1 #include "recordHandler.h"
4 #include <sys/socket.h>
5 #include <netinet/in.h>
12 #include <openssl/ssl.h>
16 #include "opensslBIO.h"
17 #include "simpleOpensslSigner.h"
20 int gencb( int a, int b, BN_GENCB* g ) {
25 std::cout << ( a == 0 ? "." : "+" ) << std::flush;
30 static std::shared_ptr<DH> dh_param;
32 std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
33 std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>( SSL_CTX_new( TLSv1_2_method() ), SSL_CTX_free );
35 if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
36 throw "Cannot set cipher list. Your source is broken.";
41 FILE* paramfile = fopen( "dh_param.pem", "r" );
44 dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
47 dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
48 std::cout << "Generating DH params" << std::endl;
54 if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
55 throw "DH generation failed";
58 std::cout << std::endl;
59 paramfile = fopen( "dh_param.pem", "w" );
62 PEM_write_DHparams( paramfile, dh_param.get() );
68 if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
69 throw "Cannot set tmp dh.";
76 class RecordHandlerSession {
79 uint32_t lastCommandCount;
81 std::shared_ptr<TBSCertificate> tbs;
82 std::shared_ptr<SignedCertificate> result;
86 std::shared_ptr<OpensslBIOWrapper> io;
87 DefaultRecordHandler* parent;
88 std::shared_ptr<Signer> signer;
90 RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, BIO* output ) :
91 tbs( new TBSCertificate() ) {
92 this->parent = parent;
93 this->signer = signer;
95 ssl = SSL_new( ctx.get() );
96 BIO* bio = BIO_new( BIO_f_ssl() );
97 SSL_set_accept_state( ssl );
98 SSL_set_bio( ssl, output, output );
99 BIO_set_ssl( bio, ssl, BIO_NOCLOSE );
100 io = std::shared_ptr<OpensslBIOWrapper>( new OpensslBIOWrapper( bio ) );
103 void respondCommand( RecordHeader::SignerResult res, std::string payload ) {
105 rh.command = ( uint16_t ) res;
107 rh.command_count = 0; // TODO i++
108 rh.totalLength = payload.size();
109 sendCommand( rh, payload, io );
113 std::vector<char> buffer( 2048, 0 );
114 int res = io->read( buffer.data(), buffer.capacity() );
121 std::string content( buffer.data(), res );
125 std::string payload = parseCommand( head, content );
126 execute( head, payload );
127 } catch( const char* msg ) {
128 std::cout << msg << std::endl;
134 void execute( RecordHeader& head, std::string data ) {
135 if( head.totalLength != head.payloadLength || head.offset != 0 ) {
136 throw "Error, chunking not supported yet";
139 switch( ( RecordHeader::SignerCommand ) head.command ) {
140 case RecordHeader::SignerCommand::SET_CSR: // setCSR
141 tbs->csr_content = data;
142 tbs->csr_type = "CSR";
143 std::cout << "CSR read" << std::endl;
146 case RecordHeader::SignerCommand::SET_SIGNATURE_TYPE:
147 tbs->md = "sha256"; // TODO use content ;-)
150 case RecordHeader::SignerCommand::SET_PROFILE:
155 case RecordHeader::SignerCommand::ADD_SAN: {
156 size_t pos = data.find( "," );
158 if( pos == std::string::npos ) {
160 std::shared_ptr<SAN> san( new SAN() );
161 san->type = data.substr( 0, pos );
162 san->content = data.substr( pos + 1 );
163 tbs->SANs.push_back( san );
168 case RecordHeader::SignerCommand::ADD_AVA: {
169 size_t pos = data.find( "," );
171 if( pos == std::string::npos ) {
174 std::shared_ptr<AVA> ava( new AVA() );
175 ava->name = data.substr( 0, pos );
176 ava->value = data.substr( pos + 1 );
177 tbs->AVAs.push_back( ava );
182 case RecordHeader::SignerCommand::ADD_PROOF_LINE:
185 case RecordHeader::SignerCommand::SIGN:
186 result = signer->sign( tbs );
187 std::cout << "res: " << result->certificate << std::endl;
188 result->log = "I am a dummy log.\nI signed that thing ;-) \n";
189 respondCommand( RecordHeader::SignerResult::SAVE_LOG, result->log );
192 case RecordHeader::SignerCommand::LOG_SAVED:
194 respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate );
200 throw "Unimplemented";
