2 * Copyright (c) 2013 INSIDE Secure Corporation
3 * Copyright (c) PeerSec Networks, 2002-2011
6 * The latest version of this code is available at http://www.matrixssl.org
8 * This software is open source; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in WITHOUT ANY WARRANTY; without even the
14 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15 * See the GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * http://www.gnu.org/copyleft/gpl.html
30 #include <sys/socket.h>
32 #include "matrixssl/matrixsslApi.h"
34 //#warning "DO NOT USE THESE DEFAULT KEYS IN PRODUCTION ENVIRONMENTS."
37 * If supporting client authentication, pick ONE identity to auto select a
38 * certificate and private key that support desired algorithms.
40 #define ID_RSA /* RSA Certificate and Key */
42 #define USE_HEADER_KEYS
44 /* If the algorithm type is supported, load a CA for it */
45 #ifdef USE_HEADER_KEYS
47 # include "sampleCerts/RSA/ALL_RSA_CAS.h"
48 /* Identity Certs and Keys for use with Client Authentication */
50 # define EXAMPLE_RSA_KEYS
51 # include "sampleCerts/RSA/2048_RSA.h"
52 # include "sampleCerts/RSA/2048_RSA_KEY.h"
56 static ssize_t
safe_write(int fd
, const void *buf
, size_t count
)
61 n
= write(fd
, buf
, count
);
62 } while (n
< 0 && errno
== EINTR
);
67 static ssize_t
full_write(int fd
, const void *buf
, size_t len
)
75 cc
= safe_write(fd
, buf
, len
);
79 /* we already wrote some! */
80 /* user can do another write to know the error code */
83 return cc
; /* write() returns -1 on failure. */
87 buf
= ((const char *)buf
) + cc
;
94 static void say(const char *s
, ...)
101 sz
= vsnprintf(buf
, sizeof(buf
), s
, p
);
102 full_write(STDERR_FILENO
, buf
, sz
>= 0 && sz
< sizeof(buf
) ? sz
: strlen(buf
));
106 static void die(const char *s
, ...)
113 sz
= vsnprintf(buf
, sizeof(buf
), s
, p
);
114 full_write(STDERR_FILENO
, buf
, sz
>= 0 && sz
< sizeof(buf
) ? sz
: strlen(buf
));
120 # define dbg(...) say(__VA_ARGS__)
122 # define dbg(...) ((void)0)
125 static struct pollfd pfd
[2] = {
126 { -1, POLLIN
|POLLERR
|POLLHUP
, 0 },
127 { -1, POLLIN
|POLLERR
|POLLHUP
, 0 },
130 #define NETWORK pfd[1]
131 #define STDIN_READY() (pfd[0].revents & (POLLIN|POLLERR|POLLHUP))
132 #define NETWORK_READY() (pfd[1].revents & (POLLIN|POLLERR|POLLHUP))
134 static int wait_for_input(void)
136 if (STDIN
.fd
== NETWORK
.fd
) /* means both are -1 */
139 STDIN
.revents
= NETWORK
.revents
= 0;
140 return poll(pfd
, 2, -1);
143 static int32
certCb(ssl_t
*ssl
, psX509Cert_t
*cert
, int32 alert
)
145 /* Example to allow anonymous connections based on a define */
147 return SSL_ALLOW_ANON_CONNECTION
; // = 254
150 /* Validate the 'not before' and 'not after' dates, etc */
151 return PS_FAILURE
; /* if we don't like this cert */
156 static void close_conn_and_exit(ssl_t
*ssl
, int fd
)
161 fcntl(fd
, F_SETFL
, fcntl(fd
, F_GETFL
) | O_NONBLOCK
);
162 /* Quick attempt to send a closure alert, don't worry about failure */
163 if (matrixSslEncodeClosureAlert(ssl
) >= 0) {
164 len
= matrixSslGetOutdata(ssl
, &buf
);
166 len
= safe_write(fd
, buf
, len
);
168 // matrixSslSentData(ssl, len);
172 //matrixSslDeleteSession(ssl);
173 shutdown(fd
, SHUT_WR
);
177 static int encode_data(ssl_t
*ssl
, const void *data
, int len
)
182 available
= matrixSslGetWritebuf(ssl
, &buf
, len
);
184 die("matrixSslGetWritebuf\n");
186 die("len > available\n");
187 memcpy(buf
, data
, len
);
188 if (matrixSslEncodeWritebuf(ssl
, len
) < 0)
189 die("matrixSslEncodeWritebuf\n");
193 static void flush_to_net(ssl_t
*ssl
, int fd
)
199 while ((len
= matrixSslGetOutdata(ssl
, &buf
)) > 0) {
200 dbg("writing net %d bytes\n", len
);
201 if (full_write(fd
, buf
, len
) != len
)
202 die("write to network\n");
203 rc
= matrixSslSentData(ssl
, len
);
205 die("matrixSslSentData\n");
209 static void do_io_until_eof_and_exit(int fd
, sslKeys_t
*keys
)
219 /* Note! STDIN.fd is disabled (-1) until SSL handshake is over:
220 * we do not attempt to feed any user data to MatrixSSL
221 * before it is ready.
