diff --git a/project1/dtls_secured_nonblocking_multithreaded/Makefile b/project1/dtls_secured_nonblocking_multithreaded/Makefile new file mode 100644 index 00000000..3fdc8071 --- /dev/null +++ b/project1/dtls_secured_nonblocking_multithreaded/Makefile @@ -0,0 +1,21 @@ +DEPS = ../include/unp.h +CC=gcc +CFLAGS=-Wall -I ../include -DCYASSL_DTLS +OBJ = echoserver.o + +#if you are on a sunOS (System V) machine, you'll need to uncomment +#the next line. + +#LIBS=-lsocket +%.o: %.c $(DEPS) + $(CC) -c -o $@ $< $(CFLAGS) +all: server + +server: server-dtls-nonblocking-threaded.c + $(CC) -Wall -DCYASSL_DTLS -o server server-dtls-nonblocking-threaded.c -lcyassl -lpthread + + +.PHONY: clean + +clean: + -rm -f *.o server diff --git a/project1/dtls_secured_nonblocking_multithreaded/server-dtls-nonblocking-threaded.c b/project1/dtls_secured_nonblocking_multithreaded/server-dtls-nonblocking-threaded.c new file mode 100644 index 00000000..1ebd6636 --- /dev/null +++ b/project1/dtls_secured_nonblocking_multithreaded/server-dtls-nonblocking-threaded.c @@ -0,0 +1,428 @@ +/* server-dtls-nonblocking.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA + *============================================================================= + * + * Bare-bones example of a DTLS server for instructional/learning purposes. + * Utilizes DTLS 1.2 and non-blocking sockets + */ + +#include /* standard in/out procedures */ +#include /* defines system calls */ +#include /* necessary for memset */ +#include +#include /* used for all socket calls */ +#include /* used for sockaddr_in */ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SERV_PORT 11111 /* define our server port number */ +#define MSGLEN 4096 + +CYASSL_CTX* ctx; + +static int cleanup; /* To handle shutdown */ + +static int dtls_select(socklen_t sockfd, int to_sec); + +void *ThreadControl(void* openSock); + + + + +void sig_handler(const int sig) +{ + printf("\nSIGINT handled.\n"); + cleanup = 1; + exit(0); +} + +static void err_sys(const char* msg) +{ + printf("yassl error: %s\n", msg); + if (msg) + exit(EXIT_FAILURE); +} + +enum { + TEST_SELECT_FAIL, + TEST_TIMEOUT, + TEST_RECV_READY, + TEST_ERROR_READY +}; + +static int dtls_select(socklen_t sockfd, int to_sec) +{ + fd_set masterset, workingset; + socklen_t maxfd = sockfd + 1; + struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; + int result; + + FD_ZERO(&masterset); + FD_SET(sockfd, &masterset); + FD_ZERO(&workingset); + FD_SET(sockfd, &workingset); + + /* Uncomment to make the timout a static 3 minutes */ + + /* + timeout.tv_sec = 0; + timeout.tv_usec = 0; + */ + + result = select(maxfd, &masterset, NULL, &workingset, &timeout); + + if (result == 0) + return TEST_TIMEOUT; + else if (result > 0) { + if (FD_ISSET(sockfd, &masterset)) + return TEST_RECV_READY; + else if(FD_ISSET(sockfd, &workingset)) + return TEST_ERROR_READY; + } + + return TEST_SELECT_FAIL; +} + +void *ThreadControl(void* openSock) +{ + char ack[] = "I hear you fashizzle!\n"; + int connfd = *(int*)openSock; + CYASSL* ssl; + printf("Connected with a client!\n"); + + /* Create the CYASSL Object */ + if (( ssl = CyaSSL_new(ctx) ) == NULL) { + fprintf(stderr, "CyaSSL_new error.