Improved modular exponentiation (automatic window optimisation if there is enough...

[BearSSL] / tools / server.c
diff --git a/tools/server.c b/tools/server.c

index 7d24d6b..fbc7786 100644 (file)
--- a/tools/server.c
+++ b/tools/server.c
@@ -29,6 +29,10 @@
  #include <errno.h>
  #include <signal.h>
  
  #include <errno.h>
  #include <signal.h>
  
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>
@@ -37,14 +41,18 @@
  #include <unistd.h>
  #include <fcntl.h>
  
  #include <unistd.h>
  #include <fcntl.h>
  
+#define SOCKET             int
+#define INVALID_SOCKET     (-1)
+#define SOCKADDR_STORAGE   struct sockaddr_storage
+#endif
+
  #include "brssl.h"
  #include "brssl.h"
-#include "bearssl.h"
  
  
-static int
+static SOCKET
  host_bind(const char *host, const char *port, int verbose)
  {
         struct addrinfo hints, *si, *p;
  host_bind(const char *host, const char *port, int verbose)
  {
         struct addrinfo hints, *si, *p;
-       int fd;
+       SOCKET fd;
         int err;
  
         memset(&hints, 0, sizeof hints);
         int err;
  
         memset(&hints, 0, sizeof hints);
@@ -54,9 +62,9 @@ host_bind(const char *host, const char *port, int verbose)
         if (err != 0) {
                 fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
                         gai_strerror(err));
         if (err != 0) {
                 fprintf(stderr, "ERROR: getaddrinfo(): %s\n",
                         gai_strerror(err));
-               return -1;
+               return INVALID_SOCKET;
         }
         }
-       fd = -1;
+       fd = INVALID_SOCKET;
         for (p = si; p != NULL; p = p->ai_next) {
                 struct sockaddr *sa;
                 struct sockaddr_in sa4;
         for (p = si; p != NULL; p = p->ai_next) {
                 struct sockaddr *sa;
                 struct sockaddr_in sa4;
@@ -102,21 +110,27 @@ host_bind(const char *host, const char *port, int verbose)
                         fprintf(stderr, "binding to: %s\n", tmp);
                 }
                 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
                         fprintf(stderr, "binding to: %s\n", tmp);
                 }
                 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
-               if (fd < 0) {
+               if (fd == INVALID_SOCKET) {
                         if (verbose) {
                                 perror("socket()");
                         }
                         continue;
                 }
                 opt = 1;
                         if (verbose) {
                                 perror("socket()");
                         }
                         continue;
                 }
                 opt = 1;
-               setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);
+               setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
+                       (void *)&opt, sizeof opt);
                 opt = 0;
                 opt = 0;
-               setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof opt);
+               setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
+                       (void *)&opt, sizeof opt);
                 if (bind(fd, sa, sa_len) < 0) {
                         if (verbose) {
                                 perror("bind()");
                         }
                 if (bind(fd, sa, sa_len) < 0) {
                         if (verbose) {
                                 perror("bind()");
                         }
+#ifdef _WIN32
+                       closesocket(fd);
+#else
                         close(fd);
                         close(fd);
+#endif
                         continue;
                 }
                 break;
                         continue;
                 }
                 break;
@@ -124,15 +138,19 @@ host_bind(const char *host, const char *port, int verbose)
         if (p == NULL) {
                 freeaddrinfo(si);
                 fprintf(stderr, "ERROR: failed to bind\n");
         if (p == NULL) {
                 freeaddrinfo(si);
                 fprintf(stderr, "ERROR: failed to bind\n");
-               return -1;
+               return INVALID_SOCKET;
         }
         freeaddrinfo(si);
         if (listen(fd, 5) < 0) {
                 if (verbose) {
                         perror("listen()");
                 }
         }
         freeaddrinfo(si);
         if (listen(fd, 5) < 0) {
                 if (verbose) {
                         perror("listen()");
                 }
+#ifdef _WIN32
+               closesocket(fd);
+#else
                 close(fd);
                 close(fd);
-               return -1;
+#endif
+               return INVALID_SOCKET;
         }
         if (verbose) {
                 fprintf(stderr, "bound.\n");
         }
         if (verbose) {
                 fprintf(stderr, "bound.\n");
@@ -140,27 +158,27 @@ host_bind(const char *host, const char *port, int verbose)
         return fd;
  }
  
