1 #include "recordHandler.h"
4 #include <sys/socket.h>
5 #include <netinet/in.h>
12 #include <openssl/ssl.h>
16 #include "opensslBIO.h"
17 #include "remoteSigner.h"
18 #include "simpleOpensslSigner.h"
21 int gencb( int a, int b, BN_GENCB* g ) {
26 std::cout << ( a == 0 ? "." : "+" ) << std::flush;
31 int vfy( int prevfy, X509_STORE_CTX* ct ) {
36 static std::shared_ptr<DH> dh_param;
38 std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
39 std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>( SSL_CTX_new( TLSv1_2_method() ), SSL_CTX_free );
41 if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
42 throw "Cannot set cipher list. Your source is broken.";
45 SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_NONE, vfy );
46 SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM );
47 SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM );
48 std::shared_ptr<STACK_OF( X509_NAME )> cert_names(
49 SSL_load_client_CA_file( "testdata/server.crt" ),
50 []( STACK_OF( X509_NAME ) *st ) {
51 sk_X509_NAME_free( st );
55 SSL_CTX_set_client_CA_list( ctx.get(), cert_names.get() );
60 FILE* paramfile = fopen( "dh_param.pem", "r" );
63 dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
66 dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
67 std::cout << "Generating DH params" << std::endl;
73 if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
74 throw "DH generation failed";
77 std::cout << std::endl;
78 paramfile = fopen( "dh_param.pem", "w" );
81 PEM_write_DHparams( paramfile, dh_param.get() );
87 if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
88 throw "Cannot set tmp dh.";
95 class RecordHandlerSession {
98 uint32_t lastCommandCount;
100 std::shared_ptr<TBSCertificate> tbs;
101 std::shared_ptr<SignedCertificate> result;
105 std::shared_ptr<OpensslBIOWrapper> io;
106 DefaultRecordHandler* parent;
107 std::shared_ptr<Signer> signer;
109 RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, std::shared_ptr<BIO> output ) :
110 tbs( new TBSCertificate() ) {
111 this->parent = parent;
112 this->signer = signer;
114 ssl = SSL_new( ctx.get() );
115 std::shared_ptr<BIO> bio( BIO_new( BIO_f_ssl() ), [output]( BIO * p ) {
118 SSL_set_accept_state( ssl );
119 SSL_set_bio( ssl, output.get(), output.get() );
120 BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE );
121 io = std::shared_ptr<OpensslBIOWrapper>( new OpensslBIOWrapper( bio ) );
124 void respondCommand( RecordHeader::SignerResult res, std::string payload ) {
126 rh.command = ( uint16_t ) res;
128 rh.command_count = 0; // TODO i++
129 rh.totalLength = payload.size();
130 sendCommand( rh, payload, io );
134 std::cout << "done" << std::endl;
135 std::vector<char> buffer( 2048, 0 );
136 std::cout << "reading" << std::endl;
137 int res = io->read( buffer.data(), buffer.capacity() );
138 std::cout << "read" << std::endl;
145 std::string content( buffer.data(), res );
149 std::string payload = parseCommand( head, content );
150 execute( head, payload );
151 } catch( const char* msg ) {
152 std::cout << msg << std::endl;
158 void execute( RecordHeader& head, std::string data ) {
159 if( head.totalLength != head.payloadLength || head.offset != 0 ) {
160 throw "Error, chunking not supported yet";
163 switch( ( RecordHeader::SignerCommand ) head.command ) {
164 case RecordHeader::SignerCommand::SET_CSR: // setCSR
165 tbs->csr_content = data;
166 tbs->csr_type = "CSR";
167 std::cout << "CSR read" << std::endl;
170 case RecordHeader::SignerCommand::SET_SIGNATURE_TYPE:
174 case RecordHeader::SignerCommand::SET_PROFILE:
179 case RecordHeader::SignerCommand::ADD_SAN: {
180 size_t pos = data.find( "," );
182 if( pos == std::string::npos ) {
184 std::shared_ptr<SAN> san( new SAN() );
185 san->type = data.substr( 0, pos );
186 san->content = data.substr( pos + 1 );
187 tbs->SANs.push_back( san );
192 case RecordHeader::SignerCommand::ADD_AVA: {
193 size_t pos = data.find( "," );
195 if( pos == std::string::npos ) {
198 std::shared_ptr<AVA> ava( new AVA() );
