#include "mysql.h"
#include "simpleOpensslSigner.h"
#include "util.h"
+#include "bios.h"
+#include "slipBio.h"
+#include "remoteSigner.h"
+#include "sslUtil.h"
#ifdef NO_DAEMON
#define DAEMON false
return filename;
}
-int handlermain( int argc, const char* argv[] );
-
-int main( int argc, const char* argv[] ) {
- ( void ) argc;
- ( void ) argv;
- bool once = false;
-
- if( argc == 2 && std::string( "--once" ) == std::string( argv[1] ) ) {
- once = true;
- }
-
+int parseConfig() {
std::ifstream config;
if( DAEMON ) {
}
config.close();
- return handlermain( argc, argv );
+
+ return 0;
+}
+
+int handlermain( int argc, const char* argv[] );
+
+int main( int argc, const char* argv[] ) {
+ ( void ) argc;
+ ( void ) argv;
+ bool once = false;
+
+ if( argc == 2 && std::string( "--once" ) == std::string( argv[1] ) ) {
+ once = true;
+ }
+
+ if( parseConfig() != 0 ) {
+ return -1;
+ }
+
+ if( argc == 0 ) {
+ return handlermain( argc, argv );
+ }
std::shared_ptr<JobProvider> jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) );
- std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
+ std::shared_ptr<BIO> b = openSerial( "/dev/ttyUSB0" );
+ std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
+ ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
+ std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
+ // std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
while( true ) {
std::shared_ptr<Job> job = jp->fetchJob();
std::cout << "Found a CSR at '" << cert->csr << "' signing" << std::endl;
cert->csr_content = readFile( cert->csr );
+ std::cout << cert->csr_content << " content " << std::endl;
std::shared_ptr<SignedCertificate> res = sign->sign( cert );
+ std::cout << "did it!" << res->certificate << std::endl;
std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate );
res->crt_name = fn;
jp->writeBack( job, res );
+ std::cout << "wrote back" << std::endl;
} catch( const char* c ) {
std::cerr << "ERROR: " << c << std::endl;
return 2;
#include "opensslBIO.h"
#include "remoteSigner.h"
#include "simpleOpensslSigner.h"
+#include "sslUtil.h"
#include "slipBio.h"
-int gencb( int a, int b, BN_GENCB* g ) {
- ( void ) a;
- ( void ) b;
- ( void ) g;
-
- std::cout << ( a == 0 ? "." : "+" ) << std::flush;
-
- return 1;
-}
-
-static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) {
- if( !preverify_ok ) {
- std::cout << "Verification failed: " << preverify_ok << " because " << X509_STORE_CTX_get_error( ctx ) << std::endl;
- }
-
- return preverify_ok;
-}
-
-static std::shared_ptr<DH> dh_param;
-
-std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
- std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>(
- SSL_CTX_new( TLSv1_2_method() ),
- []( SSL_CTX * p ) {
- SSL_CTX_free( p );
- } );
-
- if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
- throw "Cannot set cipher list. Your source is broken.";
- }
-
- SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
- SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
- SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
- SSL_CTX_load_verify_locations( ctx.get(), "keys/env.crt", 0 );
-
- if( server ) {
- STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
-
- if( names ) {
- SSL_CTX_set_client_CA_list( ctx.get(), names );
- } else {
- // error
- }
-
- if( !dh_param ) {
- FILE* paramfile = fopen( "dh_param.pem", "r" );
-
- if( paramfile ) {
- dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
- fclose( paramfile );
- } else {
- dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
- std::cout << "Generating DH params" << std::endl;
- BN_GENCB cb;
- cb.ver = 2;
- cb.arg = 0;
- cb.cb.cb_2 = gencb;
-
- if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