205 DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr<Signer> signer, BIO* bio ) :
208 this->signer = signer;
210 ctx = generateSSLContext( true );
212 SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM );
213 SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM );
218 void DefaultRecordHandler::reset() {
219 currentSession = std::shared_ptr<RecordHandlerSession>();
222 void DefaultRecordHandler::handle() {
223 if( !currentSession ) {
224 std::cout << "session allocated" << std::endl;
225 currentSession = std::shared_ptr<RecordHandlerSession>( new RecordHandlerSession( this, signer, ctx, bio ) );
228 currentSession->work();
233 void send( std::shared_ptr<OpensslBIOWrapper> bio, RecordHeader& head, RecordHeader::SignerCommand cmd, std::string data ) {
234 head.command = ( uint16_t ) cmd;
235 head.command_count++;
236 head.totalLength = data.size();
237 sendCommand( head, data, bio );
240 void setupSerial( FILE* f ) {
243 if( tcgetattr( fileno( f ), &attr ) ) {
244 throw "failed to get attrs";
247 attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON );
248 attr.c_oflag &= ~OPOST;
249 attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
250 attr.c_cflag &= ~( CSIZE | PARENB );
253 if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
254 throw "failed to get attrs";
258 int handlermain( int argc, const char* argv[] ) {
261 std::shared_ptr<OpensslBIOWrapper> bio( new OpensslBIOWrapper( BIO_new_fd( 0, 0 ) ) );
263 "-----BEGIN CERTIFICATE REQUEST-----\n"
264 "MIIBSzCBtQIBADAMMQowCAYDVQQDDAFhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
265 "iQKBgQDerBEpIShJlx3zzl4AOS1NcwEg4iAWknQeTtI8B5dnk+l5HkOdTxqeehZn\n"
266 "iZnuIuYXA+JWmoECg/w69+N5zw2BabelgK3cSvRqycwPEU/gceGJZTaBfkkN0hBk\n"
267 "rpXDiLSlox5oeR150MrsHvVc+W2e+0jW1tuhz4QLzn8/uI/toQIDAQABoAAwDQYJ\n"
268 "KoZIhvcNAQELBQADgYEATQU5VrgQAkvpCvIwRUyjj9YAa9E014tNY0jMcBdv95fy\n"
269 "/f49zIcVtUJuZuEwY6uDZQqfAm+8CLNpOCICH/Qw7YOe+s/Yw7a8rk5VqLtgxR4M\n"
270 "z6DUeVL0zYFoLUxIje9yDU3pWmPvyVaBPdo0DguZwFMfiWwzhkUDeQgyeaiMvQA=\n"
271 "-----END CERTIFICATE REQUEST-----";
281 FILE* f = fopen( "/dev/ttyUSB0", "r+" );
284 std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl;
290 BIO* b = BIO_new_fd( fileno( f ), 0 );
291 BIO* slip1 = BIO_new( toBio<SlipBIO>() );
292 ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
293 std::cout << "Initing tlsv1_2" << std::endl;
294 std::shared_ptr<SSL_CTX> ctx = generateSSLContext( false );
295 SSL* ssl = SSL_new( ctx.get() );
296 BIO* bio = BIO_new( BIO_f_ssl() );
297 SSL_set_connect_state( ssl );
298 SSL_set_bio( ssl, slip1, slip1 );
299 BIO_set_ssl( bio, ssl, BIO_NOCLOSE );
300 std::shared_ptr<OpensslBIOWrapper> conn( new OpensslBIOWrapper( bio ) );
301 send( conn, head, RecordHeader::SignerCommand::SET_CSR, data );
302 send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, "sha256" );
303 send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, "1" );
304 send( conn, head, RecordHeader::SignerCommand::ADD_AVA, "CN,commonName" );
305 send( conn, head, RecordHeader::SignerCommand::ADD_SAN, "DNS,*.example.com" );
306 send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
307 send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
308 std::vector<char> buffer( 2048 * 4 );
310 for( int i = 0; i < 2; i++ ) {
312 int length = conn->read( buffer.data(), buffer.size() );
314 std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
315 std::cout << "Data: " << std::endl << payload << std::endl;
316 } catch( const char* msg ) {
317 std::cout << msg << std::endl;
322 std::cout << "sent things" << std::endl;
327 FILE* f = fopen( "/dev/ttyS0", "r+" );
330 std::cout << "Opening /dev/ttyS0 bio failed" << std::endl;
336 BIO* conn = BIO_new_fd( fileno( f ), 0 );
337 BIO* slip1 = BIO_new( toBio<SlipBIO>() );
338 ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ) );
341 DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner() ), slip1 );
346 } catch( char const* ch ) {
347 std::cout << "Exception: " << ch << std::endl;