8 std::shared_ptr<int> ssl_lib_ref(
9 new int( SSL_library_init() ),
14 CRYPTO_cleanup_all_ex_data();
17 std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
18 FILE* f = fopen( filename.c_str(), "r" );
21 return std::shared_ptr<X509>();
24 X509* key = PEM_read_X509( f, NULL, NULL, 0 );
28 return std::shared_ptr<X509>();
31 return std::shared_ptr<X509>(
38 std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
39 FILE* f = fopen( filename.c_str(), "r" );
42 return std::shared_ptr<EVP_PKEY>();
45 EVP_PKEY* key = PEM_read_PrivateKey( f, NULL, NULL, 0 );
49 return std::shared_ptr<EVP_PKEY>();
52 return std::shared_ptr<EVP_PKEY>(
54 []( EVP_PKEY * ref ) {
59 int gencb( int a, int b, BN_GENCB* g ) {
63 std::cout << ( a == 0 ? "." : "+" ) << std::flush;
67 static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) {
69 //auto cert = X509_STORE_CTX_get_current_cert(ctx);
70 //BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);
71 //X509_print_ex(o, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
74 std::cout << "Verification failed: " << preverify_ok << " because " << X509_STORE_CTX_get_error( ctx ) << std::endl;
80 static std::shared_ptr<DH> dh_param;
82 std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
83 std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>( SSL_CTX_new( TLSv1_2_method() ), []( SSL_CTX * p ) {
87 if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
88 throw "Cannot set cipher list. Your source is broken.";
91 SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
92 SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
93 SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
94 SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
97 STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
100 SSL_CTX_set_client_CA_list( ctx.get(), names );
106 FILE* paramfile = fopen( "dh_param.pem", "r" );
109 dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
112 dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
113 std::cout << "Generating DH params" << std::endl;
119 if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
120 throw "DH generation failed";
123 std::cout << std::endl;
124 paramfile = fopen( "dh_param.pem", "w" );
127 PEM_write_DHparams( paramfile, dh_param.get() );
133 if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
134 throw "Cannot set tmp dh.";
141 void setupSerial( FILE* f ) {
144 if( tcgetattr( fileno( f ), &attr ) ) {
145 throw "failed to get attrs";
148 attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON );
149 attr.c_oflag &= ~OPOST;
150 attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
151 attr.c_cflag &= ~( CSIZE | PARENB );
154 cfsetispeed( &attr, B115200 );
155 cfsetospeed( &attr, B115200 );
157 if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
158 throw "failed to get attrs";
162 std::shared_ptr<BIO> openSerial( const std::string name ) {
163 FILE* f = fopen( name.c_str(), "r+" );
166 std::cout << "Opening serial device failed" << std::endl;
167 return std::shared_ptr<BIO>();
171 std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
175 CAConfig::CAConfig( std::string name ) {
177 this->path = "ca/" + name;
178 ca = loadX509FromFile( path + "/ca.crt" );
179 caKey = loadPkeyFromFile( path + "/ca.key" );
180 ASN1_TIME* tm = X509_get_notBefore( ca );
181 notBefore = std::shared_ptr<ASN1_TIME>( tm, ASN1_TIME_free );
184 std::string timeToString( std::shared_ptr<ASN1_TIME> time ) {
185 std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
186 std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
188 if( strdate[strdate.size() - 1] != 'Z' ) {
189 throw "Got invalid date?";
192 return strdate.substr( 0, strdate.size() - 1 );
195 void extractTimes( std::shared_ptr<X509> target, std::shared_ptr<SignedCertificate> cert ) {
196 cert->before = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notBefore( target.get() ), ASN1_TIME_free ) );
197 cert->after = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notAfter( target.get() ), ASN1_TIME_free ) );