1/* 2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining 5 * a copy of this software and associated documentation files (the 6 * "Software"), to deal in the Software without restriction, including 7 * without limitation the rights to use, copy, modify, merge, publish, 8 * distribute, sublicense, and/or sell copies of the Software, and to 9 * permit persons to whom the Software is furnished to do so, subject to 10 * the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25#include <stdio.h> 26#include <stdlib.h> 27#include <string.h> 28#include <stdint.h> 29#include <errno.h> 30#include <signal.h> 31 32#ifdef _WIN32 33#include <winsock2.h> 34#include <ws2tcpip.h> 35#else 36#include <sys/types.h> 37#include <sys/socket.h> 38#include <netdb.h> 39#include <netinet/in.h> 40#include <arpa/inet.h> 41#include <unistd.h> 42#include <fcntl.h> 43 44#define SOCKET int 45#define INVALID_SOCKET (-1) 46#endif 47 48#include "brssl.h" 49 50static int 51host_connect(const char *host, const char *port, int verbose) 52{ 53 struct addrinfo hints, *si, *p; 54 SOCKET fd; 55 int err; 56 57 memset(&hints, 0, sizeof hints); 58 hints.ai_family = PF_UNSPEC; 59 hints.ai_socktype = SOCK_STREAM; 60 err = getaddrinfo(host, port, &hints, &si); 61 if (err != 0) { 62 fprintf(stderr, "ERROR: getaddrinfo(): %s\n", 63 gai_strerror(err)); 64 return INVALID_SOCKET; 65 } 66 fd = INVALID_SOCKET; 67 for (p = si; p != NULL; p = p->ai_next) { 68 if (verbose) { 69 struct sockaddr *sa; 70 void *addr; 71 char tmp[INET6_ADDRSTRLEN + 50]; 72 73 sa = (struct sockaddr *)p->ai_addr; 74 if (sa->sa_family == AF_INET) { 75 addr = &((struct sockaddr_in *) 76 (void *)sa)->sin_addr; 77 } else if (sa->sa_family == AF_INET6) { 78 addr = &((struct sockaddr_in6 *) 79 (void *)sa)->sin6_addr; 80 } else { 81 addr = NULL; 82 } 83 if (addr != NULL) { 84 if (!inet_ntop(p->ai_family, addr, 85 tmp, sizeof tmp)) 86 { 87 strcpy(tmp, "<invalid>"); 88 } 89 } else { 90 sprintf(tmp, "<unknown family: %d>", 91 (int)sa->sa_family); 92 } 93 fprintf(stderr, "connecting to: %s\n", tmp); 94 } 95 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); 96 if (fd == INVALID_SOCKET) { 97 if (verbose) { 98 perror("socket()"); 99 } 100 continue; 101 } 102 if (connect(fd, p->ai_addr, p->ai_addrlen) == INVALID_SOCKET) { 103 if (verbose) { 104 perror("connect()"); 105 } 106#ifdef _WIN32 107 closesocket(fd); 108#else 109 close(fd); 110#endif 111 continue; 112 } 113 break; 114 } 115 if (p == NULL) { 116 freeaddrinfo(si); 117 fprintf(stderr, "ERROR: failed to connect\n"); 118 return INVALID_SOCKET; 119 } 120 freeaddrinfo(si); 121 if (verbose) { 122 fprintf(stderr, "connected.\n"); 123 } 124 125 /* 126 * We make the socket non-blocking, since we are going to use 127 * poll() or select() to organise I/O. 128 */ 129#ifdef _WIN32 130 { 131 u_long arg; 132 133 arg = 1; 134 ioctlsocket(fd, FIONBIO, &arg); 135 } 136#else 137 fcntl(fd, F_SETFL, O_NONBLOCK); 138#endif 139 return fd; 140} 141 142typedef struct { 143 const br_ssl_client_certificate_class *vtable; 144 int verbose; 145 br_x509_certificate *chain; 146 size_t chain_len; 147 private_key *sk; 148 int issuer_key_type; 149} ccert_context; 150 151static void 152cc_start_name_list(const br_ssl_client_certificate_class **pctx) 153{ 154 ccert_context *zc; 155 156 zc = (ccert_context *)pctx; 157 if (zc->verbose) { 158 fprintf(stderr, "Server requests a client certificate.