blob: b1adc16db176fef7cf5d04550877f90220cab9b9 [file] [log] [blame]
Paul Bakker896ac222011-05-20 12:33:05 +00001/*
Paul Bakkercb79ae0b2011-05-20 12:44:16 +00002 * SSL server demonstration program using fork() for handling multiple clients
Paul Bakker896ac222011-05-20 12:33:05 +00003 *
4 * Copyright (C) 2006-2010, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#ifdef WIN32
31#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37#include <unistd.h>
38#include <signal.h>
39
40#include "polarssl/havege.h"
41#include "polarssl/certs.h"
42#include "polarssl/x509.h"
43#include "polarssl/ssl.h"
44#include "polarssl/net.h"
45#include "polarssl/timing.h"
46
47#define HTTP_RESPONSE \
48 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
49 "<h2>PolarSSL Test Server</h2>\r\n" \
50 "<p>Successful connection using: %s</p>\r\n"
51
52/*
53 * Computing a "safe" DH-1024 prime can take a very
54 * long time, so a precomputed value is provided below.
55 * You may run dh_genprime to generate a new value.
56 */
57char *my_dhm_P =
58 "E4004C1F94182000103D883A448B3F80" \
59 "2CE4B44A83301270002C20D0321CFD00" \
60 "11CCEF784C26A400F43DFB901BCA7538" \
61 "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
62 "F6AC8E1DA6BCC3B4E1F96B0564965300" \
63 "FFA1D0B601EB2800F489AA512C4B248C" \
64 "01F76949A60BB7F00A40B1EAB64BDD48" \
65 "E8A700D60B7F1200FA8E77B0A979DABF";
66
67char *my_dhm_G = "4";
68
69/*
70 * Sorted by order of preference
71 */
72int my_ciphersuites[] =
73{
74 SSL_EDH_RSA_AES_256_SHA,
75 SSL_EDH_RSA_CAMELLIA_256_SHA,
76 SSL_EDH_RSA_AES_128_SHA,
77 SSL_EDH_RSA_CAMELLIA_128_SHA,
78 SSL_EDH_RSA_DES_168_SHA,
79 SSL_RSA_AES_256_SHA,
80 SSL_RSA_CAMELLIA_256_SHA,
81 SSL_RSA_AES_128_SHA,
82 SSL_RSA_CAMELLIA_128_SHA,
83 SSL_RSA_DES_168_SHA,
84 SSL_RSA_RC4_128_SHA,
85 SSL_RSA_RC4_128_MD5,
86 0
87};
88
89#define DEBUG_LEVEL 0
90
91void my_debug( void *ctx, int level, const char *str )
92{
93 if( level < DEBUG_LEVEL )
94 {
95 fprintf( (FILE *) ctx, "%s", str );
96 fflush( (FILE *) ctx );
97 }
98}
99
100/*
101 * These session callbacks use a simple chained list
102 * to store and retrieve the session information.
103 */
104ssl_session *s_list_1st = NULL;
105ssl_session *cur, *prv;
106
107static int my_get_session( ssl_context *ssl )
108{
109 time_t t = time( NULL );
110
111 if( ssl->resume == 0 )
112 return( 1 );
113
114 cur = s_list_1st;
115 prv = NULL;
116
117 while( cur != NULL )
118 {
119 prv = cur;
120 cur = cur->next;
121
122 if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
123 continue;
124
125 if( ssl->session->ciphersuite != prv->ciphersuite ||
126 ssl->session->length != prv->length )
127 continue;
128
129 if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
130 continue;
131
132 memcpy( ssl->session->master, prv->master, 48 );
133 return( 0 );
134 }
135
136 return( 1 );
137}
138
139static int my_set_session( ssl_context *ssl )
140{
141 time_t t = time( NULL );
142
143 cur = s_list_1st;
144 prv = NULL;
145
146 while( cur != NULL )
147 {
148 if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
149 break; /* expired, reuse this slot */
150
151 if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
152 break; /* client reconnected */
153
154 prv = cur;
155 cur = cur->next;
156 }
157
158 if( cur == NULL )
159 {
160 cur = (ssl_session *) malloc( sizeof( ssl_session ) );
161 if( cur == NULL )
162 return( 1 );
163
164 if( prv == NULL )
165 s_list_1st = cur;
166 else prv->next = cur;
167 }
168
169 memcpy( cur, ssl->session, sizeof( ssl_session ) );
170
171 return( 0 );
172}
173
174int main( void )
175{
176 int ret, len, cnt = 0, pid;
177 int listen_fd;
178 int client_fd;
179 unsigned char buf[1024];
180
181 havege_state hs;
182 ssl_context ssl;
183 ssl_session ssn;
184 x509_cert srvcert;
185 rsa_context rsa;
186
187 signal( SIGCHLD, SIG_IGN );
188
189 /*
190 * 1. Load the certificates and private RSA key
191 */
192 printf( "\n . Loading the server cert. and key..." );
193 fflush( stdout );
194
195 memset( &srvcert, 0, sizeof( x509_cert ) );
196
197 /*
198 * This demonstration program uses embedded test certificates.
199 * Instead, you may want to use x509parse_crtfile() to read the
200 * server and CA certificates, as well as x509parse_keyfile().