199 ava->name = data.substr( 0, pos );
200 ava->value = data.substr( pos + 1 );
201 tbs->AVAs.push_back( ava );
206 case RecordHeader::SignerCommand::ADD_PROOF_LINE:
209 case RecordHeader::SignerCommand::SIGN:
210 result = signer->sign( tbs );
211 std::cout << "res: " << result->certificate << std::endl;
212 result->log = "I am a dummy log.\nI signed that thing ;-) \n";
213 respondCommand( RecordHeader::SignerResult::SAVE_LOG, result->log );
216 case RecordHeader::SignerCommand::LOG_SAVED:
218 respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate );
224 throw "Unimplemented";
229 DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr<Signer> signer, std::shared_ptr<BIO> bio ) :
232 this->signer = signer;
234 ctx = generateSSLContext( true );
236 SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM );
237 SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM );
242 void DefaultRecordHandler::reset() {
243 currentSession = std::shared_ptr<RecordHandlerSession>();
246 void DefaultRecordHandler::handle() {
247 if( !currentSession ) {
248 std::cout << "session allocated" << std::endl;
249 currentSession = std::shared_ptr<RecordHandlerSession>( new RecordHandlerSession( this, signer, ctx, bio ) );
252 std::cout << "really allocated: " << currentSession << ";" << std::endl;
253 currentSession->work();
256 void setupSerial( FILE* f ) {
259 if( tcgetattr( fileno( f ), &attr ) ) {
260 throw "failed to get attrs";
263 attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON );
264 attr.c_oflag &= ~OPOST;
265 attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
266 attr.c_cflag &= ~( CSIZE | PARENB );
269 cfsetispeed( &attr, B115200 );
270 cfsetospeed( &attr, B115200 );
272 if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
273 throw "failed to get attrs";
277 int handlermain( int argc, const char* argv[] ) {
281 std::shared_ptr<OpensslBIOWrapper> bio( new OpensslBIOWrapper( std::shared_ptr<BIO>( BIO_new_fd( 0, 0 ), BIO_free ) ) );
283 "-----BEGIN CERTIFICATE REQUEST-----\n"
284 "MIIBSzCBtQIBADAMMQowCAYDVQQDDAFhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
285 "iQKBgQDerBEpIShJlx3zzl4AOS1NcwEg4iAWknQeTtI8B5dnk+l5HkOdTxqeehZn\n"
286 "iZnuIuYXA+JWmoECg/w69+N5zw2BabelgK3cSvRqycwPEU/gceGJZTaBfkkN0hBk\n"
287 "rpXDiLSlox5oeR150MrsHvVc+W2e+0jW1tuhz4QLzn8/uI/toQIDAQABoAAwDQYJ\n"
288 "KoZIhvcNAQELBQADgYEATQU5VrgQAkvpCvIwRUyjj9YAa9E014tNY0jMcBdv95fy\n"
289 "/f49zIcVtUJuZuEwY6uDZQqfAm+8CLNpOCICH/Qw7YOe+s/Yw7a8rk5VqLtgxR4M\n"
290 "z6DUeVL0zYFoLUxIje9yDU3pWmPvyVaBPdo0DguZwFMfiWwzhkUDeQgyeaiMvQA=\n"
291 "-----END CERTIFICATE REQUEST-----";
302 FILE* f = fopen( "/dev/ttyUSB0", "r+" );
305 std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl;
311 std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
312 std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
313 ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
314 std::cout << "Initing tlsv1_2" << std::endl;
315 std::shared_ptr<SSL_CTX> ctx = generateSSLContext( false );
316 std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, ctx ) );
317 std::shared_ptr<TBSCertificate> cert( new TBSCertificate() );
318 cert->csr_type = "csr";
319 cert->csr_content = data;
322 std::shared_ptr<AVA> ava( new AVA() );
324 ava->value = "Dummy user certificates";
325 cert->AVAs.push_back( ava );
326 std::shared_ptr<SAN> san( new SAN() );
328 san->content = "n42.example.com";
329 cert->SANs.push_back( san );
331 auto res = sign->sign( cert );
332 std::cout << "log: " << res->log << std::endl;
333 std::cout << "cert things: " << res->certificate << std::endl;
338 FILE* f = fopen( "/dev/ttyS0", "r+" );
341 std::cout << "Opening /dev/ttyS0 bio failed" << std::endl;
347 std::shared_ptr<BIO> conn( BIO_new_fd( fileno( f ), 0 ), BIO_free );
348 std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
350 ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ) );
353 DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner() ), slip1 );
358 } catch( char const* ch ) {
359 std::cout << "Exception: " << ch << std::endl;