\n"); + exit(EXIT_FAILURE); + } + + + /* set the session ssl to client connection port */ + CyaSSL_set_fd(ssl, connfd); + + + /* set listen port to nonblocking, accept nonblocking */ + /* handle peer error */ + CyaSSL_set_using_nonblock(ssl, 1); + for (;;) { + char buff[MSGLEN]; + int recvlen = 0; + + bzero(&buff, sizeof(buff)); + + + if (( recvlen = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { + + printf("heard %d bytes\n", recvlen); + + buff[recvlen] = 0; + printf("I heard this: \"%s\"\n", buff); + } + + + if (recvlen < 0) { + int readErr = CyaSSL_get_error(ssl, 0); + if(readErr != SSL_ERROR_WANT_READ) + err_sys("SSL_read failed"); + } + + + if (CyaSSL_write(ssl, ack, sizeof(ack)) < 0) { + err_sys("CyaSSL_write fail"); + } + + else + printf("Lost the connection to client\n"); + + printf("reply sent \"%s\"\n", ack); + + + printf("Client left return to idle state\n"); + CyaSSL_set_fd(ssl, 0); + CyaSSL_shutdown(ssl); + CyaSSL_free(ssl); + close(connfd); + break; + } +} + + +int main(int argc, char** argv) +{ + /* CREATE THE SOCKET */ + + char ack[] = "I hear you fashizzle!"; + struct sockaddr_in servaddr; /* our server's address */ + struct sockaddr_in cliaddr; /* the client's address */ + int listenfd; /* Initialize our socket */ + socklen_t clilen; /* length of address' */ + int recvlen = 0; /* length of message */ + char buff[MSGLEN]; /* the incoming message */ + struct sigaction act, oact; /* structures for signal handling */ + + /* + * Define a signal handler for when the user closes the program + * with Ctrl-C. Also, turn off SA_RESTART so that the OS doesn't + * restart the call to accept() after the signal is handled. + */ + act.sa_handler = sig_handler; + sigemptyset(&act.sa_mask); + act.sa_flags = 0; + sigaction(SIGINT, &act, &oact); + + // CyaSSL_Debugging_ON(); + CyaSSL_Init(); /* Initialize CyaSSL */ + + if ( (ctx = CyaSSL_CTX_new(CyaDTLSv1_2_server_method())) == NULL){ + fprintf(stderr, "CyaSSL_CTX_new error.\n"); + exit(EXIT_FAILURE); + } + printf("CTX set to DTLS 1.2\n"); + + if (CyaSSL_CTX_load_verify_locations(ctx,"../certs/ca-cert.pem",0) != + SSL_SUCCESS) { + fprintf(stderr, "Error loading ../certs/ca-cert.pem, " + "please check the file.\n"); + exit(EXIT_FAILURE); + } + printf("Loaded CA certs\n"); + + if (CyaSSL_CTX_use_certificate_file(ctx,"../certs/server-cert.pem", + SSL_FILETYPE_PEM) != SSL_SUCCESS) { + fprintf(stderr, "Error loading ../certs/server-cert.pem, " + "please check the file.\n"); + exit(EXIT_FAILURE); + } + printf("Loaded server certs\n"); + + if (CyaSSL_CTX_use_PrivateKey_file(ctx,"../certs/server-key.pem", + SSL_FILETYPE_PEM) != SSL_SUCCESS) { + fprintf(stderr, "Error loading ../certs/server-key.pem, " + "please check the file.\n"); + exit(EXIT_FAILURE); + } + printf("Loaded server keys\n"); + + + + /* BEGIN: avoid valgrind error when using DTLS v1.2 and AES */ + int ret; + + ret = CyaSSL_CTX_set_cipher_list(ctx, "DES-CBC3-SHA"); + if(ret == SSL_SUCCESS) + printf("ret successfully set to \"DES-CBC3-SHA\"\n"); + /* END: avoid valgrind error */ + + + + + while (cleanup != 1) { + + if ( (listenfd = socket(AF_INET, SOCK_DGRAM, 0) ) < 0 ) { + err_sys("cannot create socket"); + return 0; + } + printf("Socket allocated\n"); + + /* INADDR_ANY=IPaddr, socket = 11111, modify SERV_PORT to change */ + memset((char *)&servaddr, 0, sizeof(servaddr)); + + /* host-to-network-long conversion (htonl) */ + /* host-to-network-short conversion (htons) */ + servaddr.sin_family = AF_INET; + servaddr.sin_addr.s_addr = htonl(INADDR_ANY); + servaddr.sin_port = htons(SERV_PORT); + + + + /* Eliminate socket already in use error */ + int res = 1; + int on = 1; + socklen_t len = sizeof(on); + res = setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) { + err_sys("setsockopt SO_REUSEADDR