- throw "DH generation failed";
- }
-
- std::cout << std::endl;
- paramfile = fopen( "dh_param.pem", "w" );
-
- if( paramfile ) {
- PEM_write_DHparams( paramfile, dh_param.get() );
- fclose( paramfile );
- }
- }
- }
-
- if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
- throw "Cannot set tmp dh.";
- }
- }
-
- return ctx;
-}
-
class RecordHandlerSession {
public:
uint32_t sessid;
this->signer = signer;
ssl = SSL_new( ctx.get() );
- std::shared_ptr<BIO> bio( BIO_new( BIO_f_ssl() ), [output]( BIO * p ) {
- BIO_free( p );
- } );
+ std::shared_ptr<BIO> bio(
+ BIO_new( BIO_f_ssl() ),
+ [output]( BIO * p ) {
+ BIO_free( p );
+ } );
SSL_set_accept_state( ssl );
SSL_set_bio( ssl, output.get(), output.get() );
BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE );
currentSession->work();
}
-void setupSerial( FILE* f ) {
- struct termios attr;
-
- if( tcgetattr( fileno( f ), &attr ) ) {
- throw "failed to get attrs";
- }
-
- attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON );
- attr.c_oflag &= ~OPOST;
- attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
- attr.c_cflag &= ~( CSIZE | PARENB );
- attr.c_cflag |= CS8;
-
- cfsetispeed( &attr, B115200 );
- cfsetospeed( &attr, B115200 );
-
- if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
- throw "failed to get attrs";
- }
-}
-
int handlermain( int argc, const char* argv[] ) {
( void ) argc;
( void ) argv;
//---
- SSL_library_init();
+ std::shared_ptr<int> ssl_lib = ssl_lib_ref;
if( argc >= 2 ) {
- FILE* f = fopen( "/dev/ttyUSB0", "r+" );
-
- if( !f ) {
- std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl;
- return -1;
- }
-
- setupSerial( f );
-
- std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
+ std::shared_ptr<BIO> b = openSerial( "/dev/ttyUSB0" );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
- std::cout << "Initing tlsv1_2" << std::endl;
- std::shared_ptr<SSL_CTX> ctx = generateSSLContext( false );
- std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, ctx ) );
+ std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
+
std::shared_ptr<TBSCertificate> cert( new TBSCertificate() );
cert->csr_type = "csr";
cert->csr_content = data;
return 0;
}
- FILE* f = fopen( "/dev/ttyS0", "r+" );
-
- if( !f ) {
- std::cout << "Opening /dev/ttyS0 bio failed" << std::endl;
- return -1;
- }
-
- setupSerial( f );
-
- std::shared_ptr<BIO> conn( BIO_new_fd( fileno( f ), 0 ), BIO_free );
+ std::shared_ptr<BIO> conn = openSerial( "/dev/ttyS0" );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ) );
head.flags = 0;
head.sessid = 13;
- if( cert->csr_type == "csr" ) {
+ if( cert->csr_type == "CSR" ) {
send( conn, head, RecordHeader::SignerCommand::SET_CSR, cert->csr_content );
} else {
std::cout << "Unknown csr_type: " << cert->csr_type;
#include "X509.h"
#include "util.h"
+#include "sslUtil.h"
extern std::vector<Profile> profiles;
-std::shared_ptr<int> SimpleOpensslSigner::lib_ref(
- new int( SSL_library_init() ),
- []( int* ref ) {
- delete ref;
-
- EVP_cleanup();
- CRYPTO_cleanup_all_ex_data();
- } );
+std::shared_ptr<int> SimpleOpensslSigner::lib_ref = ssl_lib_ref;
std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
FILE* f = fopen( filename.c_str(), "r" );
#include <unistd.h>
+#define BUFFER_SIZE 8192
+
char hexDigit( char c ) {
if( c < 0 ) {
return 'x';
}
SlipBIO::SlipBIO() {
- this->buffer = std::vector<char>( 4096 );
+ this->buffer = std::vector<char>( BUFFER_SIZE );
this->decodeTarget = 0;
this->decodePos = 0;
this->rawPos = 0;
SlipBIO::SlipBIO( std::shared_ptr<OpensslBIO> target ) {
this->target = target;
- this->buffer = std::vector<char>( 4096 );
+ this->buffer = std::vector<char>( BUFFER_SIZE );
this->decodeTarget = 0;
this->decodePos = 0;
this->rawPos = 0;
