WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #175 from kaleb-himes/PSK-UPDATES 

Updating PSK examples
pull/190/head
David Garske 2020-02-04 19:32:34 -05:00 committed by GitHub
parent 360a7da821 db45a9c9e8
commit c090a1c28b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 305 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
psk/client-psk-nonblocking.c
View File

@ -34,6 +34,7 @@
#define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/*
* enum used for tcp_select function
@ -66,12 +67,12 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
int main(int argc, char **argv)
{
int sockfd, ret, error, select_ret = 0, currTimeout;
int sockfd, ret, error, select_ret, currTimeout;
int nfds;
int result;
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
@ -88,15 +89,6 @@ int main(int argc, char **argv)
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -109,35 +101,18 @@ int main(int argc, char **argv)
/* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1) {
printf("inet_pton error\n");
printf("inet_pton error\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
/* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0) {
printf("Connection Error\n");
printf("Connection Error\n");
return 1;
}
/* create wolfSSL object after each tcp connect */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
wolfSSL_set_fd(ssl, sockfd);
/* tell wolfSSL that nonblocking is going to be used */
wolfSSL_set_using_nonblock(ssl, 1);
/* invokes the fcntl callable service to get the file status
* flags for a file. checks if it returns an error, if it does
* stop program */
@ -157,15 +132,39 @@ int main(int argc, char **argv)
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
/* create wolfSSL object after each tcp connect */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
wolfSSL_set_fd(ssl, sockfd);
/* tell wolfSSL that nonblocking is going to be used */
wolfSSL_set_using_nonblock(ssl, 1);
/* setting up and running nonblocking socket */
ret = wolfSSL_connect(ssl);
error = wolfSSL_get_error(ssl, 0);
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE)) {
currTimeout = 1;
if (error == SSL_ERROR_WANT_READ) {
if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... client would read block\n");
}
else {
@ -206,27 +205,30 @@ int main(int argc, char **argv)
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
error = WOLFSSL_ERROR_WANT_READ;
}
else {
error = SSL_FATAL_ERROR;
error = WOLFSSL_FATAL_ERROR;
}
}
if (ret != SSL_SUCCESS){
printf("SSL_connect failed");
if (ret != WOLFSSL_SUCCESS){
printf("wolfSSL_connect failed");
return 1;
}
/* takes inputting string and outputs it to the server */
/* write string to the server */
if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
printf("Write Error to Server\n");
return 1;
}
/* flags if the Server stopped before the client could end */
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
/* flags if the Server stopped before the client could end */
while (wolfSSL_read(ssl, recvline, MAXLINE) == -1 ) {
if (wolfSSL_want_read(ssl)) {
continue;
}
printf("Client: Server Terminated Prematurely!\n");
return 1;
}

44
psk/client-psk-resume.c
View File

@ -35,6 +35,7 @@
#define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/*
*psk client set up.
@ -57,7 +58,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
int main(int argc, char **argv){
@ -77,14 +78,6 @@ int main(int argc, char **argv){
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -97,20 +90,27 @@ int main(int argc, char **argv){
/* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1){
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0 ){
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* create wolfSSL object after each tcp connect */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
@ -122,18 +122,18 @@ int main(int argc, char **argv){
/* takes inputting string and outputs it to the server */
if (wolfSSL_write(ssl, sendline, sizeof(sendline)) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
printf("Write Error to Server\n");
return 1;
}
/* flags if the Server stopped before the client could end */
/* flags if the Server stopped before the client could end */
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
return 1;
}
/* show message from the server */
printf("Server Message: %s\n", recvline);
printf("Server Message: %s\n", recvline);
/* Save the session ID to reuse */
session = wolfSSL_get_session(ssl);
@ -167,24 +167,24 @@ int main(int argc, char **argv){
wolfSSL_set_session(sslResume, session);
/* check has connect successfully */
if (wolfSSL_connect(sslResume) != SSL_SUCCESS) {
if (wolfSSL_connect(sslResume) != WOLFSSL_SUCCESS) {
printf("SSL resume failed\n");
return 1;
}
if (wolfSSL_write(sslResume, sendline, sizeof(sendline)) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
printf("Write Error to Server\n");
return 1;
}
/* flags if the Server stopped before the client could end */
/* flags if the Server stopped before the client could end */
if (wolfSSL_read(sslResume, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
return 1;
}
/* show message from the server */
printf("Server Message: %s\n", recvline);
printf("Server Message: %s\n", recvline);
/* check to see if the session id is being reused */
if (wolfSSL_session_reused(sslResume)) {
printf("reused session id\n");

