprintf(stderr,
+                                       "ERROR: no argument for '-alpn'\n");
+                               usage_server();
+                               goto server_exit_error;
+                       }
+                       VEC_ADD(alpn_names, xstrdup(argv[i]));
+               } else if (eqstr(arg, "-strictalpn")) {
+                       flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH;
                } else {
                        fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
                        usage_server();
@@ -841,7 +929,7 @@ do_server(int argc, char *argv[])
                break;
        case BR_KEYTYPE_EC:
                curve = sk->key.ec.curve;
-               supp = br_ec_prime_i31.supported_curves;
+               supp = br_ec_all_m15.supported_curves;
                if (curve > 31 || !((supp >> curve) & 1)) {
                        fprintf(stderr, "ERROR: private key curve (%d)"
                                " is not supported\n", curve);
@@ -947,6 +1035,15 @@ do_server(int argc, char *argv[])
                                &br_sslrec_in_gcm_vtable,
                                &br_sslrec_out_gcm_vtable);
                }
+               if ((req & REQ_CHAPOL) != 0) {
+                       br_ssl_engine_set_chacha20(&cc.eng,
+                               &br_chacha20_ct_run);
+                       br_ssl_engine_set_poly1305(&cc.eng,
+                               &br_poly1305_ctmul_run);
+                       br_ssl_engine_set_chapol(&cc.eng,
+                               &br_sslrec_in_chapol_vtable,
+                               &br_sslrec_out_chapol_vtable);
+               }
                if ((req & REQ_3DESCBC) != 0) {
                        br_ssl_engine_set_des_cbc(&cc.eng,
                                &br_des_ct_cbcenc_vtable,
@@ -956,7 +1053,7 @@ do_server(int argc, char *argv[])
                                &br_sslrec_out_cbc_vtable);
                }
                if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
-                       br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+                       br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
                }
        }
        br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
@@ -990,6 +1087,11 @@ do_server(int argc, char *argv[])
        br_ssl_session_cache_lru_init(&lru, cache, cache_len);
        br_ssl_server_set_cache(&cc, &lru.vtable);
 
+       if (VEC_LEN(alpn_names) != 0) {
+               br_ssl_engine_set_protocol_names(&cc.eng,
+                       &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+       }
+
        /*
         * Set the policy handler (that chooses the actual cipher suite,
         * selects the certificate chain, and runs the private key
@@ -1001,6 +1103,7 @@ do_server(int argc, char *argv[])
        pc.chain_len = chain_len;
        pc.cert_signer_algo = cert_signer_algo;
        pc.sk = sk;
+       pc.cbhash = cbhash;
        br_ssl_server_set_policy(&cc, &pc.vtable);
 
        /*
@@ -1023,11 +1126,11 @@ do_server(int argc, char *argv[])
                        }
                }
                br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
-               br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+               br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
                br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
                br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
                br_x509_minimal_set_ecdsa(&xc,
-                       &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
+                       &br_ec_all_m15, &br_ecdsa_i31_vrfy_asn1);
                br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
                br_ssl_server_set_trust_anchor_names_alt(&cc,
                        &VEC_ELT(anchors, 0), VEC_LEN(anchors));
@@ -1082,6 +1185,7 @@ server_exit:
        free_certificates(chain, chain_len);
        free_private_key(sk);
        VEC_CLEAREXT(anchors, &free_ta_contents);
+       VEC_CLEAREXT(alpn_names, &free_alpn);
        xfree(iobuf);
        xfree(cache);
        if (fd >= 0) {
The BearSSL library and tools.