WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #50 from connerWolfSSL/master 

PSK examples clean up
pull/55/head
Chris Conlon 2017-05-30 13:27:21 -06:00 committed by GitHub
parent e99ae9cf4e cc31940bff
commit 30ef0569fe
10 changed files with 251 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/3des/README
View File

@ -1,11 +1,10 @@
How to use 3des-file-encrypt.c
1) a. Compile wolfSSL with ./configure --enable-pwdbased --enable-3des, run
1) a. Compile wolfSSL with ./configure --enable-pwdbased --enable-des3, run
'make', and then install by typing 'sudo make install'.
b. In the crypto/3des directory run the Makefile by typing 'make'.
2) Make a file to encode. Can be any file (ex. .txt .in .out .file etc.)
3) run the excecutable, for help run with -h flag. Basic command is as follows:
./3des-file-encrypt <-option> <KeySize> <input.file> <output.file>
KeySize examples: 56, 112, or 168

92
psk/README.md
View File

@ -9,11 +9,12 @@ TCP/PSK Tutorial
``read(sockfd, recvline, MAXLINE)`` becomes ``wolfSSL_read(ssl, recvline, MAXLINE)``
3. Change all calls from write() or send() to CySSL_write(), in the simple client
3. Change all calls from write() or send() to wolfSSL_write(), in the simple client
``write(socked, send line,strlen(send line))`` becomes ``wolfSSL_write(ssl, send line, strlen(sendline))``
``write(socked, sendline, strlen(sendline))`` becomes ``wolfSSL_write(ssl, sendline, strlen(sendline))``
4. In the main method initialize wolfSSL and WOLFSSL_CTX.
4. In the main method initialize wolfSSL and WOLFSSL_CTX. You must initialize wolfSSL before making any other wolfSSL calls.
wolfSSL_CTX_new() takes an argument that defines what SSL/TLS protocol to use. In this case ``wolfTLSv1_2_client_method()`` is used to specify TLS 1.2.
wolfSSL_Init();
@ -35,10 +36,11 @@ TCP/PSK Tutorial
return 1;
}
6. Cleanup. After each wolfSSL object is done being used you can free it up by calling ``wolfSSL_free(ssl);``
6. Cleanup. After each wolfSSL object is done being used you can free it up by calling ``wolfSSL_free(ssl);``.
7. When completely done using SSL/TLS, free the WOLFSSL_CTX object by
``wolfSSL_CTX_free(CTX);``
``wolfSSL_CTX_free(ctx);``
``wolfSSL_Cleanup();``
@ -82,7 +84,7 @@ TCP/PSK Tutorial
2. After the function ``wolfSSL_set_fd(ssl,sockfd)``, tell wolfSSL that you want non-blocking to be used. This is done by adding : `` wolfSSL_set_using_nonblock(ssl,1);``
3. Now we much invoke the fcnt callable serve to use non-blocking.
3. Now we must invoke the fcntl callable serve to use non-blocking.
int flags = fcntl(sockfd, F_GETFL, 0);
if (flags < 0) {
@ -190,7 +192,7 @@ Session resumption allows a client/server pair to re-use previously generated cr
WOLFSSL_SESSION* session = wolfSSL_get_session(ssl);
WOLFSSL* sslResume = wolfSSL_new(ctx);
2. Now we must close wolfSSL SSL and close connections. Alos free the socket and ctx.
2. Now we must close wolfSSL SSL and close connections i.e. free the socket and ctx.
/* shut down wolfSSL */
wolfSSL_shutdown(ssl);
@ -198,10 +200,9 @@ Session resumption allows a client/server pair to re-use previously generated cr
/* close connection */
close(sockfd);
/* cleanup */
/* cleanup without wolfSSL_Cleanup() for now */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
3. Now we are ready to reconnect and start a new socket but we are going to reuse the session id to make things go a little faster.
@ -209,7 +210,7 @@ Session resumption allows a client/server pair to re-use previously generated cr
sock = socket(AF_INET, SOCK_STREAM, 0);
/* connect to the socket */
ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr));
ret = connect(sock, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0){
return 1;
@ -245,7 +246,7 @@ Session resumption allows a client/server pair to re-use previously generated cr
/* shut down socket */
close(sock);
/* clean up */
/* clean up now with wolfSSL_Cleanup() */
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
@ -261,13 +262,14 @@ Session resumption allows a client/server pair to re-use previously generated cr
>(wolfSSL_read on first use also calls wolfSSL_accept if not explicitly called earlier in code.)
3. Change all calls from write() or send() to CySSL_write(), in the simple server
3. Change all calls from write() or send() to wolfSSL_write(), in the simple server
``write(sockfd, sendline, strlen(sendline))`` becomes ``wolfSSL_write(ssl, sendline, strlen(sendline))``
4. Run the wolfSSL method to initalize wolfSSL
``wolfSSL_Init()``
5. Create a ctx pointer that contains using the following process.
5. Create a ctx pointer that contains a server method using the following process. The server method wolfSSLv23_server_method()
allows clients with TLS 1+ to connect.
```
WOLFSSL_CTX* ctx;
@ -280,7 +282,7 @@ Session resumption allows a client/server pair to re-use previously generated cr
```
WOLFSSL* ssl;
wolfSSL_set_fd(ssl, “integer returned from accept”);
wolfSSL_set_fd(ssl, “integer (file descriptor) returned from accept”);
wolfSSL_free(ssl);
@ -310,9 +312,9 @@ The following steps are on how to use PSK in a wolfSSL server
>PSK-AES128-CBC-SHA256 creates the cipher list of having pre shared keys with advanced encryption security using 128 bit key
