diff options
Diffstat (limited to 'src/cli')
-rw-r--r-- | src/cli/credentials.h | 2 | ||||
-rw-r--r-- | src/cli/tls_client.cpp | 38 | ||||
-rw-r--r-- | src/cli/tls_proxy.cpp | 18 | ||||
-rw-r--r-- | src/cli/tls_server.cpp | 23 | ||||
-rw-r--r-- | src/cli/utils.cpp | 2 |
5 files changed, 47 insertions, 36 deletions
diff --git a/src/cli/credentials.h b/src/cli/credentials.h index 11bfd3de1..95bbd5aa4 100644 --- a/src/cli/credentials.h +++ b/src/cli/credentials.h @@ -62,7 +62,7 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager try { // TODO: make path configurable - const std::vector<std::string> paths = { "/usr/share/ca-certificates" }; + const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" }; for(auto&& path : paths) { diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 6af2f56f8..caf7d4a1f 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -1,5 +1,6 @@ /* * (C) 2014,2015 Jack Lloyd +* 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -35,7 +36,7 @@ namespace Botan_CLI { -class TLS_Client final : public Command +class TLS_Client final : public Command, public Botan::TLS::Callbacks { public: TLS_Client() : Command("tls_client host --port=443 --print-certs --policy= " @@ -98,15 +99,10 @@ class TLS_Client final : public Command const std::vector<std::string> protocols_to_offer = Botan::split_on("next-protocols", ','); - int sockfd = connect_to_host(host, port, use_tcp); + m_sockfd = connect_to_host(host, port, use_tcp); using namespace std::placeholders; - auto socket_write = - use_tcp ? - std::bind(stream_socket_write, sockfd, _1, _2) : - std::bind(dgram_socket_write, sockfd, _1, _2); - auto version = policy->latest_supported_version(!use_tcp); if(flag_set("tls1.0")) @@ -118,10 +114,7 @@ class TLS_Client final : public Command version = Botan::TLS::Protocol_Version::TLS_V11; } - Botan::TLS::Client client(socket_write, - std::bind(&TLS_Client::process_data, this, _1, _2), - std::bind(&TLS_Client::alert_received, this, _1, _2, _3), - std::bind(&TLS_Client::handshake_complete, this, _1), + Botan::TLS::Client client(*this, *session_mgr, creds, *policy, @@ -136,7 +129,7 @@ class TLS_Client final : public Command { fd_set readfds; FD_ZERO(&readfds); - FD_SET(sockfd, &readfds); + FD_SET(m_sockfd, &readfds); if(client.is_active()) { @@ -152,13 +145,13 @@ class TLS_Client final : public Command struct timeval timeout = { 1, 0 }; - ::select(sockfd + 1, &readfds, nullptr, nullptr, &timeout); + ::select(m_sockfd + 1, &readfds, nullptr, nullptr, &timeout); - if(FD_ISSET(sockfd, &readfds)) + if(FD_ISSET(m_sockfd, &readfds)) { uint8_t buf[4*1024] = { 0 }; - ssize_t got = ::read(sockfd, buf, sizeof(buf)); + ssize_t got = ::read(m_sockfd, buf, sizeof(buf)); if(got == 0) { @@ -216,7 +209,7 @@ class TLS_Client final : public Command } } - ::close(sockfd); + ::close(m_sockfd); } private: @@ -256,7 +249,7 @@ class TLS_Client final : public Command return fd; } - bool handshake_complete(const Botan::TLS::Session& session) + bool tls_session_established(const Botan::TLS::Session& session) override { output() << "Handshake complete, " << session.version().to_string() << " using " << session.ciphersuite().to_string() << "\n"; @@ -290,13 +283,13 @@ class TLS_Client final : public Command throw CLI_Error("Socket write failed errno=" + std::to_string(errno)); } - static void stream_socket_write(int sockfd, const uint8_t buf[], size_t length) + void tls_emit_data(const uint8_t buf[], size_t length) override { size_t offset = 0; while(length) { - ssize_t sent = ::send(sockfd, (const char*)buf + offset, + ssize_t sent = ::send(m_sockfd, (const char*)buf + offset, length, MSG_NOSIGNAL); if(sent == -1) @@ -312,16 +305,19 @@ class TLS_Client final : public Command } } - void alert_received(Botan::TLS::Alert alert, const uint8_t [], size_t ) + void tls_alert(Botan::TLS::Alert alert) override { output() << "Alert: " << alert.type_string() << "\n"; } - void process_data(const uint8_t buf[], size_t buf_size) + void tls_record_received(uint64_t /*seq_no*/, const uint8_t buf[], size_t buf_size) override { for(size_t i = 0; i != buf_size; ++i) output() << buf[i]; } + + private: + int m_sockfd; }; BOTAN_REGISTER_COMMAND("tls_client", TLS_Client); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 