\n"); 159 fprintf(stderr, "--- anchor DN list start ---\n"); 160 } 161} 162 163static void 164cc_start_name(const br_ssl_client_certificate_class **pctx, size_t len) 165{ 166 ccert_context *zc; 167 168 zc = (ccert_context *)pctx; 169 if (zc->verbose) { 170 fprintf(stderr, "new anchor name, length = %u\n", 171 (unsigned)len); 172 } 173} 174 175static void 176cc_append_name(const br_ssl_client_certificate_class **pctx, 177 const unsigned char *data, size_t len) 178{ 179 ccert_context *zc; 180 181 zc = (ccert_context *)pctx; 182 if (zc->verbose) { 183 size_t u; 184 185 for (u = 0; u < len; u ++) { 186 if (u == 0) { 187 fprintf(stderr, " "); 188 } else if (u > 0 && u % 16 == 0) { 189 fprintf(stderr, "\n "); 190 } 191 fprintf(stderr, " %02x", data[u]); 192 } 193 if (len > 0) { 194 fprintf(stderr, "\n"); 195 } 196 } 197} 198 199static void 200cc_end_name(const br_ssl_client_certificate_class **pctx) 201{ 202 (void)pctx; 203} 204 205static void 206cc_end_name_list(const br_ssl_client_certificate_class **pctx) 207{ 208 ccert_context *zc; 209 210 zc = (ccert_context *)pctx; 211 if (zc->verbose) { 212 fprintf(stderr, "--- anchor DN list end ---\n"); 213 } 214} 215 216static void 217print_hashes(unsigned hh, unsigned hh2) 218{ 219 int i; 220 221 for (i = 0; i < 8; i ++) { 222 const char *name; 223 224 name = hash_function_name(i); 225 if (((hh >> i) & 1) != 0) { 226 fprintf(stderr, " %s", name); 227 } else if (((hh2 >> i) & 1) != 0) { 228 fprintf(stderr, " (%s)", name); 229 } 230 } 231} 232 233static int 234choose_hash(unsigned hh) 235{ 236 static const int f[] = { 237 br_sha256_ID, br_sha224_ID, br_sha384_ID, br_sha512_ID, 238 br_sha1_ID, br_md5sha1_ID, -1 239 }; 240 241 size_t u; 242 243 for (u = 0; f[u] >= 0; u ++) { 244 if (((hh >> f[u]) & 1) != 0) { 245 return f[u]; 246 } 247 } 248 return -1; 249} 250 251static void 252cc_choose(const br_ssl_client_certificate_class **pctx, 253 const br_ssl_client_context *cc, uint32_t auth_types, 254 br_ssl_client_certificate *choices) 255{ 256 ccert_context *zc; 257 int scurve; 258 259 zc = (ccert_context *)pctx; 260 scurve = br_ssl_client_get_server_curve(cc); 261 if (zc->verbose) { 262 unsigned hashes; 263 264 hashes = br_ssl_client_get_server_hashes(cc); 265 if ((auth_types & 0x00FF) != 0) { 266 fprintf(stderr, "supported: RSA signatures:"); 267 print_hashes(auth_types, hashes); 268 fprintf(stderr, "\n"); 269 } 270 if ((auth_types & 0xFF00) != 0) { 271 fprintf(stderr, "supported: ECDSA signatures:"); 272 print_hashes(auth_types >> 8, hashes >> 8); 273 fprintf(stderr, "\n"); 274 } 275 if ((auth_types & 0x010000) != 0) { 276 fprintf(stderr, "supported:" 277 " fixed ECDH (cert signed with RSA)\n"); 278 } 279 if ((auth_types & 0x020000) != 0) { 280 fprintf(stderr, "supported:" 281 " fixed ECDH (cert signed with ECDSA)\n"); 282 } 283 if (scurve) { 284 fprintf(stderr, "server key curve: %s (%d)\n", 285 ec_curve_name(scurve), scurve); 286 } else { 287 fprintf(stderr, "server key is not EC\n"); 288 } 289 } 290 switch (zc->sk->key_type) { 291 case BR_KEYTYPE_RSA: 292 if ((choices->hash_id = choose_hash(auth_types)) >= 0) { 293 if (zc->verbose) { 294 fprintf(stderr, "using RSA, hash = %d (%s)\n", 295 choices->hash_id, 296 hash_function_name(choices->hash_id)); 297 } 298 choices->auth_type = BR_AUTH_RSA; 299 choices->chain = zc->chain; 300 choices->chain_len = zc->chain_len; 301 return; 302 } 303 break; 304 case BR_KEYTYPE_EC: 305 if (zc->issuer_key_type != 0 306 && scurve == zc->sk->key.ec.curve) 307 { 308 int x; 309 310 x = (zc->issuer_key_type == BR_KEYTYPE_RSA) ? 