aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli
diff options
context:
space:
mode:
Diffstat (limited to 'src/cli')
-rw-r--r--src/cli/credentials.h2
-rw-r--r--src/cli/tls_client.cpp38
-rw-r--r--src/cli/tls_proxy.cpp18
-rw-r--r--src/cli/tls_server.cpp23
-rw-r--r--src/cli/utils.cpp2
5 files changed, 47 insertions, 36 deletions
diff --git a/src/cli/credentials.h b/src/cli/credentials.h
index 11bfd3de1..95bbd5aa4 100644
--- a/src/cli/credentials.h
+++ b/src/cli/credentials.h
@@ -62,7 +62,7 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager
try
{
// TODO: make path configurable
- const std::vector<std::string> paths = { "/usr/share/ca-certificates" };
+ const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" };
for(auto&& path : paths)
{
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 6af2f56f8..caf7d4a1f 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -1,5 +1,6 @@
/*
* (C) 2014,2015 Jack Lloyd
+* 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -35,7 +36,7 @@
namespace Botan_CLI {
-class TLS_Client final : public Command
+class TLS_Client final : public Command, public Botan::TLS::Callbacks
{
public:
TLS_Client() : Command("tls_client host --port=443 --print-certs --policy= "
@@ -98,15 +99,10 @@ class TLS_Client final : public Command
const std::vector<std::string> protocols_to_offer = Botan::split_on("next-protocols", ',');
- int sockfd = connect_to_host(host, port, use_tcp);
+ m_sockfd = connect_to_host(host, port, use_tcp);
using namespace std::placeholders;
- auto socket_write =
- use_tcp ?
- std::bind(stream_socket_write, sockfd, _1, _2) :
- std::bind(dgram_socket_write, sockfd, _1, _2);
-
auto version = policy->latest_supported_version(!use_tcp);
if(flag_set("tls1.0"))
@@ -118,10 +114,7 @@ class TLS_Client final : public Command
version = Botan::TLS::Protocol_Version::TLS_V11;
}
- Botan::TLS::Client client(socket_write,
- std::bind(&TLS_Client::process_data, this, _1, _2),
- std::bind(&TLS_Client::alert_received, this, _1, _2, _3),
- std::bind(&TLS_Client::handshake_complete, this, _1),
+ Botan::TLS::Client client(*this,
*session_mgr,
creds,
*policy,
@@ -136,7 +129,7 @@ class TLS_Client final : public Command
{
fd_set readfds;
FD_ZERO(&readfds);
- FD_SET(sockfd, &readfds);
+ FD_SET(m_sockfd, &readfds);
if(client.is_active())
{
@@ -152,13 +145,13 @@ class TLS_Client final : public Command
struct timeval timeout = { 1, 0 };
- ::select(sockfd + 1, &readfds, nullptr, nullptr, &timeout);
+ ::select(m_sockfd + 1, &readfds, nullptr, nullptr, &timeout);
- if(FD_ISSET(sockfd, &readfds))
+ if(FD_ISSET(m_sockfd, &readfds))
{
uint8_t buf[4*1024] = { 0 };
- ssize_t got = ::read(sockfd, buf, sizeof(buf));
+ ssize_t got = ::read(m_sockfd, buf, sizeof(buf));
if(got == 0)
{
@@ -216,7 +209,7 @@ class TLS_Client final : public Command
}
}
- ::close(sockfd);
+ ::close(m_sockfd);
}
private:
@@ -256,7 +249,7 @@ class TLS_Client final : public Command
return fd;
}
- bool handshake_complete(const Botan::TLS::Session& session)
+ bool tls_session_established(const Botan::TLS::Session& session) override
{
output() << "Handshake complete, " << session.version().to_string()
<< " using " << session.ciphersuite().to_string() << "\n";
@@ -290,13 +283,13 @@ class TLS_Client final : public Command
throw CLI_Error("Socket write failed errno=" + std::to_string(errno));
}
- static void stream_socket_write(int sockfd, const uint8_t buf[], size_t length)
+ void tls_emit_data(const uint8_t buf[], size_t length) override
{
size_t offset = 0;
while(length)
{
- ssize_t sent = ::send(sockfd, (const char*)buf + offset,
+ ssize_t sent = ::send(m_sockfd, (const char*)buf + offset,
length, MSG_NOSIGNAL);
if(sent == -1)
@@ -312,16 +305,19 @@ class TLS_Client final : public Command
}
}
- void alert_received(Botan::TLS::Alert alert, const uint8_t [], size_t )
+ void tls_alert(Botan::TLS::Alert alert) override
{
output() << "Alert: " << alert.type_string() << "\n";
}
- void process_data(const uint8_t buf[], size_t buf_size)
+ void tls_record_received(uint64_t /*seq_no*/, const uint8_t buf[], size_t buf_size) override
{
for(size_t i = 0; i != buf_size; ++i)
output() << buf[i];
}
+
+ private:
+ int m_sockfd;
};
BOTAN_REGISTER_COMMAND("tls_client", TLS_Client);
diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp
index 2929e473d..5140654de 100644
--- a/src/cli/tls_proxy.cpp
+++ b/src/cli/tls_proxy.cpp
@@ -1,6 +1,7 @@
/*
* TLS Server Proxy
* (C) 2014,2015 Jack Lloyd
+* (C) 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -59,7 +60,7 @@ void log_text_message(const char* where, const uint8_t buf[], size_t buf_len)
//std::cout << where << ' ' << std::string(c, c + buf_len) << std::endl;
}
-class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>
+class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>, public Botan::TLS::Callbacks
{
public:
enum { readbuf_size = 4 * 1024 };
@@ -111,10 +112,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
m_server_endpoints(endpoints),
m_client_socket(io),
m_server_socket(io),
- m_tls(boost::bind(&tls_proxy_session::tls_proxy_write_to_client, this, _1, _2),
- boost::bind(&tls_proxy_session::tls_client_write_to_proxy, this, _1, _2),
- boost::bind(&tls_proxy_session::tls_alert_cb, this, _1, _2, _3),
- boost::bind(&tls_proxy_session::tls_handshake_complete, this, _1),
+ m_tls(*this,
session_manager,
credentials,
policy,
@@ -167,7 +165,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
{
m_client_socket.close();
}
- tls_proxy_write_to_client(nullptr, 0); // initiate another write if needed
+ tls_emit_data(nullptr, 0); // initiate another write if needed
}
void handle_server_write_completion(const boost::system::error_code& error)
@@ -183,13 +181,13 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
proxy_write_to_server(nullptr, 0); // initiate another write if needed
}
- void tls_client_write_to_proxy(const uint8_t buf[], size_t buf_len)
+ void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override
{
// Immediately bounce message to server
proxy_write_to_server(buf, buf_len);
}
- void tls_proxy_write_to_client(const uint8_t buf[], size_t buf_len)
+ void tls_emit_data(const uint8_t buf[], size_t buf_len) override
{
if(buf_len > 0)
m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len);
@@ -268,7 +266,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
boost::asio::placeholders::bytes_transferred)));
}
- bool tls_handshake_complete(const Botan::TLS::Session& session)
+ bool tls_session_established(const Botan::TLS::Session& session) override
{
//std::cout << "Handshake from client complete" << std::endl;
@@ -292,7 +290,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
return true;
}
- void tls_alert_cb(Botan::TLS::Alert alert, const uint8_t[], size_t)
+ void tls_alert(Botan::TLS::Alert alert) override
{
if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY)
{
diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp
index 2496f5508..7fc38cf31 100644
--- a/src/cli/tls_server.cpp
+++ b/src/cli/tls_server.cpp
@@ -33,7 +33,7 @@ namespace Botan_CLI {
class TLS_Server final : public Command
{
public:
- TLS_Server() : Command("tls_server cert key --port=443 --type=tcp") {}
+ TLS_Server() : Command("tls_server cert key --port=443 --type=tcp --policy=") {}
void go() override
{
@@ -47,7 +47,24 @@ class TLS_Server final : public Command
const bool is_tcp = (transport == "tcp");
- Botan::TLS::Policy policy; // TODO read policy from file
+ std::unique_ptr<Botan::TLS::Policy> policy;
+ const std::string policy_file = get_arg("policy");
+ std::filebuf fb;
+ if(policy_file.size() > 0)
+ {
+ std::ifstream policy_stream(policy_file);
+ if(!policy_stream.good())
+ {
+ error_output() << "Failed reading policy file\n";
+ return;
+ }
+ policy.reset(new Botan::TLS::Text_Policy(policy_stream));
+ }
+
+ if(!policy)
+ {
+ policy.reset(new Botan::TLS::Policy);
+ }
Botan::TLS::Session_Manager_In_Memory session_manager(rng()); // TODO sqlite3
@@ -112,7 +129,7 @@ class TLS_Server final : public Command
std::bind(&TLS_Server::handshake_complete, this, _1),
session_manager,
creds,
- policy,
+ *policy,
rng(),
protocol_chooser,
!is_tcp);
diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp
index 610a14dc1..5ec8f295e 100644
--- a/src/cli/utils.cpp
+++ b/src/cli/utils.cpp
@@ -266,7 +266,7 @@ class Generate_Bcrypt final : public Command
void go() override
{
const std::string password = get_arg("password");
- const size_t wf = get_arg_sz("work_factor");
+ const size_t wf = get_arg_sz("work-factor");
output() << Botan::generate_bcrypt(password, rng(), wf) << "\n";
}