>with cipher block chaining using secure hash algorithm.
3. Add the my_psk_server_cb function as follows. This is a function needed that is passed in as an argument to the wolfSSL callback.
3. Add the my_psk_server_cb function as follows. This is a necessary function that is passed in as an argument to the wolfSSL callback.
```
```
static inline unsigned int my_psk_client_cb(WOLFSSL* ssl, char* identity, unsigned
char* key, unsigned int key_max_len) {
(void)ssl;
@ -330,12 +332,12 @@ The following steps are on how to use PSK in a wolfSSL server
return 4;
}
```
```
Example Makefile for Simple wolfSSL PSK Client:
```
```
CC=gcc
OBJ = client-psk.o
CFLAG=-Wall
@ -350,19 +352,19 @@ Example Makefile for Simple wolfSSL PSK Client:
clean:
rm -f *.o client-psk
```
```
The -lwolfssl will link the wolfSSL Libraries to your program
The makefile for the server is going to be similar to that of the client. If the user wants separate makefiles just make a use the same set up of the client makefile and replace every instance of client-psk with server-psk. To combine make files just add a server-psk with similar ending to each time client-psk is referenced and change the target. There will also need to be a target for when compiling all targets.
The makefile for the server is going to be similar to that of the client. If the user wants separate makefiles just make and use the same set up of the client makefile and replace every instance of client-psk with server-psk. To combine make files just add a server-psk with similar ending to each time client-psk is referenced and change the target. There will also need to be a target for when compiling all targets.
```
```
all: server-psk client-psk
server-psk: server-psk.c
$(CC) -Wall -o server-psk server-psk.c -lwolfssl
```
```
## Nonblocking psk
###### What is nonblocking?
@ -411,7 +413,7 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
5. Before adding the NonblockingSSL_Connect function into our code we much add a tcp_select function that will be used by the NonblockingSSL_Connect. This is done by adding:
5. Before adding the NonblockingSSL_Connect function into our code we must add a tcp_select function that will be used by the NonblockingSSL_Connect. This is done by adding:
```
/*
@ -426,29 +428,28 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
static inline int tcp_select(int socketfd, int to_sec)
{
    fd_set recvfds, errfds;
    int nfds = socketfd + 1;
   struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
   int result;
    fd_set recvfds, errfds;
    int nfds = socketfd + 1;
struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
int result;
   FD_ZERO(&recvfds);
   FD_SET(socketfd, &recvfds);
   FD_ZERO(&errfds);
   FD_SET(socketfd, &errfds);
FD_ZERO(&recvfds);
FD_SET(socketfd, &recvfds);
FD_ZERO(&errfds);
FD_SET(socketfd, &errfds);
   result = select(nfds, &recvfds, NULL, &errfds, &timeout);
result = select(nfds, &recvfds, NULL, &errfds, &timeout);
   if (result == 0)
       return TEST_TIMEOUT;
   else if (result > 0) {
       if (FD_ISSET(socketfd, &recvfds))
           return TEST_RECV_READY;
       else if(FD_ISSET(socketfd, &errfds))
           return TEST_ERROR_READY;
   }
   return TEST_SELECT_FAIL;
}
if (result == 0)
     return TEST_TIMEOUT;
else if (result > 0) {
     if (FD_ISSET(socketfd, &recvfds))
         return TEST_RECV_READY;
     else if(FD_ISSET(socketfd, &errfds))
         return TEST_ERROR_READY;
}
    return TEST_SELECT_FAIL;
}
```
@ -494,7 +495,7 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
}
}
```
##Tutorial for adding nonblocking to a Server.
## Tutorial for adding nonblocking to a Server.
Nonblocking on the server side allows for switching between multiple client connections when reading and writing without closing them.
@ -511,6 +512,7 @@ Nonblocking on the server side allows for switching between multiple client conn
>Both F_SETFL and O_NONBLOCK are constants from the fcntl.h file.
4. Include a function to select tcp. What this function does is it checks file descriptors for readiness of reading, writing, for pending exceptions, and for timeout. The timeout variable needs to point to struct timeval type. If the timeval members are 0 then the function does not block. The function and its input parameters are listed below.
``select(int nfds, fd_set* read, fd_set* write, fd_set* exception, struct timeval* time)``
>For the example server we do not consider write when selecting the tcp so it is set to NULL. For ease the example code uses enumerated values for which state the function select returns. This then makes the next loop discussed easier.
@ -591,4 +593,4 @@ The main thread accepts clients and for each client accepted a new thread is spa
}
```
5. Void* arg is the argument that gets passed into wolfssal_thread when pthread_create is called. In this example that argument is used to pass the socket value that the client for the current thread is on.
5. Void* arg is the argument that gets passed into wolfssl_thread when pthread_create is called. In this example that argument is used to pass the socket value that the client for the current thread is on.