16 : 17; 311 if (((auth_types >> x) & 1) != 0) { 312 if (zc->verbose) { 313 fprintf(stderr, "using static ECDH\n"); 314 } 315 choices->auth_type = BR_AUTH_ECDH; 316 choices->hash_id = -1; 317 choices->chain = zc->chain; 318 choices->chain_len = zc->chain_len; 319 return; 320 } 321 } 322 if ((choices->hash_id = choose_hash(auth_types >> 8)) >= 0) { 323 if (zc->verbose) { 324 fprintf(stderr, "using ECDSA, hash = %d (%s)\n", 325 choices->hash_id, 326 hash_function_name(choices->hash_id)); 327 } 328 choices->auth_type = BR_AUTH_ECDSA; 329 choices->chain = zc->chain; 330 choices->chain_len = zc->chain_len; 331 return; 332 } 333 break; 334 } 335 if (zc->verbose) { 336 fprintf(stderr, "no matching client certificate\n"); 337 } 338 choices->chain = NULL; 339 choices->chain_len = 0; 340} 341 342static uint32_t 343cc_do_keyx(const br_ssl_client_certificate_class **pctx, 344 unsigned char *data, size_t *len) 345{ 346 const br_ec_impl *iec; 347 ccert_context *zc; 348 size_t xoff, xlen; 349 uint32_t r; 350 351 zc = (ccert_context *)pctx; 352 iec = br_ec_get_default(); 353 r = iec->mul(data, *len, zc->sk->key.ec.x, 354 zc->sk->key.ec.xlen, zc->sk->key.ec.curve); 355 xoff = iec->xoff(zc->sk->key.ec.curve, &xlen); 356 memmove(data, data + xoff, xlen); 357 *len = xlen; 358 return r; 359} 360 361static size_t 362cc_do_sign(const br_ssl_client_certificate_class **pctx, 363 int hash_id, size_t hv_len, unsigned char *data, size_t len) 364{ 365 ccert_context *zc; 366 unsigned char hv[64]; 367 368 zc = (ccert_context *)pctx; 369 memcpy(hv, data, hv_len); 370 switch (zc->sk->key_type) { 371 const br_hash_class *hc; 372 const unsigned char *hash_oid; 373 uint32_t x; 374 size_t sig_len; 375 376 case BR_KEYTYPE_RSA: 377 hash_oid = get_hash_oid(hash_id); 378 if (hash_oid == NULL && hash_id != 0) { 379 if (zc->verbose) { 380 fprintf(stderr, "ERROR: cannot RSA-sign with" 381 " unknown hash function: %d\n", 382 hash_id); 383 } 384 return 0; 385 } 386 sig_len = (zc->sk->key.rsa.n_bitlen + 7) >> 3; 387 if (len < sig_len) { 388 if (zc->verbose) { 389 fprintf(stderr, "ERROR: cannot RSA-sign," 390 " buffer is too small" 391 " (sig=%lu, buf=%lu)\n", 392 (unsigned long)sig_len, 393 (unsigned long)len); 394 } 395 return 0; 396 } 397 x = br_rsa_pkcs1_sign_get_default()( 398 hash_oid, hv, hv_len, &zc->sk->key.rsa, data); 399 if (!x) { 400 if (zc->verbose) { 401 fprintf(stderr, "ERROR: RSA-sign failure\n"); 402 } 403 return 0; 404 } 405 return sig_len; 406 407 case BR_KEYTYPE_EC: 408 hc = get_hash_impl(hash_id); 409 if (hc == NULL) { 410 if (zc->verbose) { 411 fprintf(stderr, "ERROR: cannot ECDSA-sign with" 412 " unknown hash function: %d\n", 413 hash_id); 414 } 415 return 0; 416 } 417 if (len < 139) { 418 if (zc->verbose) { 419 fprintf(stderr, "ERROR: cannot ECDSA-sign" 420 " (output buffer = %lu)\n", 421 (unsigned long)len); 422 } 423 return 0; 424 } 425 sig_len = br_ecdsa_sign_asn1_get_default()( 426 br_ec_get_default(), hc, hv, &zc->sk->key.ec, data); 427 if (sig_len == 0) { 428 if (zc->verbose) { 429 fprintf(stderr, "ERROR: ECDSA-sign failure\n"); 430 } 431 return 0; 432 } 433 return sig_len; 434 435 default: 436 return 0; 437 } 438} 439 440static const br_ssl_client_certificate_class ccert_vtable = { 441 sizeof(ccert_context), 442 cc_start_name_list, 443 cc_start_name, 444 cc_append_name, 445 cc_end_name, 446 cc_end_name_list, 447 cc_choose, 448 cc_do_keyx, 449 cc_do_sign 450}; 451 