blob: 0f0cfc35e0821342d87d616ae6725d049701ec69 [file] [log] [blame]
Paul Bakker896ac222011-05-20 12:33:05 +00001/*
Paul Bakkercb79ae0b2011-05-20 12:44:16 +00002 * SSL server demonstration program using fork() for handling multiple clients
Paul Bakker896ac222011-05-20 12:33:05 +00003 *
Paul Bakkercce9d772011-11-18 14:26:47 +00004 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakker896ac222011-05-20 12:33:05 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
Paul Bakkercce9d772011-11-18 14:26:47 +000030#if defined(_WIN32)
Paul Bakker896ac222011-05-20 12:33:05 +000031#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37#include <unistd.h>
38#include <signal.h>
39
Paul Bakker5690efc2011-05-26 13:16:06 +000040#include "polarssl/config.h"
41
Paul Bakker896ac222011-05-20 12:33:05 +000042#include "polarssl/havege.h"
43#include "polarssl/certs.h"
44#include "polarssl/x509.h"
45#include "polarssl/ssl.h"
46#include "polarssl/net.h"
47#include "polarssl/timing.h"
48
49#define HTTP_RESPONSE \
50 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
51 "<h2>PolarSSL Test Server</h2>\r\n" \
52 "<p>Successful connection using: %s</p>\r\n"
53
Paul Bakkerb892b132011-10-12 09:19:43 +000054#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
55 !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \
56 !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
57 !defined(POLARSSL_RSA_C)
Paul Bakkercce9d772011-11-18 14:26:47 +000058int main( int argc, char *argv[] )
Paul Bakkerb892b132011-10-12 09:19:43 +000059{
Paul Bakkercce9d772011-11-18 14:26:47 +000060 ((void) argc);
61 ((void) argv);
62
Paul Bakkerb892b132011-10-12 09:19:43 +000063 printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C "
64 "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
65 "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
66 return( 0 );
67}
Paul Bakkercce9d772011-11-18 14:26:47 +000068#elif defined(_WIN32)
69int main( int argc, char *argv[] )
Paul Bakkerb892b132011-10-12 09:19:43 +000070{
Paul Bakkercce9d772011-11-18 14:26:47 +000071 ((void) argc);
72 ((void) argv);
73
74 printf("_WIN32 defined. This application requires fork() and signals "
Paul Bakkerb892b132011-10-12 09:19:43 +000075 "to work correctly.\n");
76 return( 0 );
77}
78#else
Paul Bakker896ac222011-05-20 12:33:05 +000079/*
80 * Computing a "safe" DH-1024 prime can take a very
81 * long time, so a precomputed value is provided below.
82 * You may run dh_genprime to generate a new value.
83 */
84char *my_dhm_P =
85 "E4004C1F94182000103D883A448B3F80" \
86 "2CE4B44A83301270002C20D0321CFD00" \
87 "11CCEF784C26A400F43DFB901BCA7538" \
88 "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
89 "F6AC8E1DA6BCC3B4E1F96B0564965300" \
90 "FFA1D0B601EB2800F489AA512C4B248C" \
91 "01F76949A60BB7F00A40B1EAB64BDD48" \
92 "E8A700D60B7F1200FA8E77B0A979DABF";
93
94char *my_dhm_G = "4";
95
96/*
97 * Sorted by order of preference
98 */
99int my_ciphersuites[] =
100{
101 SSL_EDH_RSA_AES_256_SHA,
102 SSL_EDH_RSA_CAMELLIA_256_SHA,
103 SSL_EDH_RSA_AES_128_SHA,
104 SSL_EDH_RSA_CAMELLIA_128_SHA,
105 SSL_EDH_RSA_DES_168_SHA,
106 SSL_RSA_AES_256_SHA,
107 SSL_RSA_CAMELLIA_256_SHA,
108 SSL_RSA_AES_128_SHA,
109 SSL_RSA_CAMELLIA_128_SHA,
110 SSL_RSA_DES_168_SHA,
111 SSL_RSA_RC4_128_SHA,
112 SSL_RSA_RC4_128_MD5,
113 0
114};
115
116#define DEBUG_LEVEL 0
117
118void my_debug( void *ctx, int level, const char *str )
119{
120 if( level < DEBUG_LEVEL )
121 {
122 fprintf( (FILE *) ctx, "%s", str );
123 fflush( (FILE *) ctx );
124 }
125}
126
127/*
128 * These session callbacks use a simple chained list
129 * to store and retrieve the session information.
