Blame - tool/server.cc - boringssl.googlesource.com/boringssl

blob: e0aeb134265efe1e6a75c0e64d682396d73b2178 [file] [log] [blame]

Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	1	/* Copyright (c) 2014, Google Inc.
				2	*
				3	* Permission to use, copy, modify, and/or distribute this software for any
				4	* purpose with or without fee is hereby granted, provided that the above
				5	* copyright notice and this permission notice appear in all copies.
				6	*
				7	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				8	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				9	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
				10	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				11	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
				12	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
				13	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
				14
				15	#include <openssl/base.h>
				16
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	17	#include <openssl/err.h>
				18	#include <openssl/ssl.h>
				19
				20	#include "internal.h"
				21	#include "transport_common.h"
				22
				23
				24	static const struct argument kArguments[] = {
				25	{
David Benjamin	0570923	2015-03-23 19:01:33 -0400	[diff] [blame]	26	"-accept", kRequiredArgument,
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	27	"The port of the server to bind on; eg 45102",
				28	},
				29	{
David Benjamin	0570923	2015-03-23 19:01:33 -0400	[diff] [blame]	30	"-cipher", kOptionalArgument,
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	31	"An OpenSSL-style cipher suite string that configures the offered ciphers",
				32	},
				33	{
David Benjamin	225e5ad	2016-07-16 14:51:58 +0200	[diff] [blame^]	34	"-max-version", kOptionalArgument,
				35	"The maximum acceptable protocol version",
				36	},
				37	{
				38	"-min-version", kOptionalArgument,
				39	"The minimum acceptable protocol version",
				40	},
				41	{
David Benjamin	0570923	2015-03-23 19:01:33 -0400	[diff] [blame]	42	"-key", kOptionalArgument,
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	43	"Private-key file to use (default is server.pem)",
				44	},
				45	{
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	46	"-ocsp-response", kOptionalArgument,
				47	"OCSP response file to send",
				48	},
				49	{
David Benjamin	0570923	2015-03-23 19:01:33 -0400	[diff] [blame]	50	"", kOptionalArgument, "",
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	51	},
				52	};
				53
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	54	static bool LoadOCSPResponse(SSL_CTX ctx, const char filename) {
				55	void *data = NULL;
				56	bool ret = false;
David Benjamin	ed50cee	2015-08-28 15:43:26 -0400	[diff] [blame]	57	size_t bytes_read;
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	58	long length;
				59
				60	FILE *f = fopen(filename, "rb");
				61
				62	if (f == NULL \|\|
				63	fseek(f, 0, SEEK_END) != 0) {
				64	goto out;
				65	}
				66
				67	length = ftell(f);
				68	if (length < 0) {
				69	goto out;
				70	}
				71
				72	data = malloc(length);
				73	if (data == NULL) {
				74	goto out;
				75	}
				76	rewind(f);
				77
David Benjamin	ed50cee	2015-08-28 15:43:26 -0400	[diff] [blame]	78	bytes_read = fread(data, 1, length, f);
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	79	if (ferror(f) != 0 \|\|
David Benjamin	ed50cee	2015-08-28 15:43:26 -0400	[diff] [blame]	80	bytes_read != (size_t)length \|\|
				81	!SSL_CTX_set_ocsp_response(ctx, (uint8_t*)data, bytes_read)) {
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	82	goto out;
				83	}
				84
				85	ret = true;
				86	out:
				87	if (f != NULL) {
				88	fclose(f);
				89	}
				90	free(data);
				91	return ret;
				92	}
				93
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	94	bool Server(const std::vector<std::string> &args) {
Brian Smith	33970e6	2015-01-27 22:32:08 -0800	[diff] [blame]	95	if (!InitSocketLibrary()) {
				96	return false;
				97	}
				98
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	99	std::map<std::string, std::string> args_map;
				100
				101	if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
				102	PrintUsage(kArguments);
				103	return false;
				104	}
				105
				106	SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
				107	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
				108
				109	// Server authentication is required.
				110	std::string key_file = "server.pem";
				111	if (args_map.count("-key") != 0) {
				112	key_file = args_map["-key"];
				113	}
David Benjamin	86e412d	2015-12-02 19:34:58 -0500	[diff] [blame]	114	if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) {
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	115	fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
				116	return false;
				117	}
David Benjamin	86e412d	2015-12-02 19:34:58 -0500	[diff] [blame]	118	if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) {
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	119	fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
				120	return false;
				121	}
				122
				123	if (args_map.count("-cipher") != 0 &&
				124	!SSL_CTX_set_cipher_list(ctx, args_map["-cipher"].c_str())) {
				125	fprintf(stderr, "Failed setting cipher list\n");
				126	return false;
				127	}
				128
David Benjamin	225e5ad	2016-07-16 14:51:58 +0200	[diff] [blame^]	129	if (args_map.count("-max-version") != 0) {
				130	uint16_t version;
				131	if (!VersionFromString(&version, args_map["-max-version"])) {
				132	fprintf(stderr, "Unknown protocol version: '%s'\n",
				133	args_map["-max-version"].c_str());
				134	return false;
				135	}
				136	SSL_CTX_set_max_version(ctx, version);
				137	}
				138
				139	if (args_map.count("-min-version") != 0) {
				140	uint16_t version;
				141	if (!VersionFromString(&version, args_map["-min-version"])) {
				142	fprintf(stderr, "Unknown protocol version: '%s'\n",
				143	args_map["-min-version"].c_str());
				144	return false;
				145	}
				146	SSL_CTX_set_min_version(ctx, version);
				147	}
				148
Paul Lietar	aeeff2c	2015-08-12 11:47:11 +0100	[diff] [blame]	149	if (args_map.count("-ocsp-response") != 0 &&
				150	!LoadOCSPResponse(ctx, args_map["-ocsp-response"].c_str())) {
				151	fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str());
				152	return false;
				153	}
				154
Dave Tapuska	b8a824d	2014-12-10 19:09:52 -0500	[diff] [blame]	155	int sock = -1;
				156	if (!Accept(&sock, args_map["-accept"])) {
				157	return false;
				158	}
				159
				160	BIO *bio = BIO_new_socket(sock, BIO_CLOSE);
				161	SSL *ssl = SSL_new(ctx);
				162	SSL_set_bio(ssl, bio, bio);
				163
				164	int ret = SSL_accept(ssl);
				165	if (ret != 1) {
				166	int ssl_err = SSL_get_error(ssl, ret);
				167	fprintf(stderr, "Error while connecting: %d\n", ssl_err);
				168	ERR_print_errors_cb(PrintErrorCallback, stderr);
				169	return false;
				170	}
				171
				172	fprintf(stderr, "Connected.\n");
				173	PrintConnectionInfo(ssl);
				174
				175	bool ok = TransferData(ssl, sock);
				176
				177	SSL_free(ssl);
				178	SSL_CTX_free(ctx);
				179	return ok;
				180	}