X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FrecordHandler.cpp;h=98991da454c08dc4a430dd9991dbb66f60540f41;hb=c3f5775ce88f4df732e5e803dab70ce395c5f504;hp=b1c5ac4280b083158fcefb49581ff16c73803c49;hpb=2e64f805b7d03578897b4d8d2a3d3f270b6288c2;p=cassiopeia.git diff --git a/src/recordHandler.cpp b/src/recordHandler.cpp index b1c5ac4..98991da 100644 --- a/src/recordHandler.cpp +++ b/src/recordHandler.cpp @@ -14,64 +14,12 @@ #include "database.h" #include "record.h" #include "opensslBIO.h" +#include "remoteSigner.h" #include "simpleOpensslSigner.h" +#include "sslUtil.h" #include "slipBio.h" -int gencb( int a, int b, BN_GENCB* g ) { - ( void ) a; - ( void ) b; - ( void ) g; - - std::cout << ( a == 0 ? "." : "+" ) << std::flush; - - return 1; -} - -static std::shared_ptr dh_param; - -std::shared_ptr generateSSLContext( bool server ) { - std::shared_ptr ctx = std::shared_ptr( SSL_CTX_new( TLSv1_2_method() ), SSL_CTX_free ); - - if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) { - throw "Cannot set cipher list. Your source is broken."; - } - - if( server ) { - if( !dh_param ) { - FILE* paramfile = fopen( "dh_param.pem", "r" ); - - if( paramfile ) { - dh_param = std::shared_ptr( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free ); - fclose( paramfile ); - } else { - dh_param = std::shared_ptr( DH_new(), DH_free ); - std::cout << "Generating DH params" << std::endl; - BN_GENCB cb; - cb.ver = 2; - cb.arg = 0; - cb.cb.cb_2 = gencb; - - if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) { - throw "DH generation failed"; - } - - std::cout << std::endl; - paramfile = fopen( "dh_param.pem", "w" ); - - if( paramfile ) { - PEM_write_DHparams( paramfile, dh_param.get() ); - fclose( paramfile ); - } - } - } - - if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) { - throw "Cannot set tmp dh."; - } - } - - return ctx; -} +extern std::vector profiles; class RecordHandlerSession { public: @@ -87,16 +35,20 @@ public: DefaultRecordHandler* parent; std::shared_ptr signer; - RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr signer, std::shared_ptr ctx, BIO* output ) : + RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr signer, std::shared_ptr ctx, std::shared_ptr output ) : tbs( new TBSCertificate() ) { this->parent = parent; this->signer = signer; ssl = SSL_new( ctx.get() ); - BIO* bio = BIO_new( BIO_f_ssl() ); + std::shared_ptr bio( + BIO_new( BIO_f_ssl() ), + [output]( BIO * p ) { + BIO_free( p ); + } ); SSL_set_accept_state( ssl ); - SSL_set_bio( ssl, output, output ); - BIO_set_ssl( bio, ssl, BIO_NOCLOSE ); + SSL_set_bio( ssl, output.get(), output.get() ); + BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE ); io = std::shared_ptr( new OpensslBIOWrapper( bio ) ); } @@ -110,8 +62,11 @@ public: } void work() { + std::cout << "done" << std::endl; std::vector buffer( 2048, 0 ); + std::cout << "reading" << std::endl; int res = io->read( buffer.data(), buffer.capacity() ); + std::cout << "read" << std::endl; if( res <= 0 ) { parent->reset(); @@ -144,7 +99,7 @@ public: break; case RecordHeader::SignerCommand::SET_SIGNATURE_TYPE: - tbs->md = "sha256"; // TODO use content ;-) + tbs->md = data; break; case RecordHeader::SignerCommand::SET_PROFILE: @@ -202,16 +157,13 @@ public: } }; -DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, BIO* bio ) : +DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, std::shared_ptr bio ) : currentSession() { this->signer = signer; ctx = generateSSLContext( true ); - SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM ); - SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM ); - this->bio = bio; } @@ -225,40 +177,15 @@ void DefaultRecordHandler::handle() { currentSession = std::shared_ptr( new RecordHandlerSession( this, signer, ctx, bio ) ); } + std::cout << "really allocated: " << currentSession << ";" << std::endl; currentSession->work(); } -int count = 0; - -void send( std::shared_ptr bio, RecordHeader& head, RecordHeader::SignerCommand cmd, std::string data ) { - head.command = ( uint16_t ) cmd; - head.command_count++; - head.totalLength = data.size(); - sendCommand( head, data, bio ); -} - -void