/* * Testing tool for TLSv1 server routines using HTTPS * Copyright (c) 2011-2019, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "includes.h" #include "common.h" #include "crypto/tls.h" static void https_tls_event_cb(void *ctx, enum tls_event ev, union tls_event_data *data) { wpa_printf(MSG_DEBUG, "HTTPS: TLS event %d", ev); } static struct wpabuf * https_recv(int s, int timeout_ms) { struct wpabuf *in; int len, ret; fd_set rfds; struct timeval tv; in = wpabuf_alloc(20000); if (in == NULL) return NULL; FD_ZERO(&rfds); FD_SET(s, &rfds); tv.tv_sec = timeout_ms / 1000; tv.tv_usec = timeout_ms % 1000; wpa_printf(MSG_DEBUG, "Waiting for more data"); ret = select(s + 1, &rfds, NULL, NULL, &tv); if (ret < 0) { wpa_printf(MSG_ERROR, "select: %s", strerror(errno)); wpabuf_free(in); return NULL; } if (ret == 0) { /* timeout */ wpa_printf(MSG_INFO, "Timeout on waiting for data"); wpabuf_free(in); return NULL; } len = recv(s, wpabuf_put(in, 0), wpabuf_tailroom(in), 0); if (len < 0) { wpa_printf(MSG_ERROR, "recv: %s", strerror(errno)); wpabuf_free(in); return NULL; } if (len == 0) { wpa_printf(MSG_DEBUG, "No more data available"); wpabuf_free(in); return NULL; } wpa_printf(MSG_DEBUG, "Received %d bytes", len); wpabuf_put(in, len); return in; } static void https_tls_log_cb(void *ctx, const char *msg) { wpa_printf(MSG_DEBUG, "TLS: %s", msg); } static int https_server(int s) { struct tls_config conf; void *tls; struct tls_connection_params params; struct tls_connection *conn; struct wpabuf *in, *out, *appl; int res = -1; os_memset(&conf, 0, sizeof(conf)); conf.event_cb = https_tls_event_cb; tls = tls_init(&conf); if (!tls) return -1; os_memset(¶ms, 0, sizeof(params)); params.ca_cert = "hwsim/auth_serv/ca.pem"; params.client_cert = "hwsim/auth_serv/server.pem"; params.private_key = "hwsim/auth_serv/server.key"; params.dh_file = "hwsim/auth_serv/dh.conf"; if (tls_global_set_params(tls, ¶ms)) { wpa_printf(MSG_ERROR, "Failed to set TLS parameters"); tls_deinit(tls); return -1; } conn = tls_connection_init(tls); if (!conn) { tls_deinit(tls); return -1; } tls_connection_set_log_cb(conn, https_tls_log_cb, NULL); for (;;) { in = https_recv(s, 5000); if (!in) goto done; appl = NULL; out = tls_connection_server_handshake(tls, conn, in, &appl); wpabuf_free(in); in = NULL; if (!out) { if (!tls_connection_get_failed(tls, conn) && !tls_connection_established(tls, conn)) continue; goto done; } wpa_printf(MSG_DEBUG, "Sending %d bytes", (int) wpabuf_len(out)); if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) { wpa_printf(MSG_ERROR, "send: %s", strerror(errno)); goto done; } wpabuf_free(out); out = NULL; if (tls_connection_get_failed(tls, conn)) { wpa_printf(MSG_ERROR, "TLS handshake failed"); goto done; } if (tls_connection_established(tls, conn)) break; } wpabuf_free(out); out = NULL; wpa_printf(MSG_INFO, "TLS connection established"); if (appl) wpa_hexdump_buf(MSG_DEBUG, "Received application data", appl); wpa_printf(MSG_INFO, "Reading HTTP request"); for (;;) { int need_more_data; in = https_recv(s, 5000); if (!in) goto done; out = tls_connection_decrypt2(tls, conn, in, &need_more_data); wpabuf_free(in); in = NULL; if (need_more_data) { wpa_printf(MSG_DEBUG, "HTTP: Need more data"); continue; } if (!out) goto done; wpa_hexdump_ascii(MSG_INFO, "Request", wpabuf_head(out), wpabuf_len(out)); wpabuf_free(out); out = NULL; break; } in = wpabuf_alloc(1000); if (!in) goto done; wpabuf_put_str(in, "HTTP/1.1 200 OK\r\n" "Server: test-https_server\r\n" "\r\n" "HELLO\n"); wpa_hexdump_ascii(MSG_DEBUG, "Response", wpabuf_head(in), wpabuf_len(in)); out = tls_connection_encrypt(tls, conn, in); wpabuf_free(in); in = NULL; wpa_hexdump_buf(MSG_DEBUG, "Encrypted response", out); if (!out) goto done; wpa_printf(MSG_INFO, "Sending HTTP response: %d bytes", (int) wpabuf_len(out)); if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) { wpa_printf(MSG_ERROR, "send: %s", strerror(errno)); goto done; } wpabuf_free(out); out = NULL; res = 0; done: wpabuf_free(out); wpabuf_free(in); wpabuf_free(appl); tls_connection_deinit(tls, conn); tls_deinit(tls); close(s); return res; } int main(int argc, char *argv[]) { struct sockaddr_in sin; int port, s, conn; int on = 1; wpa_debug_level = 0; wpa_debug_show_keys = 1; if (argc < 2) { wpa_printf(MSG_INFO, "usage: test-https_server port"); return -1; } port = atoi(argv[1]); s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { perror("socket"); return -1; } if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) { wpa_printf(MSG_DEBUG, "HTTP: setsockopt(SO_REUSEADDR) failed: %s", strerror(errno)); /* try to continue anyway */ } os_memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(port); if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) { perror("bind"); close(s); return -1; } if (listen(s, 10) < 0) { perror("listen"); close(s); return -1; } for (;;) { struct sockaddr_in addr; socklen_t addr_len = sizeof(addr); conn = accept(s, (struct sockaddr *) &addr, &addr_len); if (conn < 0) { perror("accept"); break; } wpa_printf(MSG_DEBUG, "-------------------------------------"); wpa_printf(MSG_DEBUG, "Connection from %s:%d", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); https_server(conn); wpa_printf(MSG_DEBUG, "Done with the connection"); wpa_printf(MSG_DEBUG, "-------------------------------------"); } close(s); return 0; }