17
psk/client-psk-nonblocking.c
View File

@ -60,13 +60,16 @@ static inline int tcp_select(int socketfd, int to_sec)
result = select(nfds, &recvfds, NULL, &errfds, &timeout);
if (result == 0)
if (result == 0) {
return TEST_TIMEOUT;
}
else if (result > 0) {
if (FD_ISSET(socketfd, &recvfds))
if (FD_ISSET(socketfd, &recvfds)) {
return TEST_RECV_READY;
else if(FD_ISSET(socketfd, &errfds))
}
else if(FD_ISSET(socketfd, &errfds)) {
return TEST_ERROR_READY;
}
}
return TEST_SELECT_FAIL;
@ -87,10 +90,12 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
error == SSL_ERROR_WANT_WRITE)) {
currTimeout = 1;
if (error == SSL_ERROR_WANT_READ)
if (error == SSL_ERROR_WANT_READ) {
printf("... client would read block\n");
else
}
else {
printf("... client would write block\n");
}
select_ret = tcp_select(sockfd, currTimeout);
@ -185,7 +190,7 @@ int main(int argc, char **argv)
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */

10
psk/client-psk-resume.c
View File

@ -84,7 +84,7 @@ int SendReceive(WOLFSSL* ssl)
/* show message from the server */
printf("Server Message: %s\n", recvline);
return 0;
return 0;
}
int main(int argc, char **argv){
@ -158,10 +158,9 @@ int main(int argc, char **argv){
/* close connection */
close(sockfd);
/* cleanup */
/* cleanup without wolfSSL_Cleanup() for now */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
/*
* resume session, start new connection and socket
@ -194,8 +193,9 @@ int main(int argc, char **argv){
}
/* check to see if the session id is being reused */
if (wolfSSL_session_reused(sslResume))
if (wolfSSL_session_reused(sslResume)) {
printf("reused session id\n");
}
else
printf("didn't reuse session id!!!\n");
@ -205,7 +205,7 @@ int main(int argc, char **argv){
/* shut down socket */
close(sock);
/* clean up */
/* clean up now with wolfSSL_Cleanup() */
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();

4
psk/client-psk.c
View File

@ -144,13 +144,13 @@ int main(int argc, char **argv)
/* associate the file descriptor with the session */
ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != SSL_SUCCESS){
if (ret != SSL_SUCCESS) {
return 1;
}
/* takes inputting string and outputs it to the server */
ret = SendReceive(ssl);
if(ret != 0){
if (ret != 0) {
return 1;
}

2
psk/client-tcp.c
View File

@ -43,7 +43,7 @@ int SendReceive(int sockfd)
char recvline[MAXLINE]; /* string received from the server */
/* write string to the server */
if (write(sockfd, sendline, strlen(sendline)) != sizeof(sendline)) {
if (write(sockfd, sendline, strlen(sendline)) != strlen(sendline)) {
printf("Write Error to Server\n");
return 1;
}

