X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FrecordHandler.cpp;h=98991da454c08dc4a430dd9991dbb66f60540f41;hb=c3f5775ce88f4df732e5e803dab70ce395c5f504;hp=7c633d78efab32420782c432194336fbb428b745;hpb=83c3c046ae276506bb5236081b5d55c14e7e6938;p=cassiopeia.git diff --git a/src/recordHandler.cpp b/src/recordHandler.cpp index 7c633d7..98991da 100644 --- a/src/recordHandler.cpp +++ b/src/recordHandler.cpp @@ -16,81 +16,10 @@ #include "opensslBIO.h" #include "remoteSigner.h" #include "simpleOpensslSigner.h" +#include "sslUtil.h" #include "slipBio.h" -int gencb( int a, int b, BN_GENCB* g ) { - ( void ) a; - ( void ) b; - ( void ) g; - - std::cout << ( a == 0 ? "." : "+" ) << std::flush; - - return 1; -} - -int vfy( int prevfy, X509_STORE_CTX* ct ) { - ( void ) ct; - return prevfy; -} - -static std::shared_ptr dh_param; - -std::shared_ptr generateSSLContext( bool server ) { - std::shared_ptr ctx = std::shared_ptr( SSL_CTX_new( TLSv1_2_method() ), SSL_CTX_free ); - - if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) { - throw "Cannot set cipher list. Your source is broken."; - } - - SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_NONE, vfy ); - SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM ); - SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM ); - std::shared_ptr cert_names( - SSL_load_client_CA_file( "testdata/server.crt" ), - []( STACK_OF( X509_NAME ) *st ) { - sk_X509_NAME_free( st ); - } ); - - if( cert_names ) { - SSL_CTX_set_client_CA_list( ctx.get(), cert_names.get() ); - } - - if( server ) { - if( !dh_param ) { - FILE* paramfile = fopen( "dh_param.pem", "r" ); - - if( paramfile ) { - dh_param = std::shared_ptr( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free ); - fclose( paramfile ); - } else { - dh_param = std::shared_ptr( DH_new(), DH_free ); - std::cout << "Generating DH params" << std::endl; - BN_GENCB cb; - cb.ver = 2; - cb.arg = 0; - cb.cb.cb_2 = gencb; - - if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) { - throw "DH generation failed"; - } - - std::cout << std::endl; - paramfile = fopen( "dh_param.pem", "w" ); - - if( paramfile ) { - PEM_write_DHparams( paramfile, dh_param.get() ); - fclose( paramfile ); - } - } - } - - if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) { - throw "Cannot set tmp dh."; - } - } - - return ctx; -} +extern std::vector profiles; class RecordHandlerSession { public: @@ -112,9 +41,11 @@ public: this->signer = signer; ssl = SSL_new( ctx.get() ); - std::shared_ptr bio( BIO_new( BIO_f_ssl() ), [output]( BIO * p ) { - BIO_free( p ); - } ); + std::shared_ptr bio( + BIO_new( BIO_f_ssl() ), + [output]( BIO * p ) { + BIO_free( p ); + } ); SSL_set_accept_state( ssl ); SSL_set_bio( ssl, output.get(), output.get() ); BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE ); @@ -233,9 +164,6 @@ DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, std: ctx = generateSSLContext( true ); - SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM ); - SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM ); - this->bio = bio; } @@ -253,27 +181,6 @@ void DefaultRecordHandler::handle() { currentSession->work(); } -void setupSerial( FILE* f ) { - struct termios attr; - - if( tcgetattr( fileno( f ), &attr ) ) { - throw "failed to get attrs"; - } - - attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON ); - attr.c_oflag &= ~OPOST; - attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN ); - attr.c_cflag &= ~( CSIZE | PARENB ); - attr.c_cflag |= CS8; - - cfsetispeed( &attr, B115200 ); - cfsetospeed( &attr, B115200 ); - - if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) { - throw "failed to get attrs"; - } -} - int handlermain( int argc, const char* argv[] ) { ( void ) argc; ( void ) argv; @@ -296,24 +203,14 @@ int handlermain( int argc, const char* argv[] ) { //--- - SSL_library_init(); + std::shared_ptr ssl_lib = ssl_lib_ref; if( argc >= 2 ) { - FILE* f = fopen( "/dev/ttyUSB0", "r+" ); - - if( !f ) { - std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl; - return -1; - } - - setupSerial( f ); - - std::shared_ptr b( BIO_new_fd( fileno( f ), 0 ), BIO_free ); + std::shared_ptr b = openSerial( "/dev/ttyUSB0" ); std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); - std::cout << "Initing tlsv1_2" << std::endl; - std::shared_ptr ctx = generateSSLContext( false ); - std::shared_ptr sign( new RemoteSigner( slip1, ctx ) ); + std::shared_ptr sign( new RemoteSigner( slip1, generateSSLContext( false ) ) ); + std::shared_ptr cert( new TBSCertificate() ); cert->csr_type = "csr"; cert->csr_content = data; @@ -331,26 +228,16 @@ int handlermain( int argc, const char* argv[] ) { auto res = sign->sign( cert ); std::cout << "log: " << res->log << std::endl; std::cout << "cert things: " << res->certificate << std::endl; - return 0; } - FILE* f = fopen( "/dev/ttyS0", "r+" ); - - if( !f ) { - std::cout << "Opening /dev/ttyS0 bio failed" << std::endl; - return -1; - } - - setupSerial( f ); - - std::shared_ptr conn( BIO_new_fd( fileno( f ), 0 ), BIO_free ); + std::shared_ptr conn = openSerial( "/dev/ttyS0" ); std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( conn ) ) ); try { - DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr( new SimpleOpensslSigner() ), slip1 ); + DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr( new SimpleOpensslSigner( profiles[0] ) ), slip1 ); while( true ) { dh->handle();