201 */
202 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
203 strlen( test_srv_crt ) );
204 if( ret != 0 )
205 {
206 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
207 goto exit;
208 }
209
210 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
211 strlen( test_ca_crt ) );
212 if( ret != 0 )
213 {
214 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
215 goto exit;
216 }
217
218 rsa_init( &rsa, RSA_PKCS_V15, 0 );
219 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
220 strlen( test_srv_key ), NULL, 0 );
221 if( ret != 0 )
222 {
223 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
224 goto exit;
225 }
226
227 printf( " ok\n" );
228
229 /*
230 * 2. Setup the listening TCP socket
231 */
232 printf( " . Bind on https://localhost:4433/ ..." );
233 fflush( stdout );
234
235 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
236 {
237 printf( " failed\n ! net_bind returned %d\n\n", ret );
238 goto exit;
239 }
240
241 printf( " ok\n" );
242
243 while( 1 )
244 {
245 /*
246 * 3. Wait until a client connects
247 */
248 client_fd = -1;
249 memset( &ssl, 0, sizeof( ssl ) );
250
251 printf( " . Waiting for a remote connection ..." );
252 fflush( stdout );
253
254 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
255 {
256 printf( " failed\n ! net_accept returned %d\n\n", ret );
257 goto exit;
258 }
259
260 printf( " ok\n" );
261
262 /*
263 * 3.5. Forking server thread
264 */
265
266 pid = fork();
267
268 printf( " . Forking to handle connection ..." );
269 fflush( stdout );
270
271 if( pid < 0 )
272 {
273 printf(" failed\n ! fork returned %d\n\n", pid );
274 goto exit;
275 }
276
277 printf( " ok\n" );
278
279 if( pid != 0 )
280 {
281 close( client_fd );
282 continue;
283 }
284
285 close( listen_fd );
286
287 /*
288 * 4. Setup stuff
289 */
290 printf( " . Setting up the RNG and SSL data...." );
291 fflush( stdout );
292
293 havege_init( &hs );
294
295 if( ( ret = ssl_init( &ssl ) ) != 0 )
296 {
297 printf( " failed\n ! ssl_init returned %d\n\n", ret );
298 goto exit;
299 }
300
301 printf( " ok\n" );
302
303 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
304 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
305
306 ssl_set_rng( &ssl, havege_rand, &hs );
307 ssl_set_dbg( &ssl, my_debug, stdout );
308 ssl_set_bio( &ssl, net_recv, &client_fd,
309 net_send, &client_fd );
310 ssl_set_scb( &ssl, my_get_session,
311 my_set_session );
312
313 ssl_set_ciphersuites( &ssl, my_ciphersuites );
314 ssl_set_session( &ssl, 1, 0, &ssn );
315
316 memset( &ssn, 0, sizeof( ssl_session ) );
317
318 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
319 ssl_set_own_cert( &ssl, &srvcert, &rsa );
320 ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
321
322 /*
323 * 5. Handshake
324 */
325 printf( " . Performing the SSL/TLS handshake..." );
326 fflush( stdout );
327
328 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
329 {
330 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
331 {
332 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
333 goto exit;
334 }
335 }
336
337 printf( " ok\n" );
338
339 /*
340 * 6. Read the HTTP Request
341 */
342 printf( " < Read from client:" );
343 fflush( stdout );
344
345 do
346 {
347 len = sizeof( buf ) - 1;
348 memset( buf, 0, sizeof( buf ) );
349 ret = ssl_read( &ssl, buf, len );
350
351 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
352 continue;
353
354 if( ret <= 0 )
355 {
356 switch( ret )
357 {
358 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
359 printf( " connection was closed gracefully\n" );
360 break;
361
362 case POLARSSL_ERR_NET_CONN_RESET:
363 printf( " connection was reset by peer\n" );
364 break;
365
366 default:
367 printf( " ssl_read returned %d\n", ret );
368 break;
369 }
370
371 break;
372 }
373
374 len = ret;
375 printf( " %d bytes read\n\n%s", len, (char *) buf );
376 }
377 while( 0 );
378
379 /*
380 * 7. Write the 200 Response
381 */
382 printf( " > Write to client:" );
383 fflush( stdout );
384
385 len = sprintf( (char *) buf, HTTP_RESPONSE,
386 ssl_get_ciphersuite( &ssl ) );
387
388 while( cnt < 100 )
389 {
390 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
391 {
392 if( ret == POLARSSL_ERR_NET_CONN_RESET )
393 {
394 printf( " failed\n ! peer closed the connection\n\n" );
395 goto exit;
396 }
397
398 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
399 {
400 printf( " failed\n ! ssl_write returned %d\n\n", ret );
401 goto exit;
402 }
403 }
404 len = ret;
405 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
406
407 m_sleep( 1000 );
408 }
409
410 ssl_close_notify( &ssl );
411 goto exit;
412 }
413
414exit:
415
416 net_close( client_fd );
417 x509_free( &srvcert );
418 rsa_free( &rsa );
419 ssl_free( &ssl );
420
421 cur = s_list_1st;
422 while( cur != NULL )
423 {
424 prv = cur;
425 cur = cur->next;
426 memset( prv, 0, sizeof( ssl_session ) );
427 free( prv );
428 }
429
430 memset( &ssl, 0, sizeof( ssl_context ) );
431
432#ifdef WIN32
433 printf( " Press Enter to exit this program.\n" );
434 fflush( stdout ); getchar();
435#endif
436
437 return( ret );
438}