SlipBIO::~SlipBIO() {}
int SlipBIO::write( const char* buf, int num ) {
+ std::cout << "Out: " << toHex( buf, num ) << std::endl;
int badOnes = 0;
for( int i = 0; i < num; i++ ) {
--- /dev/null
+#include "sslUtil.h"
+
+#include <sys/types.h>
+#include <termios.h>
+#include <unistd.h>
+#include <iostream>
+
+std::shared_ptr<int> ssl_lib_ref(
+ new int( SSL_library_init() ),
+ []( int* ref ) {
+ delete ref;
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ } );
+
+int gencb( int a, int b, BN_GENCB* g ) {
+ ( void ) a;
+ ( void ) b;
+ ( void ) g;
+ std::cout << ( a == 0 ? "." : "+" ) << std::flush;
+ return 1;
+}
+
+static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) {
+ if( !preverify_ok ) {
+ //auto cert = X509_STORE_CTX_get_current_cert(ctx);
+ //BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);
+ //X509_print_ex(o, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+ //BIO_free(o);
+
+ std::cout << "Verification failed: " << preverify_ok << " because " << X509_STORE_CTX_get_error( ctx ) << std::endl;
+ }
+
+ return preverify_ok;
+}
+
+static std::shared_ptr<DH> dh_param;
+
+std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
+ std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>( SSL_CTX_new( TLSv1_2_method() ), []( SSL_CTX * p ) {
+ SSL_CTX_free( p );
+ } );
+
+ if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
+ throw "Cannot set cipher list. Your source is broken.";
+ }
+
+ SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
+ SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
+ SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
+ SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
+
+ if( server ) {
+ STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
+
+ if( names ) {
+ SSL_CTX_set_client_CA_list( ctx.get(), names );
+ } else {
+ // error
+ }
+
+ if( !dh_param ) {
+ FILE* paramfile = fopen( "dh_param.pem", "r" );
+
+ if( paramfile ) {
+ dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
+ fclose( paramfile );
+ } else {
+ dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
+ std::cout << "Generating DH params" << std::endl;
+ BN_GENCB cb;
+ cb.ver = 2;
+ cb.arg = 0;
+ cb.cb.cb_2 = gencb;
+
+ if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
+ throw "DH generation failed";
+ }
+
+ std::cout << std::endl;
+ paramfile = fopen( "dh_param.pem", "w" );
+
+ if( paramfile ) {
+ PEM_write_DHparams( paramfile, dh_param.get() );
+ fclose( paramfile );
+ }
+ }
+ }
+
+ if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
+ throw "Cannot set tmp dh.";
+ }
+ }
+
+ return ctx;
+}
+
+void setupSerial( FILE* f ) {
+ struct termios attr;
+
+ if( tcgetattr( fileno( f ), &attr ) ) {
+ throw "failed to get attrs";
+ }
+
+ attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP
+ | INLCR | IGNCR | ICRNL | IXON );
+ attr.c_oflag &= ~OPOST;
+ attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
+ attr.c_cflag &= ~( CSIZE | PARENB );
+ attr.c_cflag |= CS8;
+
+ cfsetispeed( &attr, B115200 );
+ cfsetospeed( &attr, B115200 );
+
+ if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
+ throw "failed to get attrs";
+ }
+}
+
+std::shared_ptr<BIO> openSerial( const char* name ) {
+ FILE* f = fopen( name, "r+" );
+
+ if( !f ) {
+ std::cout << "Opening serial device failed" << std::endl;
+ return std::shared_ptr<BIO>();
+ }
+
+ setupSerial( f );
+
+ std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
+ return b;
+}
--- /dev/null
+#pragma once
+#include <openssl/ssl.h>
+#include <memory>
+
+extern std::shared_ptr<int> ssl_lib_ref;
+
+std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
+std::shared_ptr<BIO> openSerial( const char* name );
projects / cassiopeia.git / commitdiff