setupSerial( FILE* f ) { - struct termios attr; - - if( tcgetattr( fileno( f ), &attr ) ) { - throw "failed to get attrs"; - } - - attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON ); - attr.c_oflag &= ~OPOST; - attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN ); - attr.c_cflag &= ~( CSIZE | PARENB ); - attr.c_cflag |= CS8; - - if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) { - throw "failed to get attrs"; - } -} - int handlermain( int argc, const char* argv[] ) { ( void ) argc; ( void ) argv; - std::shared_ptr bio( new OpensslBIOWrapper( BIO_new_fd( 0, 0 ) ) ); + + std::shared_ptr bio( new OpensslBIOWrapper( std::shared_ptr( BIO_new_fd( 0, 0 ), BIO_free ) ) ); std::string data = "-----BEGIN CERTIFICATE REQUEST-----\n" "MIIBSzCBtQIBADAMMQowCAYDVQQDDAFhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n" @@ -269,76 +196,48 @@ int handlermain( int argc, const char* argv[] ) { "/f49zIcVtUJuZuEwY6uDZQqfAm+8CLNpOCICH/Qw7YOe+s/Yw7a8rk5VqLtgxR4M\n" "z6DUeVL0zYFoLUxIje9yDU3pWmPvyVaBPdo0DguZwFMfiWwzhkUDeQgyeaiMvQA=\n" "-----END CERTIFICATE REQUEST-----"; + RecordHeader head; head.flags = 0; head.sessid = 13; //--- - SSL_library_init(); + std::shared_ptr ssl_lib = ssl_lib_ref; if( argc >= 2 ) { - FILE* f = fopen( "/dev/ttyUSB0", "r+" ); - - if( !f ) { - std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl; - return -1; - } - - setupSerial( f ); - - BIO* b = BIO_new_fd( fileno( f ), 0 ); - BIO* slip1 = BIO_new( toBio() ); + std::shared_ptr b = openSerial( "/dev/ttyUSB0" ); + std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); - std::cout << "Initing tlsv1_2" << std::endl; - std::shared_ptr ctx = generateSSLContext( false ); - SSL* ssl = SSL_new( ctx.get() ); - BIO* bio = BIO_new( BIO_f_ssl() ); - SSL_set_connect_state( ssl ); - SSL_set_bio( ssl, slip1, slip1 ); - BIO_set_ssl( bio, ssl, BIO_NOCLOSE ); - std::shared_ptr conn( new OpensslBIOWrapper( bio ) ); - send( conn, head, RecordHeader::SignerCommand::SET_CSR, data ); - send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, "sha256" ); - send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, "1" ); - send( conn, head, RecordHeader::SignerCommand::ADD_AVA, "CN,commonName" ); - send( conn, head, RecordHeader::SignerCommand::ADD_SAN, "DNS,*.example.com" ); - send( conn, head, RecordHeader::SignerCommand::SIGN, "" ); - send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" ); - std::vector buffer( 2048 * 4 ); - - for( int i = 0; i < 2; i++ ) { - try { - int length = conn->read( buffer.data(), buffer.size() ); - RecordHeader head; - std::string payload = parseCommand( head, std::string( buffer.data(), length ) ); - std::cout << "Data: " << std::endl << payload << std::endl; - } catch( const char* msg ) { - std::cout << msg << std::endl; - return -1; - } - } - - std::cout << "sent things" << std::endl; - + std::shared_ptr sign( new RemoteSigner( slip1, generateSSLContext( false ) ) ); + + std::shared_ptr cert( new TBSCertificate() ); + cert->csr_type = "csr"; + cert->csr_content = data; + cert->md = "sha256"; + cert->profile = "1"; + std::shared_ptr ava( new AVA() ); + ava->name = "CN"; + ava->value = "Dummy user certificates"; + cert->AVAs.push_back( ava ); + std::shared_ptr san( new SAN() ); + san->type = "DNS"; + san->content = "n42.example.com"; + cert->SANs.push_back( san ); + + auto res = sign->sign( cert ); + std::cout << "log: " << res->log << std::endl; + std::cout << "cert things: " << res->certificate << std::endl; return 0; } - FILE* f = fopen( "/dev/ttyS0", "r+" ); - - if( !f ) { - std::cout << "Opening /dev/ttyS0 bio failed" << std::endl; - return -1; - } - - setupSerial( f ); + std::shared_ptr conn = openSerial( "/dev/ttyS0" ); + std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); - BIO* conn = BIO_new_fd( fileno( f ), 0 ); - BIO* slip1 = BIO_new( toBio() ); ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( conn ) ) ); try { - DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr( new SimpleOpensslSigner() ), slip1 ); + DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr( new SimpleOpensslSigner( profiles[0] ) ), slip1 ); while( true ) { dh->handle();