failed\n"); + } + + + + /*Bind Socket*/ + if (bind(listenfd, (struct sockaddr *)&servaddr, sizeof(servaddr)) < 0) { + err_sys("bind failed"); + return 0; + } + printf("Socket bind complete\n"); + + + printf("Awaiting client connection on port %d\n", SERV_PORT); + + /* set listenfd non-blocking */ + fcntl(res, F_SETFL, O_NONBLOCK); + + CYASSL* ssl; /* initialize arg */ + clilen = sizeof(cliaddr); /* set clilen to |cliaddr| */ + unsigned char b[1500]; + int connfd = 0; + + + connfd = (int)recvfrom(listenfd, (char *)&b, sizeof(b), MSG_PEEK, + (struct sockaddr*)&cliaddr, &clilen); + + if (connfd < 0){ + printf("No clients in que, enter idle state\n"); + } + + else if (connfd > 0) { + if (connect(listenfd, (const struct sockaddr *)&cliaddr, + sizeof(cliaddr)) != 0) + err_sys("udp connect failed"); + } + else err_sys("recvfrom failed"); + + + + + /* Create the CYASSL Object */ + if (( ssl = CyaSSL_new(ctx) ) == NULL) { + fprintf(stderr, "CyaSSL_new error.\n"); + exit(EXIT_FAILURE); + } + + + /* set the session ssl to client connection port */ + CyaSSL_set_fd(ssl, listenfd); + + + /* set listen port to nonblocking, accept nonblocking */ + /* handle peer error */ + CyaSSL_set_using_nonblock(ssl, 1); + + + ret = CyaSSL_accept(ssl); + int error = CyaSSL_get_error(ssl, 0); + socklen_t sockfd = (socklen_t)CyaSSL_get_fd(ssl); + int select_ret; + + printf("ret = %d\n", ret); + + + pthread_t threadID; + + while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || + error == SSL_ERROR_WANT_WRITE)) { + + int currTimeout = 1; + + /* NOTE: changes over time */ + currTimeout = CyaSSL_dtls_get_current_timeout(ssl); + + if (error == SSL_ERROR_WANT_READ) + printf("Server wants to read...\n"); + else + printf("Server wants to write...\n"); + + printf("waiting to select()\n"); + + /* select for dtls server */ + select_ret = dtls_select(sockfd, currTimeout); + + /* initialize new thread ID each time we loop */ + + + if (select_ret == TEST_RECV_READY) { + printf("TEST_RECV_READY!\n"); + while (( ret = CyaSSL_accept(ssl))){ + if (pthread_create(&threadID, NULL, ThreadControl, (void *) + &ret) < 0) + printf("pthread_create() failed\n"); + + printf("Control handed to ThreadControl()\n"); + } + } + + if (select_ret == TEST_ERROR_READY && !CyaSSL_dtls(ssl)) { + printf("TEST_ERROR_READY\n"); + error = CyaSSL_get_error(ssl, 0); + } + + else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) && + CyaSSL_dtls_got_timeout(ssl) ) { + printf("TEST_TIMEOUT\n"); + error = SSL_ERROR_WANT_READ; + } + else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) && + CyaSSL_dtls_got_timeout(ssl) >= 0) { + error = SSL_ERROR_WANT_READ; + } + else { + error = SSL_FATAL_ERROR; + } + } + if (ret != SSL_SUCCESS){ + printf("SSL_accept failed\n"); + continue; + } + + + printf("Connected with a client!\n"); + + if (( recvlen = CyaSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { + + printf("heard %d bytes\n", recvlen); + + buff[recvlen] = 0; + printf("I heard this: \"%s\"\n", buff); + } + + + if (recvlen < 0) { + int readErr = CyaSSL_get_error(ssl, 0); + if(readErr != SSL_ERROR_WANT_READ) + err_sys("SSL_read failed"); + } + + + if (CyaSSL_write(ssl, ack, sizeof(ack)) < 0) { + err_sys("CyaSSL_write fail"); + } + + else + printf("lost the connection to client\n"); + + printf("reply sent \"%s\"\n", ack); + + CyaSSL_set_fd(ssl, 0); + CyaSSL_shutdown(ssl); + CyaSSL_free(ssl); + + printf("Client left return to idle state\n"); + continue; + } + CyaSSL_CTX_free(ctx); + return(0); +}