46
psk/client-psk.c
View File

@ -33,6 +33,7 @@
#define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/*
*psk client set up.
@ -55,7 +56,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
int main(int argc, char **argv)
@ -63,9 +64,10 @@ int main(int argc, char **argv)
int ret, sockfd;
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
char recvline[MAXLINE]; /* string received from the server */
struct sockaddr_in servaddr;;
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
struct sockaddr_in servaddr;;
/* must include an ip address of this will flag */
if (argc != 2) {
@ -73,14 +75,6 @@ int main(int argc, char **argv)
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -93,23 +87,30 @@ int main(int argc, char **argv)
/* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1) {
printf("inet_pton error\n");
return 1;
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0) {
printf("Connection Error\n");
return 1;
}
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* creat wolfssl object after each tcp connct */
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
@ -118,17 +119,16 @@ int main(int argc, char **argv)
/* associate the file descriptor with the session */
ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != SSL_SUCCESS) {
if (ret != WOLFSSL_SUCCESS) {
return 1;
}
/* write string to the server */
if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) {
printf("Write Error to Server\n");
return 1;
}
/* check if server ended before client could read a response */
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) {
printf("Client: Server Terminated Prematurely!\n");
@ -136,7 +136,7 @@ int main(int argc, char **argv)
}
/* show message from the server */
printf("Server Message: %s\n", recvline);
printf("Server Message: %s\n", recvline);
/* cleanup */
wolfSSL_free(ssl);

131
psk/server-psk-nonblocking.c
View File

@ -32,12 +32,14 @@
#include <errno.h>
#include <arpa/inet.h>
#include <signal.h>
#include <fcntl.h> /* needed for runing nonblocking connections */
#include <fcntl.h> /* needed for running non-blocking connections */
#include <time.h> /* for time out on read loop */
#define MAXLINE 4096
#define LISTENQ 1024
#define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
/* states of the tcp connection */
enum{
@ -65,7 +67,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
@ -75,7 +77,7 @@ int main()
int ret;
int error;
int result;
int select_ret = 0;
int select_ret;
int sockfd;
int nfds;
int currTimeout = 1;
@ -84,26 +86,39 @@ int main()
char buff[MAXLINE]; /* buffer for tcp connection */
char buf[MAXLINE]; /* string read from client */
char response[] = "I hear ya for shizzle";
char suites[] =
#ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
"PSK-AES128-GCM-SHA256:"
"PSK-AES256-CBC-SHA384:"
"PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
"PSK-AES256-CBC-SHA:"
"PSK-CHACHA20-POLY1305:"
#endif
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
fd_set recvfds, errfds;
socklen_t cliLen;
WOLFSSL_CTX* ctx;
struct sockaddr_in cliAddr, servAddr;
struct timeval timeout = {currTimeout, 0};
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
}
/* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0);
@ -122,7 +137,7 @@ int main()
opt = 1;
if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt,
sizeof(int)) != 0) {
printf("Fatal error : setsockopt errer");
printf("Fatal error : setsockopt error");
return 1;
}
if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
@ -130,6 +145,32 @@ int main()
return 1;
}
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, suites) != WOLFSSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
return 1;
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */
for ( ; ; ) {
WOLFSSL* ssl;
@ -171,23 +212,22 @@ int main()
ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0);
/* clearing buffer for client reponse to prevent unexpected output*/
/* clear buffer for client response to prevent unexpected output */
memset(buf, 0, MAXLINE);
do {
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE)) {
/* print out for user notification */
if (error == SSL_ERROR_WANT_READ) {
if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... server would read block\n");
}
else {
printf("... server would write block\n");
}
/* -------------------------------------------------------------------------- */
/* TCP */
/* -------------------------------------------------------------------------- */
FD_ZERO(&recvfds);
FD_SET(sockfd, &recvfds);
FD_ZERO(&errfds);
@ -211,26 +251,26 @@ int main()
select_ret = TEST_SELECT_FAIL;
}
/* if tcp_select signals ready try to accept otherwise continue loop*/
/* if tcp_select signal is ready try to accept else continue loop */
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
error = WOLFSSL_ERROR_WANT_READ;
}
else {
error = SSL_FATAL_ERROR;
error = WOLFSSL_FATAL_ERROR;
}
}
/* faliure to accept */
if (ret != SSL_SUCCESS) {
printf("Fatal error : SSL_accept failed\n");
ret = SSL_FATAL_ERROR;
/* failure to accept */
if (ret != WOLFSSL_SUCCESS) {
printf("Fatal error : wolfSSL_accept failed\n");
ret = WOLFSSL_FATAL_ERROR;
}
if (ret != SSL_SUCCESS) {
if (ret != WOLFSSL_SUCCESS) {
return 1;
}
@ -241,19 +281,18 @@ int main()
}
while(n < 0);
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE)) {
/* print out for user notification */
if (error == SSL_ERROR_WANT_READ) {
if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... server would read block\n");
}
else {
printf("... server would write block\n");
}
/* -------------------------------------------------------------------------- */
/* TCP */
/* -------------------------------------------------------------------------- */
FD_ZERO(&recvfds);
FD_SET(sockfd, &recvfds);
FD_ZERO(&errfds);
@ -284,20 +323,20 @@ int main()
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
error = WOLFSSL_ERROR_WANT_READ;
}
else {
error = SSL_FATAL_ERROR;
error = WOLFSSL_FATAL_ERROR;
}
}
/* faliure to accept */
if (ret != SSL_SUCCESS) {
printf("Fatal error : SSL_accept failed\n");
ret = SSL_FATAL_ERROR;
/* failure to accept */
if (ret != WOLFSSL_SUCCESS) {
printf("Fatal error : wolfSSL_accept failed\n");
ret = WOLFSSL_FATAL_ERROR;
}
if (ret != SSL_SUCCESS) {
if (ret != WOLFSSL_SUCCESS) {
return 1;
}
if ( wolfSSL_write(ssl, response, strlen(response)) !=