130 */
131ssl_session *s_list_1st = NULL;
132ssl_session *cur, *prv;
133
134static int my_get_session( ssl_context *ssl )
135{
136 time_t t = time( NULL );
137
138 if( ssl->resume == 0 )
139 return( 1 );
140
141 cur = s_list_1st;
142 prv = NULL;
143
144 while( cur != NULL )
145 {
146 prv = cur;
147 cur = cur->next;
148
149 if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
150 continue;
151
152 if( ssl->session->ciphersuite != prv->ciphersuite ||
153 ssl->session->length != prv->length )
154 continue;
155
156 if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
157 continue;
158
159 memcpy( ssl->session->master, prv->master, 48 );
160 return( 0 );
161 }
162
163 return( 1 );
164}
165
166static int my_set_session( ssl_context *ssl )
167{
168 time_t t = time( NULL );
169
170 cur = s_list_1st;
171 prv = NULL;
172
173 while( cur != NULL )
174 {
175 if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
176 break; /* expired, reuse this slot */
177
178 if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
179 break; /* client reconnected */
180
181 prv = cur;
182 cur = cur->next;
183 }
184
185 if( cur == NULL )
186 {
187 cur = (ssl_session *) malloc( sizeof( ssl_session ) );
188 if( cur == NULL )
189 return( 1 );
190
191 if( prv == NULL )
192 s_list_1st = cur;
193 else prv->next = cur;
194 }
195
196 memcpy( cur, ssl->session, sizeof( ssl_session ) );
197
198 return( 0 );
199}
200
Paul Bakkercce9d772011-11-18 14:26:47 +0000201int main( int argc, char *argv[] )
Paul Bakker896ac222011-05-20 12:33:05 +0000202{
203 int ret, len, cnt = 0, pid;
204 int listen_fd;
205 int client_fd;
206 unsigned char buf[1024];
207
208 havege_state hs;
209 ssl_context ssl;
210 ssl_session ssn;
211 x509_cert srvcert;
212 rsa_context rsa;
213
Paul Bakkercce9d772011-11-18 14:26:47 +0000214 ((void) argc);
215 ((void) argv);
216
Paul Bakker896ac222011-05-20 12:33:05 +0000217 signal( SIGCHLD, SIG_IGN );
218
219 /*
220 * 1. Load the certificates and private RSA key
221 */
222 printf( "\n . Loading the server cert. and key..." );
223 fflush( stdout );
224
225 memset( &srvcert, 0, sizeof( x509_cert ) );
226
227 /*
228 * This demonstration program uses embedded test certificates.
229 * Instead, you may want to use x509parse_crtfile() to read the
230 * server and CA certificates, as well as x509parse_keyfile().
231 */
232 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000233 strlen( test_srv_crt ), X509_NON_PERMISSIVE );
Paul Bakker896ac222011-05-20 12:33:05 +0000234 if( ret != 0 )
235 {
236 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
237 goto exit;
238 }
239
240 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000241 strlen( test_ca_crt ), X509_NON_PERMISSIVE );
Paul Bakker896ac222011-05-20 12:33:05 +0000242 if( ret != 0 )
243 {
244 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
245 goto exit;
246 }
247
248 rsa_init( &rsa, RSA_PKCS_V15, 0 );
249 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
250 strlen( test_srv_key ), NULL, 0 );
251 if( ret != 0 )
252 {
253 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
254 goto exit;
255 }
256
257 printf( " ok\n" );
258
259 /*
260 * 2. Setup the listening TCP socket
261 */
262 printf( " . Bind on https://localhost:4433/ ..." );
263 fflush( stdout );
264
265 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
266 {
267 printf( " failed\n ! net_bind returned %d\n\n", ret );
268 goto exit;
269 }
270
271 printf( " ok\n" );
272
273 while( 1 )
274 {
275 /*
276 * 3. Wait until a client connects
277 */
278 client_fd = -1;
279 memset( &ssl, 0, sizeof( ssl ) );
280
281 printf( " . Waiting for a remote connection ..." );
282 fflush( stdout );
283
284 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
285 {
286 printf( " failed\n ! net_accept returned %d\n\n", ret );
287 goto exit;
288 }
289
290 printf( " ok\n" );
291
292 /*
293 * 3.5. Forking server thread
294 */
295
296 pid = fork();
297
298 printf( " . Forking to handle connection ..." );
