| /* |
| * Testing tool for TLSv1 server routines using HTTPS |
| * Copyright (c) 2011-2019, Jouni Malinen <j@w1.fi> |
| * |
| * This software may be distributed under the terms of the BSD license. |
| * See README for more details. |
| */ |
| |
| #include "includes.h" |
| |
| #include "common.h" |
| #include "crypto/tls.h" |
| |
| |
| static void https_tls_event_cb(void *ctx, enum tls_event ev, |
| union tls_event_data *data) |
| { |
| wpa_printf(MSG_DEBUG, "HTTPS: TLS event %d", ev); |
| } |
| |
| |
| static struct wpabuf * https_recv(int s, int timeout_ms) |
| { |
| struct wpabuf *in; |
| int len, ret; |
| fd_set rfds; |
| struct timeval tv; |
| |
| in = wpabuf_alloc(20000); |
| if (in == NULL) |
| return NULL; |
| |
| FD_ZERO(&rfds); |
| FD_SET(s, &rfds); |
| tv.tv_sec = timeout_ms / 1000; |
| tv.tv_usec = timeout_ms % 1000; |
| |
| wpa_printf(MSG_DEBUG, "Waiting for more data"); |
| ret = select(s + 1, &rfds, NULL, NULL, &tv); |
| if (ret < 0) { |
| wpa_printf(MSG_ERROR, "select: %s", strerror(errno)); |
| wpabuf_free(in); |
| return NULL; |
| } |
| if (ret == 0) { |
| /* timeout */ |
| wpa_printf(MSG_INFO, "Timeout on waiting for data"); |
| wpabuf_free(in); |
| return NULL; |
| } |
| |
| len = recv(s, wpabuf_put(in, 0), wpabuf_tailroom(in), 0); |
| if (len < 0) { |
| wpa_printf(MSG_ERROR, "recv: %s", strerror(errno)); |
| wpabuf_free(in); |
| return NULL; |
| } |
| if (len == 0) { |
| wpa_printf(MSG_DEBUG, "No more data available"); |
| wpabuf_free(in); |
| return NULL; |
| } |
| wpa_printf(MSG_DEBUG, "Received %d bytes", len); |
| wpabuf_put(in, len); |
| |
| return in; |
| } |
| |
| |
| static void https_tls_log_cb(void *ctx, const char *msg) |
| { |
| wpa_printf(MSG_DEBUG, "TLS: %s", msg); |
| } |
| |
| |
| static int https_server(int s) |
| { |
| struct tls_config conf; |
| void *tls; |
| struct tls_connection_params params; |
| struct tls_connection *conn; |
| struct wpabuf *in, *out, *appl; |
| int res = -1; |
| |
| os_memset(&conf, 0, sizeof(conf)); |
| conf.event_cb = https_tls_event_cb; |
| tls = tls_init(&conf); |
| if (!tls) |
| return -1; |
| |
| os_memset(¶ms, 0, sizeof(params)); |
| params.ca_cert = "hwsim/auth_serv/ca.pem"; |
| params.client_cert = "hwsim/auth_serv/server.pem"; |
| params.private_key = "hwsim/auth_serv/server.key"; |
| params.dh_file = "hwsim/auth_serv/dh.conf"; |
| |
| if (tls_global_set_params(tls, ¶ms)) { |
| wpa_printf(MSG_ERROR, "Failed to set TLS parameters"); |
| tls_deinit(tls); |
| return -1; |
| } |
| |
| conn = tls_connection_init(tls); |
| if (!conn) { |
| tls_deinit(tls); |
| return -1; |
| } |
| |
| tls_connection_set_log_cb(conn, https_tls_log_cb, NULL); |
| |
| for (;;) { |
| in = https_recv(s, 5000); |
| if (!in) |
| goto done; |
| |
| appl = NULL; |
| out = tls_connection_server_handshake(tls, conn, in, &appl); |
| wpabuf_free(in); |
| in = NULL; |
| if (!out) { |
| if (!tls_connection_get_failed(tls, conn) && |
| !tls_connection_established(tls, conn)) |
| continue; |
| goto done; |
| } |
| wpa_printf(MSG_DEBUG, "Sending %d bytes", |
| (int) wpabuf_len(out)); |
| if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) { |
| wpa_printf(MSG_ERROR, "send: %s", strerror(errno)); |
| goto done; |
| } |
| wpabuf_free(out); |
| out = NULL; |
| if (tls_connection_get_failed(tls, conn)) { |