81
psk/server-psk-threaded.c
View File

@ -37,6 +37,8 @@
#define MAXLINE 4096
#define LISTENQ 1024
#define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
WOLFSSL_CTX* ctx; /* global so it's shared by threads */
@ -59,7 +61,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
/*
@ -67,6 +69,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
*/
void* wolfssl_thread(void* fd)
{
int ret;
WOLFSSL* ssl;
int connfd = *((int*)fd);
int n;
@ -83,6 +86,13 @@ void* wolfssl_thread(void* fd)
wolfSSL_set_fd(ssl, connfd);
if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_accept failed with %d\n", ret);
wolfSSL_free(ssl);
close(connfd);
pthread_exit(NULL);
}
/* respond to client */
n = wolfSSL_read(ssl, buf, MAXLINE);
if (n > 0) {
@ -112,26 +122,38 @@ void* wolfssl_thread(void* fd)
int main()
{
int listenfd, connfd;
int opt;
int opt, ret;
struct sockaddr_in cliAddr, servAddr;
char buff[MAXLINE];
socklen_t cliLen;
pthread_t thread;
void* wolfssl_thread(void*);
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list");
}
char suites[] =
#ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
"PSK-AES128-GCM-SHA256:"
"PSK-AES256-CBC-SHA384:"
"PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
"PSK-AES256-CBC-SHA:"
"PSK-CHACHA20-POLY1305:"
#endif
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
/* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0);
@ -157,6 +179,33 @@ int main()
return 1;
}
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
!= WOLFSSL_SUCCESS) {
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
return ret;
}
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
printf("Fatal error : server can't set cipher list");
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */
for ( ; ; ) {
/* listen to the socket */

89
psk/server-psk.c
View File

@ -35,6 +35,8 @@
#define MAXLINE 4096
#define LISTENQ 1024
#define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
/*
* Identify which psk key to use.
@ -54,37 +56,48 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60;
key[3] = 77;
return 4;
return PSK_KEY_LEN;
}
int main()
{
int n; /* length of string read */
int listenfd, connfd;
int listenfd, connfd, ret;
int opt;
char buff[MAXLINE];
char buf[MAXLINE]; /* string read from client */
char response[] = "I hear ya for shizzle";
char suites[] =
#ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
"PSK-AES128-GCM-SHA256:"
"PSK-AES256-CBC-SHA384:"
"PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
"PSK-AES256-CBC-SHA:"
"PSK-CHACHA20-POLY1305:"
#endif
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
struct sockaddr_in cliAddr, servAddr;
socklen_t cliLen;
WOLFSSL_CTX* ctx;
wolfSSL_Init();
/* create ctx and configure certificates */
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
return 1;
}
/* set up server address and port */
@ -118,6 +131,35 @@ int main()
return 1;
}
wolfSSL_Init();
/* create ctx and configure certificates */
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
!= WOLFSSL_SUCCESS) {
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
return ret;
}
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
printf("Fatal error : server set cipher list returned %d\n", ret);
return ret;
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */
for ( ; ; ) {
WOLFSSL* ssl;
@ -138,19 +180,20 @@ int main()
printf("Fatal error : wolfSSL_new error\n");
return 1;
}
/* sets the file descriptor of the socket for the ssl session */
wolfSSL_set_fd(ssl, connfd);
/* making sure buffered to store data sent from client is emprty */
/* making sure buffered to store data sent from client is empty */
memset(buf, 0, MAXLINE);
/* reads and displays data sent by client if no errors occur */
n = wolfSSL_read(ssl, buf, MAXLINE);
if (n > 0) {
printf("%s\n", buf);
/* server response */
if (wolfSSL_write(ssl, response, strlen(response)) > strlen(response)) {
if (wolfSSL_write(ssl, response, strlen(response)) >
strlen(response)) {
printf("Fatal error : respond: write error\n");
return 1;
}