299 fflush( stdout );
300
301 if( pid < 0 )
302 {
303 printf(" failed\n ! fork returned %d\n\n", pid );
304 goto exit;
305 }
306
307 printf( " ok\n" );
308
309 if( pid != 0 )
310 {
311 close( client_fd );
312 continue;
313 }
314
315 close( listen_fd );
316
317 /*
318 * 4. Setup stuff
319 */
320 printf( " . Setting up the RNG and SSL data...." );
321 fflush( stdout );
322
323 havege_init( &hs );
324
325 if( ( ret = ssl_init( &ssl ) ) != 0 )
326 {
327 printf( " failed\n ! ssl_init returned %d\n\n", ret );
328 goto exit;
329 }
330
331 printf( " ok\n" );
332
333 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
334 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
335
Paul Bakkera3d195c2011-11-27 21:07:34 +0000336 ssl_set_rng( &ssl, havege_random, &hs );
Paul Bakker896ac222011-05-20 12:33:05 +0000337 ssl_set_dbg( &ssl, my_debug, stdout );
338 ssl_set_bio( &ssl, net_recv, &client_fd,
339 net_send, &client_fd );
340 ssl_set_scb( &ssl, my_get_session,
341 my_set_session );
342
343 ssl_set_ciphersuites( &ssl, my_ciphersuites );
344 ssl_set_session( &ssl, 1, 0, &ssn );
345
346 memset( &ssn, 0, sizeof( ssl_session ) );
347
348 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
349 ssl_set_own_cert( &ssl, &srvcert, &rsa );
350 ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
351
352 /*
353 * 5. Handshake
354 */
355 printf( " . Performing the SSL/TLS handshake..." );
356 fflush( stdout );
357
358 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
359 {
360 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
361 {
362 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
363 goto exit;
364 }
365 }
366
367 printf( " ok\n" );
368
369 /*
370 * 6. Read the HTTP Request
371 */
372 printf( " < Read from client:" );
373 fflush( stdout );
374
375 do
376 {
377 len = sizeof( buf ) - 1;
378 memset( buf, 0, sizeof( buf ) );
379 ret = ssl_read( &ssl, buf, len );
380
381 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
382 continue;
383
384 if( ret <= 0 )
385 {
386 switch( ret )
387 {
388 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
389 printf( " connection was closed gracefully\n" );
390 break;
391
392 case POLARSSL_ERR_NET_CONN_RESET:
393 printf( " connection was reset by peer\n" );
394 break;
395
396 default:
397 printf( " ssl_read returned %d\n", ret );
398 break;
399 }
400
401 break;
402 }
403
404 len = ret;
405 printf( " %d bytes read\n\n%s", len, (char *) buf );
406 }
407 while( 0 );
408
409 /*
410 * 7. Write the 200 Response
411 */
412 printf( " > Write to client:" );
413 fflush( stdout );
414
415 len = sprintf( (char *) buf, HTTP_RESPONSE,
416 ssl_get_ciphersuite( &ssl ) );
417
418 while( cnt < 100 )
419 {
420 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
421 {
422 if( ret == POLARSSL_ERR_NET_CONN_RESET )
423 {
424 printf( " failed\n ! peer closed the connection\n\n" );
425 goto exit;
426 }
427
428 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
429 {
430 printf( " failed\n ! ssl_write returned %d\n\n", ret );
431 goto exit;
432 }
433 }
434 len = ret;
435 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
436
437 m_sleep( 1000 );
438 }
439
440 ssl_close_notify( &ssl );
441 goto exit;
442 }
443
444exit:
445
446 net_close( client_fd );
447 x509_free( &srvcert );
448 rsa_free( &rsa );
449 ssl_free( &ssl );
450
451 cur = s_list_1st;
452 while( cur != NULL )
453 {
454 prv = cur;
455 cur = cur->next;
456 memset( prv, 0, sizeof( ssl_session ) );
457 free( prv );
458 }
459
460 memset( &ssl, 0, sizeof( ssl_context ) );
461
Paul Bakkercce9d772011-11-18 14:26:47 +0000462#if defined(_WIN32)
Paul Bakker896ac222011-05-20 12:33:05 +0000463 printf( " Press Enter to exit this program.\n" );
464 fflush( stdout ); getchar();
465#endif
466
467 return( ret );
468}
Paul Bakker5690efc2011-05-26 13:16:06 +0000469#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C &&
470 POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
471 POLARSSL_RSA_C */