452static void 453free_alpn(void *alpn) 454{ 455 xfree(*(char **)alpn); 456} 457 458static void 459usage_client(void) 460{ 461 fprintf(stderr, 462"usage: brssl client server[:port] [ options ]\n"); 463 fprintf(stderr, 464"options:\n"); 465 fprintf(stderr, 466" -q suppress verbose messages\n"); 467 fprintf(stderr, 468" -trace activate extra debug messages (dump of all packets)\n"); 469 fprintf(stderr, 470" -sni name use this specific name for SNI\n"); 471 fprintf(stderr, 472" -nosni do not send any SNI\n"); 473 fprintf(stderr, 474" -mono use monodirectional buffering\n"); 475 fprintf(stderr, 476" -buf length set the I/O buffer length (in bytes)\n"); 477 fprintf(stderr, 478" -CA file add certificates in 'file' to trust anchors\n"); 479 fprintf(stderr, 480" -cert file set client certificate chain\n"); 481 fprintf(stderr, 482" -key file set client private key (for certificate authentication)\n"); 483 fprintf(stderr, 484" -nostaticecdh prohibit full-static ECDH (client certificate)\n"); 485 fprintf(stderr, 486" -list list supported names (protocols, algorithms...)\n"); 487 fprintf(stderr, 488" -vmin name set minimum supported version (default: TLS-1.0)\n"); 489 fprintf(stderr, 490" -vmax name set maximum supported version (default: TLS-1.2)\n"); 491 fprintf(stderr, 492" -cs names set list of supported cipher suites (comma-separated)\n"); 493 fprintf(stderr, 494" -hf names add support for some hash functions (comma-separated)\n"); 495 fprintf(stderr, 496" -minhello len set minimum ClientHello length (in bytes)\n"); 497 fprintf(stderr, 498" -fallback send the TLS_FALLBACK_SCSV (i.e. claim a downgrade)\n"); 499 fprintf(stderr, 500" -noreneg prohibit renegotiations\n"); 501 fprintf(stderr, 502" -alpn name add protocol name to list of protocols (ALPN extension)\n"); 503 fprintf(stderr, 504" -strictalpn fail on ALPN mismatch\n"); 505} 506 507/* see brssl.h */ 508int 509do_client(int argc, char *argv[]) 510{ 511 int retcode; 512 int verbose; 513 int trace; 514 int i, bidi; 515 const char *server_name; 516 char *host; 517 char *port; 518 const char *sni; 519 anchor_list anchors = VEC_INIT; 520 unsigned vmin, vmax; 521 VECTOR(char *) alpn_names = VEC_INIT; 522 cipher_suite *suites; 523 size_t num_suites; 524 uint16_t *suite_ids; 525 unsigned hfuns; 526 size_t u; 527 br_ssl_client_context cc; 528 br_x509_minimal_context xc; 529 x509_noanchor_context xwc; 530 const br_hash_class *dnhash; 531 ccert_context zc; 532 br_x509_certificate *chain; 533 size_t chain_len; 534 private_key *sk; 535 int nostaticecdh; 536 unsigned char *iobuf; 537 size_t iobuf_len; 538 size_t minhello_len; 539 int fallback; 540 uint32_t flags; 541 SOCKET fd; 542 543 retcode = 0; 544 verbose = 1; 545 trace = 0; 546 server_name = NULL; 547 host = NULL; 548 port = NULL; 549 sni = NULL; 550 bidi = 1; 551 vmin = 0; 552 vmax = 0; 553 suites = NULL; 554 num_suites = 0; 555 hfuns = 0; 556 suite_ids = NULL; 557 chain = NULL; 558 chain_len = 0; 559 sk = NULL; 560 nostaticecdh = 0; 561 iobuf = NULL; 562 iobuf_len = 0; 563 minhello_len = (size_t)-1; 564 fallback = 0; 565 flags = 0; 566 fd = INVALID_SOCKET; 567 for (i = 0; i < argc; i ++) { 568 const char *arg; 569 570 arg = argv[i]; 571 if (arg[0] != '-') { 572 if (server_name != NULL) { 573 fprintf(stderr, 574 "ERROR: duplicate server name\n"); 575 usage_client(); 576 goto client_exit_error; 577 } 578 server_name = arg; 579 continue; 580 } 581 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) { 