| wpa_printf(MSG_ERROR, "TLS handshake failed"); |
| goto done; |
| } |
| if (tls_connection_established(tls, conn)) |
| break; |
| } |
| wpabuf_free(out); |
| out = NULL; |
| |
| wpa_printf(MSG_INFO, "TLS connection established"); |
| if (appl) |
| wpa_hexdump_buf(MSG_DEBUG, "Received application data", appl); |
| |
| wpa_printf(MSG_INFO, "Reading HTTP request"); |
| for (;;) { |
| int need_more_data; |
| |
| in = https_recv(s, 5000); |
| if (!in) |
| goto done; |
| out = tls_connection_decrypt2(tls, conn, in, &need_more_data); |
| wpabuf_free(in); |
| in = NULL; |
| if (need_more_data) { |
| wpa_printf(MSG_DEBUG, "HTTP: Need more data"); |
| continue; |
| } |
| if (!out) |
| goto done; |
| wpa_hexdump_ascii(MSG_INFO, "Request", |
| wpabuf_head(out), wpabuf_len(out)); |
| wpabuf_free(out); |
| out = NULL; |
| break; |
| } |
| |
| in = wpabuf_alloc(1000); |
| if (!in) |
| goto done; |
| wpabuf_put_str(in, "HTTP/1.1 200 OK\r\n" |
| "Server: test-https_server\r\n" |
| "\r\n" |
| "<HTML><BODY>HELLO</BODY></HTML>\n"); |
| wpa_hexdump_ascii(MSG_DEBUG, "Response", |
| wpabuf_head(in), wpabuf_len(in)); |
| out = tls_connection_encrypt(tls, conn, in); |
| wpabuf_free(in); |
| in = NULL; |
| wpa_hexdump_buf(MSG_DEBUG, "Encrypted response", out); |
| if (!out) |
| goto done; |
| |
| wpa_printf(MSG_INFO, "Sending HTTP response: %d bytes", |
| (int) wpabuf_len(out)); |
| if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) { |
| wpa_printf(MSG_ERROR, "send: %s", strerror(errno)); |
| goto done; |
| } |
| wpabuf_free(out); |
| out = NULL; |
| |
| res = 0; |
| done: |
| wpabuf_free(out); |
| wpabuf_free(in); |
| wpabuf_free(appl); |
| tls_connection_deinit(tls, conn); |
| tls_deinit(tls); |
| close(s); |
| |
| return res; |
| } |
| |
| |
| int main(int argc, char *argv[]) |
| { |
| struct sockaddr_in sin; |
| int port, s, conn; |
| int on = 1; |
| |
| wpa_debug_level = 0; |
| wpa_debug_show_keys = 1; |
| |
| if (argc < 2) { |
| wpa_printf(MSG_INFO, "usage: test-https_server port"); |
| return -1; |
| } |
| |
| port = atoi(argv[1]); |
| |
| s = socket(AF_INET, SOCK_STREAM, 0); |
| if (s < 0) { |
| perror("socket"); |
| return -1; |
| } |
| |
| if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) { |
| wpa_printf(MSG_DEBUG, |
| "HTTP: setsockopt(SO_REUSEADDR) failed: %s", |
| strerror(errno)); |
| /* try to continue anyway */ |
| } |
| |
| os_memset(&sin, 0, sizeof(sin)); |
| sin.sin_family = AF_INET; |
| sin.sin_port = htons(port); |
| if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) { |
| perror("bind"); |
| close(s); |
| return -1; |
| } |
| |
| if (listen(s, 10) < 0) { |
| perror("listen"); |
| close(s); |
| return -1; |
| } |
| |
| for (;;) { |
| struct sockaddr_in addr; |
| socklen_t addr_len = sizeof(addr); |
| |
| conn = accept(s, (struct sockaddr *) &addr, &addr_len); |
| if (conn < 0) { |
| perror("accept"); |
| break; |
| } |
| |
| wpa_printf(MSG_DEBUG, "-------------------------------------"); |
| wpa_printf(MSG_DEBUG, "Connection from %s:%d", |
| inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); |
| |
| https_server(conn); |
| wpa_printf(MSG_DEBUG, "Done with the connection"); |
| wpa_printf(MSG_DEBUG, "-------------------------------------"); |
| } |
| |
| close(s); |
| |
| return 0; |
| } |