2929e473d..5140654de 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -1,6 +1,7 @@ /* * TLS Server Proxy * (C) 2014,2015 Jack Lloyd +* (C) 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -59,7 +60,7 @@ void log_text_message(const char* where, const uint8_t buf[], size_t buf_len) //std::cout << where << ' ' << std::string(c, c + buf_len) << std::endl; } -class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session> +class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>, public Botan::TLS::Callbacks { public: enum { readbuf_size = 4 * 1024 }; @@ -111,10 +112,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio m_server_endpoints(endpoints), m_client_socket(io), m_server_socket(io), - m_tls(boost::bind(&tls_proxy_session::tls_proxy_write_to_client, this, _1, _2), - boost::bind(&tls_proxy_session::tls_client_write_to_proxy, this, _1, _2), - boost::bind(&tls_proxy_session::tls_alert_cb, this, _1, _2, _3), - boost::bind(&tls_proxy_session::tls_handshake_complete, this, _1), + m_tls(*this, session_manager, credentials, policy, @@ -167,7 +165,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio { m_client_socket.close(); } - tls_proxy_write_to_client(nullptr, 0); // initiate another write if needed + tls_emit_data(nullptr, 0); // initiate another write if needed } void handle_server_write_completion(const boost::system::error_code& error) @@ -183,13 +181,13 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio proxy_write_to_server(nullptr, 0); // initiate another write if needed } - void tls_client_write_to_proxy(const uint8_t buf[], size_t buf_len) + void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override { // Immediately bounce message to server proxy_write_to_server(buf, buf_len); } - void tls_proxy_write_to_client(const uint8_t buf[], size_t buf_len) + void tls_emit_data(const uint8_t buf[], size_t buf_len) override { if(buf_len > 0) m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len); @@ -268,7 +266,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio boost::asio::placeholders::bytes_transferred))); } - bool tls_handshake_complete(const Botan::TLS::Session& session) + bool tls_session_established(const Botan::TLS::Session& session) override { //std::cout << "Handshake from client complete" << std::endl; @@ -292,7 +290,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio return true; } - void tls_alert_cb(Botan::TLS::Alert alert, const uint8_t[], size_t) + void tls_alert(Botan::TLS::Alert alert) override { if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY) { diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 2496f5508..7fc38cf31 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -33,7 +33,7 @@ namespace Botan_CLI { class TLS_Server final : public Command { public: - TLS_Server() : Command("tls_server cert key --port=443 --type=tcp") {} + TLS_Server() : Command("tls_server cert key --port=443 --type=tcp --policy=") {} void go() override { @@ -47,7 +47,24 @@ class TLS_Server final : public Command const bool is_tcp = (transport == "tcp"); - Botan::TLS::Policy policy; // TODO read policy from file + std::unique_ptr<Botan::TLS::Policy> policy; + const std::string policy_file = get_arg("policy"); + std::filebuf fb; + if(policy_file.size() > 0) + { + std::ifstream policy_stream(policy_file); + if(!policy_stream.good()) + { + error_output() << "Failed reading policy file\n"; + return; + } + policy.reset(new Botan::TLS::Text_Policy(policy_stream)); + } + + if(!policy) + { + policy.reset(new Botan::TLS::Policy); + } Botan::TLS::Session_Manager_In_Memory session_manager(rng()); // TODO sqlite3 @@ -112,7 +129,7 @@ class TLS_Server final : public Command std::bind(&TLS_Server::handshake_complete, this, _1), session_manager, creds, - policy, + *policy, rng(), protocol_chooser, !is_tcp); diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 610a14dc1..5ec8f295e 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -266,7 +266,7 @@ class Generate_Bcrypt final : public Command void go() override { const std::string password = get_arg("password"); - const size_t wf = get_arg_sz("work_factor"); + const size_t wf = get_arg_sz("work-factor"); output() << Botan::generate_bcrypt(password, rng(), wf) << "\n"; } |