582 verbose = 1; 583 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) { 584 verbose = 0; 585 } else if (eqstr(arg, "-trace")) { 586 trace = 1; 587 } else if (eqstr(arg, "-sni")) { 588 if (++ i >= argc) { 589 fprintf(stderr, 590 "ERROR: no argument for '-sni'\n"); 591 usage_client(); 592 goto client_exit_error; 593 } 594 if (sni != NULL) { 595 fprintf(stderr, "ERROR: duplicate SNI\n"); 596 usage_client(); 597 goto client_exit_error; 598 } 599 sni = argv[i]; 600 } else if (eqstr(arg, "-nosni")) { 601 if (sni != NULL) { 602 fprintf(stderr, "ERROR: duplicate SNI\n"); 603 usage_client(); 604 goto client_exit_error; 605 } 606 sni = ""; 607 } else if (eqstr(arg, "-mono")) { 608 bidi = 0; 609 } else if (eqstr(arg, "-buf")) { 610 if (++ i >= argc) { 611 fprintf(stderr, 612 "ERROR: no argument for '-buf'\n"); 613 usage_client(); 614 goto client_exit_error; 615 } 616 arg = argv[i]; 617 if (iobuf_len != 0) { 618 fprintf(stderr, 619 "ERROR: duplicate I/O buffer length\n"); 620 usage_client(); 621 goto client_exit_error; 622 } 623 iobuf_len = parse_size(arg); 624 if (iobuf_len == (size_t)-1) { 625 usage_client(); 626 goto client_exit_error; 627 } 628 } else if (eqstr(arg, "-CA")) { 629 if (++ i >= argc) { 630 fprintf(stderr, 631 "ERROR: no argument for '-CA'\n"); 632 usage_client(); 633 goto client_exit_error; 634 } 635 arg = argv[i]; 636 if (read_trust_anchors(&anchors, arg) == 0) { 637 usage_client(); 638 goto client_exit_error; 639 } 640 } else if (eqstr(arg, "-cert")) { 641 if (++ i >= argc) { 642 fprintf(stderr, 643 "ERROR: no argument for '-cert'\n"); 644 usage_client(); 645 goto client_exit_error; 646 } 647 if (chain != NULL) { 648 fprintf(stderr, 649 "ERROR: duplicate certificate chain\n"); 650 usage_client(); 651 goto client_exit_error; 652 } 653 arg = argv[i]; 654 chain = read_certificates(arg, &chain_len); 655 if (chain == NULL || chain_len == 0) { 656 goto client_exit_error; 657 } 658 } else if (eqstr(arg, "-key")) { 659 if (++ i >= argc) { 660 fprintf(stderr, 661 "ERROR: no argument for '-key'\n"); 662 usage_client(); 663 goto client_exit_error; 664 } 665 if (sk != NULL) { 666 fprintf(stderr, 667 "ERROR: duplicate private key\n"); 668 usage_client(); 669 goto client_exit_error; 670 } 671 arg = argv[i]; 672 sk = read_private_key(arg); 673 if (sk == NULL) { 674 goto client_exit_error; 675 } 676 } else if (eqstr(arg, "-nostaticecdh")) { 677 nostaticecdh = 1; 678 } else if (eqstr(arg, "-list")) { 679 list_names(); 680 goto client_exit; 681 } else if (eqstr(arg, "-vmin")) { 682 if (++ i >= argc) { 683 fprintf(stderr, 684 "ERROR: no argument for '-vmin'\n"); 685 usage_client(); 686 goto client_exit_error; 687 } 688 arg = argv[i]; 689 if (vmin != 0) { 690 fprintf(stderr, 691 "ERROR: duplicate minimum version\n"); 692 usage_client(); 693 goto client_exit_error; 694 } 695 vmin = parse_version(arg, strlen(arg)); 696 if (vmin == 0) { 697 fprintf(stderr, 698 "ERROR: unrecognised version '%s'\n", 699 arg); 700 usage_client(); 701 goto client_exit_error; 702 } 703 } else if (eqstr(arg, "-vmax")) { 704 if (++ i >= argc) { 705 fprintf(stderr, 706 "ERROR: no argument for '-vmax'\n"); 707 usage_client(); 708 goto client_exit_error; 709 } 710 arg = argv[i]; 711 if (vmax != 0) { 712 fprintf(stderr, 713 "ERROR: duplicate maximum version\n"); 714 usage_client(); 715 goto client_exit_error; 716 } 717 vmax = parse_version(arg, strlen(arg)); 718 if (vmax == 0) { 719 fprintf(stderr, 720 "ERROR: unrecognised