         return fd;
  }
  
-static int
-accept_client(int server_fd, int verbose)
+static SOCKET
+accept_client(SOCKET server_fd, int verbose)
  {
         int fd;
  {
         int fd;
-       struct sockaddr sa;
+       SOCKADDR_STORAGE sa;
         socklen_t sa_len;
  
         sa_len = sizeof sa;
         socklen_t sa_len;
  
         sa_len = sizeof sa;
-       fd = accept(server_fd, &sa, &sa_len);
-       if (fd < 0) {
+       fd = accept(server_fd, (struct sockaddr *)&sa, &sa_len);
+       if (fd == INVALID_SOCKET) {
                 if (verbose) {
                         perror("accept()");
                 }
                 if (verbose) {
                         perror("accept()");
                 }
-               return -1;
+               return INVALID_SOCKET;
         }
         if (verbose) {
                 char tmp[INET6_ADDRSTRLEN + 50];
                 const char *name;
  
                 name = NULL;
         }
         if (verbose) {
                 char tmp[INET6_ADDRSTRLEN + 50];
                 const char *name;
  
                 name = NULL;
-               switch (sa.sa_family) {
+               switch (((struct sockaddr *)&sa)->sa_family) {
                 case AF_INET:
                         name = inet_ntop(AF_INET,
                                 &((struct sockaddr_in *)&sa)->sin_addr,
                 case AF_INET:
                         name = inet_ntop(AF_INET,
                                 &((struct sockaddr_in *)&sa)->sin_addr,
@@ -173,8 +191,8 @@ accept_client(int server_fd, int verbose)
                         break;
                 }
                 if (name == NULL) {
                         break;
                 }
                 if (name == NULL) {
-                       sprintf(tmp, "<unknown: %lu>",
-                               (unsigned long)sa.sa_family);
+                       sprintf(tmp, "<unknown: %lu>", (unsigned long)
+                               ((struct sockaddr *)&sa)->sa_family);
                         name = tmp;
                 }
                 fprintf(stderr, "accepting connection from: %s\n", name);
                         name = tmp;
                 }
                 fprintf(stderr, "accepting connection from: %s\n", name);
@@ -182,9 +200,18 @@ accept_client(int server_fd, int verbose)
  
         /*
          * We make the socket non-blocking, since we are going to use
  
         /*
          * We make the socket non-blocking, since we are going to use
-        * poll() to organise I/O.
+        * poll() or select() to organise I/O.
          */
          */
+#ifdef _WIN32
+       {
+               u_long arg;
+
+               arg = 1;
+               ioctlsocket(fd, FIONBIO, &arg);
+       }
+#else
         fcntl(fd, F_SETFL, O_NONBLOCK);
         fcntl(fd, F_SETFL, O_NONBLOCK);
+#endif
         return fd;
  }
  
         return fd;
  }
  
@@ -440,19 +467,25 @@ choose_ok:
  
  static uint32_t
  sp_do_keyx(const br_ssl_server_policy_class **pctx,
  
  static uint32_t
  sp_do_keyx(const br_ssl_server_policy_class **pctx,
-       unsigned char *data, size_t len)
+       unsigned char *data, size_t *len)
  {
         policy_context *pc;
  {
         policy_context *pc;
+       uint32_t r;
+       size_t xoff, xlen;
  
         pc = (policy_context *)pctx;
         switch (pc->sk->key_type) {
         case BR_KEYTYPE_RSA:
                 return br_rsa_ssl_decrypt(
                         &br_rsa_i31_private, &pc->sk->key.rsa,
  