34
psk/server-psk-nonblocking.c
View File

@ -68,13 +68,16 @@ int tcp_select(int sockfd, int to_sec)
result = select(nfds, &recvfds, NULL, &errfds, &timeout);
/* logic for which enumerated value is returned */
if (result == 0)
if (result == 0) {
return TEST_TIMEOUT;
}
else if (result > 0) {
if (FD_ISSET(sockfd, &recvfds))
if (FD_ISSET(sockfd, &recvfds)) {
return TEST_RECV_READY;
else if (FD_ISSET(sockfd, &errfds))
}
else if (FD_ISSET(sockfd, &errfds)) {
return TEST_ERROR_READY;
}
}
return TEST_SELECT_FAIL;
@ -99,10 +102,12 @@ int NonBlockingSSL(WOLFSSL* ssl)
int currTimeout = 1;
/* print out for user notification */
if (error == SSL_ERROR_WANT_READ)
if (error == SSL_ERROR_WANT_READ) {
printf("... server would read block\n");
else
}
else {
printf("... server would write block\n");
}
select_ret = tcp_select(sockfd, currTimeout);
@ -132,7 +137,7 @@ int NonBlockingSSL(WOLFSSL* ssl)
/*
* Handles response to client.
*/
int respond(WOLFSSL* ssl)
int Respond(WOLFSSL* ssl)
{
int n; /* length of string read */
char buf[MAXLINE]; /* string read from client */
@ -140,8 +145,10 @@ int respond(WOLFSSL* ssl)
memset(buf, 0, MAXLINE);
do {
if (NonBlockingSSL(ssl) != SSL_SUCCESS)
if (NonBlockingSSL(ssl) != SSL_SUCCESS) {
return 1;
}
n = wolfSSL_read(ssl, buf, MAXLINE);
if (n > 0) {
printf("%s\n", buf);
@ -149,8 +156,10 @@ int respond(WOLFSSL* ssl)
}
while(n < 0);
if (NonBlockingSSL(ssl) != SSL_SUCCESS)
if (NonBlockingSSL(ssl) != SSL_SUCCESS) {
return 1;
}
if (wolfSSL_write(ssl, response, strlen(response)) != strlen(response)) {
printf("Fatal error : respond: write error\n");
return 1;
@ -168,8 +177,9 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
(void)ssl;
(void)key_max_len;
if (strncmp(identity, "Client_identity", 15) != 0)
if (strncmp(identity, "Client_identity", 15) != 0) {
return 0;
}
key[0] = 26;
key[1] = 43;
@ -200,8 +210,9 @@ int main()
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS)
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
}
/* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0);
@ -264,9 +275,10 @@ int main()
printf("Fatal error : fcntl set failed\n");
return 1;
}
if (respond(ssl) != 0)
if (Respond(ssl) != 0) {
printf("Fatal error : respond error\n");
return 1;
}
/* closes the connections after responding */
wolfSSL_shutdown(ssl);

12
psk/server-psk-threaded.c
View File

@ -50,8 +50,9 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
(void)ssl;
(void)key_max_len;
if (strncmp(identity, "Client_identity", 15) != 0)
if (strncmp(identity, "Client_identity", 15) != 0) {
return 0;
}
key[0] = 26;
key[1] = 43;
@ -86,7 +87,8 @@ void* wolfssl_thread(void* fd)
n = wolfSSL_read(ssl, buf, MAXLINE);
if (n > 0) {
printf("%s\n", buf);
if (wolfSSL_write(ssl, response, strlen(response)) != strlen(response)) {
if (wolfSSL_write(ssl, response, strlen(response))
!= strlen(response)) {
printf("Fatal error :respond: write error\n");
/* place signal for forced error exit here */
}
@ -119,15 +121,17 @@ int main()
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL)
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS)
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list");
}
/* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0);

14
psk/server-psk.c
View File

@ -39,7 +39,7 @@
/*
* Handles response to client.
*/
int respond(WOLFSSL* ssl)
int Respond(WOLFSSL* ssl)
{
int n; /* length of string read */
char buf[MAXLINE]; /* string read from client */
@ -54,7 +54,7 @@ int respond(WOLFSSL* ssl)
}
}
if (n < 0) {
printf("Fatal error :espond: read error\n");
printf("Fatal error :respond: read error\n");
return 1;
}
@ -64,14 +64,15 @@ int respond(WOLFSSL* ssl)
/*
* Identify which psk key to use.
*/
static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, unsigned char* key,
unsigned int key_max_len)
static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
unsigned char* key, unsigned int key_max_len)
{
(void)ssl;
(void)key_max_len;
if (strncmp(identity, "Client_identity", 15) != 0)
if (strncmp(identity, "Client_identity", 15) != 0) {
return 0;
}
key[0] = 26;
key[1] = 43;
@ -160,8 +161,9 @@ int main()
return 1;
}
wolfSSL_set_fd(ssl, connfd);
if (respond(ssl) != 0)
if (Respond(ssl) != 0) {
return 1;
}
/* closes the connections after responding */
wolfSSL_shutdown(ssl);

6
psk/server-tcp.c
View File

@ -73,8 +73,9 @@ int main()
/* find a socket , 0 for using TCP option */
listenfd = socket(AF_INET, SOCK_STREAM, 0);
if (listenfd < 0)
if (listenfd < 0) {
err_sys("socket error");
}
/* set up server address and port */
memset(&servAddr, 0, sizeof(servAddr));
@ -86,8 +87,9 @@ int main()
opt = 1;
setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt,
sizeof(int));
if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0)
if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
err_sys("bind error");
}
/* listen to the socket */
if (listen(listenfd, LISTENQ) < 0) {