version '%s'\n", 721 arg); 722 usage_client(); 723 goto client_exit_error; 724 } 725 } else if (eqstr(arg, "-cs")) { 726 if (++ i >= argc) { 727 fprintf(stderr, 728 "ERROR: no argument for '-cs'\n"); 729 usage_client(); 730 goto client_exit_error; 731 } 732 arg = argv[i]; 733 if (suites != NULL) { 734 fprintf(stderr, "ERROR: duplicate list" 735 " of cipher suites\n"); 736 usage_client(); 737 goto client_exit_error; 738 } 739 suites = parse_suites(arg, &num_suites); 740 if (suites == NULL) { 741 usage_client(); 742 goto client_exit_error; 743 } 744 } else if (eqstr(arg, "-hf")) { 745 unsigned x; 746 747 if (++ i >= argc) { 748 fprintf(stderr, 749 "ERROR: no argument for '-hf'\n"); 750 usage_client(); 751 goto client_exit_error; 752 } 753 arg = argv[i]; 754 x = parse_hash_functions(arg); 755 if (x == 0) { 756 usage_client(); 757 goto client_exit_error; 758 } 759 hfuns |= x; 760 } else if (eqstr(arg, "-minhello")) { 761 if (++ i >= argc) { 762 fprintf(stderr, 763 "ERROR: no argument for '-minhello'\n"); 764 usage_client(); 765 goto client_exit_error; 766 } 767 arg = argv[i]; 768 if (minhello_len != (size_t)-1) { 769 fprintf(stderr, "ERROR: duplicate minimum" 770 " ClientHello length\n"); 771 usage_client(); 772 goto client_exit_error; 773 } 774 minhello_len = parse_size(arg); 775 /* 776 * Minimum ClientHello length must fit on 16 bits. 777 */ 778 if (minhello_len == (size_t)-1 779 || (((minhello_len >> 12) >> 4) != 0)) 780 { 781 usage_client(); 782 goto client_exit_error; 783 } 784 } else if (eqstr(arg, "-fallback")) { 785 fallback = 1; 786 } else if (eqstr(arg, "-noreneg")) { 787 flags |= BR_OPT_NO_RENEGOTIATION; 788 } else if (eqstr(arg, "-alpn")) { 789 if (++ i >= argc) { 790 fprintf(stderr, 791 "ERROR: no argument for '-alpn'\n"); 792 usage_client(); 793 goto client_exit_error; 794 } 795 VEC_ADD(alpn_names, xstrdup(argv[i])); 796 } else if (eqstr(arg, "-strictalpn")) { 797 flags |= BR_OPT_FAIL_ON_ALPN_MISMATCH; 798 } else { 799 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg); 800 usage_client(); 801 goto client_exit_error; 802 } 803 } 804 if (server_name == NULL) { 805 fprintf(stderr, "ERROR: no server name/address provided\n"); 806 usage_client(); 807 goto client_exit_error; 808 } 809 for (u = strlen(server_name); u > 0; u --) { 810 int c = server_name[u - 1]; 811 if (c == ':') { 812 break; 813 } 814 if (c < '0' || c > '9') { 815 u = 0; 816 break; 817 } 818 } 819 if (u == 0) { 820 host = xstrdup(server_name); 821 port = xstrdup("443"); 822 } else { 823 port = xstrdup(server_name + u); 824 host = xmalloc(u); 825 memcpy(host, server_name, u - 1); 826 host[u - 1] = 0; 827 } 828 if (sni == NULL) { 829 sni = host; 830 } 831 832 if (chain == NULL && sk != NULL) { 833 fprintf(stderr, "ERROR: private key specified, but" 834 " no certificate chain\n"); 835 usage_client(); 836 goto client_exit_error; 837 } 838 if (chain != NULL && sk == NULL) { 839 fprintf(stderr, "ERROR: certificate chain specified, but" 840 " no private key\n"); 841 usage_client(); 842 goto client_exit_error; 843 } 844 845 if (vmin == 0) { 846 vmin = BR_TLS10; 847 } 848 if (vmax == 0) { 849 vmax = BR_TLS12; 850 } 851 if (vmax < vmin) { 852 fprintf(stderr, "ERROR: impossible minimum/maximum protocol" 853 " version combination\n"); 854 usage_client(); 855 goto client_exit_error; 856 } 857 if (suites == NULL) { 858 num_suites = 0; 859 860 for (u = 0; cipher_suites[u].name; u ++) { 861 if ((cipher_suites[u].req & REQ_TLS12) == 