         pc = (policy_context *)pctx;
         switch (pc->sk->key_type) {
         case BR_KEYTYPE_RSA:
                 return br_rsa_ssl_decrypt(
                         &br_rsa_i31_private, &pc->sk->key.rsa,
-                       data, len);
+                       data, *len);
         case BR_KEYTYPE_EC:
         case BR_KEYTYPE_EC:
-               return br_ec_prime_i31.mul(data, len, pc->sk->key.ec.x,
+               r = br_ec_all_m15.mul(data, *len, pc->sk->key.ec.x,
                         pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
                         pc->sk->key.ec.xlen, pc->sk->key.ec.curve);
+               xoff = br_ec_all_m15.xoff(pc->sk->key.ec.curve, &xlen);
+               memmove(data, data + xoff, xlen);
+               *len = xlen;
+               return r;
         default:
                 fprintf(stderr, "ERROR: unknown private key type (%d)\n",
                         (int)pc->sk->key_type);
         default:
                 fprintf(stderr, "ERROR: unknown private key type (%d)\n",
                         (int)pc->sk->key_type);
@@ -551,7 +584,7 @@ sp_do_sign(const br_ssl_server_policy_class **pctx,
                         }
                         return 0;
                 }
                         }
                         return 0;
                 }
-               sig_len = br_ecdsa_i31_sign_asn1(&br_ec_prime_i31, 
+               sig_len = br_ecdsa_i31_sign_asn1(&br_ec_all_m15, 
                         hc, hv, &pc->sk->key.ec, data);
                 if (sig_len == 0) {
                         if (pc->verbose) {
                         hc, hv, &pc->sk->key.ec, data);
                 if (sig_len == 0) {
                         if (pc->verbose) {
@@ -600,7 +633,7 @@ do_server(int argc, char *argv[])
         int cert_signer_algo;
         private_key *sk;
         anchor_list anchors = VEC_INIT;
         int cert_signer_algo;
         private_key *sk;
         anchor_list anchors = VEC_INIT;
-       VECTOR(const char *) alpn_names = VEC_INIT;
+       VECTOR(char *) alpn_names = VEC_INIT;
         br_x509_minimal_context xc;
         const br_hash_class *dnhash;
         size_t u;
         br_x509_minimal_context xc;
         const br_hash_class *dnhash;
         size_t u;
@@ -610,7 +643,7 @@ do_server(int argc, char *argv[])
         unsigned char *iobuf, *cache;
         size_t iobuf_len, cache_len;
         uint32_t flags;
         unsigned char *iobuf, *cache;
         size_t iobuf_len, cache_len;
         uint32_t flags;
-       int server_fd, fd;
+       SOCKET server_fd, fd;
  
         retcode = 0;
         verbose = 1;
  
         retcode = 0;
         verbose = 1;
@@ -633,8 +666,8 @@ do_server(int argc, char *argv[])
         cache = NULL;
         cache_len = (size_t)-1;
         flags = 0;
         cache = NULL;
         cache_len = (size_t)-1;
         flags = 0;
-       server_fd = -1;
-       fd = -1;
+       server_fd = INVALID_SOCKET;
+       fd = INVALID_SOCKET;
         for (i = 0; i < argc; i ++) {
                 const char *arg;
  
         for (i = 0; i < argc; i ++) {
                 const char *arg;
  
@@ -923,7 +956,7 @@ do_server(int argc, char *argv[])
                 break;
         case BR_KEYTYPE_EC:
                 curve = sk->key.ec.curve;
                 break;
         case BR_KEYTYPE_EC:
                 curve = sk->key.ec.curve;
-               supp = br_ec_prime_i31.supported_curves;
+               supp = br_ec_all_m15.supported_curves;
                 if (curve > 31 || !((supp >> curve) & 1)) {
                         fprintf(stderr, "ERROR: private key curve (%d)"
                                 " is not supported\n", curve);
                 if (curve > 31 || !((supp >> curve) & 1)) {
                         fprintf(stderr, "ERROR: private key curve (%d)"
                                 " is not supported\n", curve);
@@ -1047,7 +1080,7 @@ do_server(int argc, char *argv[])
                                 &br_sslrec_out_cbc_vtable);
                 }
                 if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
                                 &br_sslrec_out_cbc_vtable);
                 }
                 if ((req & (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0) {
-                       br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+                       br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
                 }
         }
         br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
                 }
         }
         br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites);
@@ -1083,7 +1116,8 @@ do_server(int argc, char *argv[])
  
         if (VEC_LEN(alpn_names) != 0) {
                 br_ssl_engine_set_protocol_names(&cc.eng,
  
         if (VEC_LEN(alpn_names) != 0) {
                 br_ssl_engine_set_protocol_names(&cc.eng,
-                       &VEC_ELT(alpn_names, 0), VEC_LEN(alpn_names));
+                       (const char **)&VEC_ELT(alpn_names, 0),
+                       VEC_LEN(alpn_names));
         }
  