224 matrixSslNewSessionId(&sid
);
225 rc
= matrixSslNewClientSession(&ssl
, keys
, sid
, 0, certCb
, NULL
, NULL
, 0);
226 dbg("matrixSslNewClientSession:rc=%d\n", rc
);
227 if (rc
!= MATRIXSSL_REQUEST_SEND
)
228 die("matrixSslNewClientSession\n");
230 len
= 0; /* only to suppress compiler warning */
233 case MATRIXSSL_REQUEST_SEND
:
234 dbg("MATRIXSSL_REQUEST_SEND\n");
235 flush_to_net(ssl
, fd
);
240 flush_to_net(ssl
, fd
);
243 case MATRIXSSL_REQUEST_CLOSE
:
244 /* what does this mean if we are here? */
245 dbg("MATRIXSSL_REQUEST_CLOSE\n");
246 close_conn_and_exit(ssl
, fd
);
248 case MATRIXSSL_HANDSHAKE_COMPLETE
:
249 dbg("MATRIXSSL_HANDSHAKE_COMPLETE\n");
250 /* Init complete, can start reading local user's data: */
251 STDIN
.fd
= STDIN_FILENO
;
256 dbg("reading stdin\n");
257 len
= read(STDIN_FILENO
, ibuf
, sizeof(ibuf
));
259 die("read error on stdin\n");
263 len
= encode_data(ssl
, ibuf
, len
);
265 rc
= MATRIXSSL_REQUEST_SEND
;
272 if (NETWORK_READY()) {
274 (pfd
[1].revents
& POLLIN
) ? "POLLIN" : "",
275 (pfd
[1].revents
& POLLERR
) ? "|POLLERR" : "",
276 (pfd
[1].revents
& POLLHUP
) ? "|POLLHUP" : ""
278 len
= matrixSslGetReadbuf(ssl
, &buf
);
280 die("matrixSslGetReadbuf\n");
281 dbg("reading net up to %d\n", len
);
282 len
= read(fd
, buf
, len
);
283 dbg("reading net:%d\n", len
);
285 die("read error on network\n");
286 if (len
== 0) /*eof*/
289 rc
= matrixSslReceivedData(ssl
, len
, &buf
, &len32u
);
290 dbg("matrixSslReceivedData:rc=%d\n", rc
);
293 die("matrixSslReceivedData\n");
297 case MATRIXSSL_APP_DATA
:
298 dbg("MATRIXSSL_APP_DATA: writing stdout\n");
300 if (full_write(STDOUT_FILENO
, buf
, len
) != len
)
301 die("write to stdout\n");
303 rc
= matrixSslProcessedData(ssl
, &buf
, &len32u
);
304 //this was seen returning rc=0:
305 dbg("matrixSslProcessedData:rc=%d\n", rc
);
307 } while (rc
== MATRIXSSL_APP_DATA
);
308 if (pfd
[1].fd
== -1) {
309 /* Already saw EOF on network, and we processed
310 * and wrote out all ssl data. Signal it:
312 close(STDOUT_FILENO
);
316 case MATRIXSSL_REQUEST_RECV
:
317 dbg("MATRIXSSL_REQUEST_RECV\n");
321 case MATRIXSSL_RECEIVED_ALERT
:
322 dbg("MATRIXSSL_RECEIVED_ALERT\n");
323 /* The first byte of the buffer is the level */
324 /* The second byte is the description */
325 if (buf
[0] == SSL_ALERT_LEVEL_FATAL
)
326 die("Fatal alert\n");
327 /* Closure alert is normal (and best) way to close */
328 if (buf
[1] == SSL_ALERT_CLOSE_NOTIFY
)
329 close_conn_and_exit(ssl
, fd
);
330 die("Warning alert\n");
332 rc
= matrixSslProcessedData(ssl
, &buf
, &len32u
);
333 dbg("matrixSslProcessedData:rc=%d\n", rc
);
338 /* If rc < 0 it is an error */
339 die("bad rc:%d\n", rc
);
343 static sslKeys_t
* make_keys(void)
349 if (matrixSslNewKeys(&keys
) < 0)
350 die("matrixSslNewKeys\n");
352 #ifdef USE_HEADER_KEYS
354 * In-memory based keys
355 * Build the CA list first for potential client auth usage
358 CAstreamLen
= sizeof(RSACAS
);
359 if (CAstreamLen
> 0) {
360 CAstream
= psMalloc(NULL
, CAstreamLen
);
361 memcpy(CAstream
, RSACAS
, sizeof(RSACAS
));
365 rc
= matrixSslLoadRsaKeysMem(keys
, RSA2048
, sizeof(RSA2048
),
366 RSA2048KEY
, sizeof(RSA2048KEY
), (unsigned char*)CAstream
,
369 die("matrixSslLoadRsaKeysMem\n");
374 #endif /* USE_HEADER_KEYS */
378 int main(int argc
, char **argv
)
384 die("Syntax error\n");
385 if (argv
[1][0] != '-')
386 die("Syntax error\n");
387 if (argv
[1][1] != 'd')
388 die("Syntax error\n");
389 fd_str
= argv
[1] + 2;
392 if (!fd_str
|| fd_str
[0] < '0' || fd_str
[0] > '9')
393 die("Syntax error\n");
397 die("Syntax error\n");
399 if (matrixSslOpen() < 0)
400 die("matrixSslOpen\n");
402 do_io_until_eof_and_exit(fd
, make_keys());
403 /* does not return */