0 862 || vmax >= BR_TLS12) 863 { 864 num_suites ++; 865 } 866 } 867 suites = xmalloc(num_suites * sizeof *suites); 868 num_suites = 0; 869 for (u = 0; cipher_suites[u].name; u ++) { 870 if ((cipher_suites[u].req & REQ_TLS12) == 0 871 || vmax >= BR_TLS12) 872 { 873 suites[num_suites ++] = cipher_suites[u]; 874 } 875 } 876 } 877 if (hfuns == 0) { 878 hfuns = (unsigned)-1; 879 } 880 if (iobuf_len == 0) { 881 if (bidi) { 882 iobuf_len = BR_SSL_BUFSIZE_BIDI; 883 } else { 884 iobuf_len = BR_SSL_BUFSIZE_MONO; 885 } 886 } 887 iobuf = xmalloc(iobuf_len); 888 889 /* 890 * Compute implementation requirements and inject implementations. 891 */ 892 suite_ids = xmalloc((num_suites + 1) * sizeof *suite_ids); 893 br_ssl_client_zero(&cc); 894 br_ssl_engine_set_versions(&cc.eng, vmin, vmax); 895 dnhash = NULL; 896 for (u = 0; hash_functions[u].name; u ++) { 897 const br_hash_class *hc; 898 int id; 899 900 hc = hash_functions[u].hclass; 901 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK; 902 if ((hfuns & ((unsigned)1 << id)) != 0) { 903 dnhash = hc; 904 } 905 } 906 if (dnhash == NULL) { 907 fprintf(stderr, "ERROR: no supported hash function\n"); 908 goto client_exit_error; 909 } 910 br_x509_minimal_init(&xc, dnhash, 911 &VEC_ELT(anchors, 0), VEC_LEN(anchors)); 912 if (vmin <= BR_TLS11) { 913 if (!(hfuns & (1 << br_md5_ID))) { 914 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need MD5\n"); 915 goto client_exit_error; 916 } 917 if (!(hfuns & (1 << br_sha1_ID))) { 918 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need SHA-1\n"); 919 goto client_exit_error; 920 } 921 } 922 for (u = 0; u < num_suites; u ++) { 923 unsigned req; 924 925 req = suites[u].req; 926 suite_ids[u] = suites[u].suite; 927 if ((req & REQ_TLS12) != 0 && vmax < BR_TLS12) { 928 fprintf(stderr, 929 "ERROR: cipher suite %s requires TLS 1.2\n", 930 suites[u].name); 931 goto client_exit_error; 932 } 933 if ((req & REQ_SHA1) != 0 && !(hfuns & (1 << br_sha1_ID))) { 934 fprintf(stderr, 935 "ERROR: cipher suite %s requires SHA-1\n", 936 suites[u].name); 937 goto client_exit_error; 938 } 939 if ((req & REQ_SHA256) != 0 && !(hfuns & (1 << br_sha256_ID))) { 940 fprintf(stderr, 941 "ERROR: cipher suite %s requires SHA-256\n", 942 suites[u].name); 943 goto client_exit_error; 944 } 945 if ((req & REQ_SHA384) != 0 && !(hfuns & (1 << br_sha384_ID))) { 946 fprintf(stderr, 947 "ERROR: cipher suite %s requires SHA-384\n", 948 suites[u].name); 949 goto client_exit_error; 950 } 951 /* TODO: algorithm implementation selection */ 952 if ((req & REQ_AESCBC) != 0) { 953 br_ssl_engine_set_default_aes_cbc(&cc.eng); 954 } 955 if ((req & REQ_AESCCM) != 0) { 956 br_ssl_engine_set_default_aes_ccm(&cc.eng); 957 } 958 if ((req & REQ_AESGCM) != 0) { 959 br_ssl_engine_set_default_aes_gcm(&cc.eng); 960 } 961 if ((req & REQ_CHAPOL) != 0) { 962 br_ssl_engine_set_default_chapol(&cc.eng); 963 } 964 if ((req & REQ_3DESCBC) != 0) { 965 br_ssl_engine_set_default_des_cbc(&cc.eng); 966 } 967 if ((req & REQ_RSAKEYX) != 0) { 968 br_ssl_client_set_default_rsapub(&cc); 969 } 970 if ((req & REQ_ECDHE_RSA) != 0) { 971 br_ssl_engine_set_default_ec(&cc.eng); 972 br_ssl_engine_set_default_rsavrfy(&cc.eng); 973 } 974 if ((req & REQ_ECDHE_ECDSA) != 0) { 975 br_ssl_engine_set_default_ecdsa(&cc.eng); 976 } 977 if ((req & REQ_ECDH) != 0) { 978 br_ssl_engine_set_default_ec(&cc.eng); 979 } 980 } 981 if (fallback) { 982 suite_ids[num_suites ++] = 0x5600; 983 } 984 