         /*
         }
  
         /*
@@ -1120,11 +1154,11 @@ do_server(int argc, char *argv[])
                         }
                 }
                 br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
                         }
                 }
                 br_ssl_engine_set_rsavrfy(&cc.eng, &br_rsa_i31_pkcs1_vrfy);
-               br_ssl_engine_set_ec(&cc.eng, &br_ec_prime_i31);
+               br_ssl_engine_set_ec(&cc.eng, &br_ec_all_m15);
                 br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
                 br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
                 br_x509_minimal_set_ecdsa(&xc,
                 br_ssl_engine_set_ecdsa(&cc.eng, &br_ecdsa_i31_vrfy_asn1);
                 br_x509_minimal_set_rsa(&xc, &br_rsa_i31_pkcs1_vrfy);
                 br_x509_minimal_set_ecdsa(&xc,
-                       &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
+                       &br_ec_all_m15, &br_ecdsa_i31_vrfy_asn1);
                 br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
                 br_ssl_server_set_trust_anchor_names_alt(&cc,
                         &VEC_ELT(anchors, 0), VEC_LEN(anchors));
                 br_ssl_engine_set_x509(&cc.eng, &xc.vtable);
                 br_ssl_server_set_trust_anchor_names_alt(&cc,
                         &VEC_ELT(anchors, 0), VEC_LEN(anchors));
@@ -1133,15 +1167,17 @@ do_server(int argc, char *argv[])
         br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
  
         /*
         br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi);
  
         /*
-        * We need to ignore SIGPIPE.
+        * On Unix systems, we need to ignore SIGPIPE.
          */
          */
+#ifndef _WIN32
         signal(SIGPIPE, SIG_IGN);
         signal(SIGPIPE, SIG_IGN);
+#endif
  
         /*
          * Open the server socket.
          */
         server_fd = host_bind(bind_name, port, verbose);
  
         /*
          * Open the server socket.
          */
         server_fd = host_bind(bind_name, port, verbose);
-       if (server_fd < 0) {
+       if (server_fd == INVALID_SOCKET) {
                 goto server_exit_error;
         }
  
                 goto server_exit_error;
         }
  
@@ -1156,15 +1192,19 @@ do_server(int argc, char *argv[])
                 int x;
  
                 fd = accept_client(server_fd, verbose);
                 int x;
  
                 fd = accept_client(server_fd, verbose);
-               if (fd < 0) {
+               if (fd == INVALID_SOCKET) {
                         goto server_exit_error;
                 }
                 br_ssl_server_reset(&cc);
                 x = run_ssl_engine(&cc.eng, fd,
                         (verbose ? RUN_ENGINE_VERBOSE : 0)
                         | (trace ? RUN_ENGINE_TRACE : 0));
                         goto server_exit_error;
                 }
                 br_ssl_server_reset(&cc);
                 x = run_ssl_engine(&cc.eng, fd,
                         (verbose ? RUN_ENGINE_VERBOSE : 0)
                         | (trace ? RUN_ENGINE_TRACE : 0));
+#ifdef _WIN32
+               closesocket(fd);
+#else
                 close(fd);
                 close(fd);
-               fd = -1;
+#endif
+               fd = INVALID_SOCKET;
                 if (x < -1) {
                         goto server_exit_error;
                 }
                 if (x < -1) {
                         goto server_exit_error;
                 }
@@ -1182,8 +1222,12 @@ server_exit:
         VEC_CLEAREXT(alpn_names, &free_alpn);
         xfree(iobuf);
         xfree(cache);
         VEC_CLEAREXT(alpn_names, &free_alpn);
         xfree(iobuf);
         xfree(cache);
-       if (fd >= 0) {
+       if (fd != INVALID_SOCKET) {
+#ifdef _WIN32
+               closesocket(fd);
+#else
                 close(fd);
                 close(fd);
+#endif
         }
         return retcode;
  
         }
         return retcode;