br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites); 985 986 for (u = 0; hash_functions[u].name; u ++) { 987 const br_hash_class *hc; 988 int id; 989 990 hc = hash_functions[u].hclass; 991 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK; 992 if ((hfuns & ((unsigned)1 << id)) != 0) { 993 br_ssl_engine_set_hash(&cc.eng, id, hc); 994 br_x509_minimal_set_hash(&xc, id, hc); 995 } 996 } 997 if (vmin <= BR_TLS11) { 998 br_ssl_engine_set_prf10(&cc.eng, &br_tls10_prf); 999 } 1000 if (vmax >= BR_TLS12) { 1001 if ((hfuns & ((unsigned)1 << br_sha256_ID)) != 0) { 1002 br_ssl_engine_set_prf_sha256(&cc.eng, 1003 &br_tls12_sha256_prf); 1004 } 1005 if ((hfuns & ((unsigned)1 << br_sha384_ID)) != 0) { 1006 br_ssl_engine_set_prf_sha384(&cc.eng, 1007 &br_tls12_sha384_prf); 1008 } 1009 } 1010 br_x509_minimal_set_rsa(&xc, br_rsa_pkcs1_vrfy_get_default()); 1011 br_x509_minimal_set_ecdsa(&xc, 1012 br_ec_get_default(), br_ecdsa_vrfy_asn1_get_default()); 1013 1014 /* 1015 * If there is no provided trust anchor, then certificate validation 1016 * will always fail. In that situation, we use our custom wrapper 1017 * that tolerates unknown anchors. 1018 */ 1019 if (VEC_LEN(anchors) == 0) { 1020 if (verbose) { 1021 fprintf(stderr, 1022 "WARNING: no configured trust anchor\n"); 1023 } 1024 x509_noanchor_init(&xwc, &xc.vtable); 1025 br_ssl_engine_set_x509(&cc.eng, &xwc.vtable); 1026 } else { 1027 br_ssl_engine_set_x509(&cc.eng, &xc.vtable); 1028 } 1029 1030 if (minhello_len != (size_t)-1) { 1031 br_ssl_client_set_min_clienthello_len(&cc, minhello_len); 1032 } 1033 br_ssl_engine_set_all_flags(&cc.eng, flags); 1034 if (VEC_LEN(alpn_names) != 0) { 1035 br_ssl_engine_set_protocol_names(&cc.eng, 1036 (const char **)&VEC_ELT(alpn_names, 0), 1037 VEC_LEN(alpn_names)); 1038 } 1039 1040 if (chain != NULL) { 1041 zc.vtable = &ccert_vtable; 1042 zc.verbose = verbose; 1043 zc.chain = chain; 1044 zc.chain_len = chain_len; 1045 zc.sk = sk; 1046 if (nostaticecdh || sk->key_type != BR_KEYTYPE_EC) { 1047 zc.issuer_key_type = 0; 1048 } else { 1049 zc.issuer_key_type = get_cert_signer_algo(&chain[0]); 1050 if (zc.issuer_key_type == 0) { 1051 goto client_exit_error; 1052 } 1053 } 1054 br_ssl_client_set_client_certificate(&cc, &zc.vtable); 1055 } 1056 1057 br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); 1058 br_ssl_client_reset(&cc, sni, 0); 1059 1060 /* 1061 * On Unix systems, we need to avoid SIGPIPE. 1062 */ 1063#ifndef _WIN32 1064 signal(SIGPIPE, SIG_IGN); 1065#endif 1066 1067 /* 1068 * Connect to the peer. 1069 */ 1070 fd = host_connect(host, port, verbose); 1071 if (fd == INVALID_SOCKET) { 1072 goto client_exit_error; 1073 } 1074 1075 /* 1076 * Run the engine until completion. 1077 */ 1078 if (run_ssl_engine(&cc.eng, fd, 1079 (verbose ? RUN_ENGINE_VERBOSE : 0) 1080 | (trace ? RUN_ENGINE_TRACE : 0)) != 0) 1081 { 1082 goto client_exit_error; 1083 } else { 1084 goto client_exit; 1085 } 1086 1087 /* 1088 * Release allocated structures. 1089 */ 1090client_exit: 1091 xfree(host); 1092 xfree(port); 1093 xfree(suites); 1094 xfree(suite_ids); 1095 VEC_CLEAREXT(anchors, &free_ta_contents); 1096 VEC_CLEAREXT(alpn_names, &free_alpn); 1097 free_certificates(chain, chain_len); 1098 free_private_key(sk); 1099 xfree(iobuf); 1100 if (fd != INVALID_SOCKET) { 1101#ifdef _WIN32 1102 closesocket(fd); 1103#else 1104 close(fd); 1105#endif 1106 } 1107 return retcode; 1108 1109client_exit_error: 1110 retcode = -1; 1111 goto client_exit; 1112} 1113