From db45a9c9e8cbba7d061dbd92b3118d175bbc311d Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 21 Nov 2019 17:11:32 -0700 Subject: [PATCH] Updating PSK examples --- psk/client-psk-nonblocking.c | 86 ++++++++++++----------- psk/client-psk-resume.c | 44 ++++++------ psk/client-psk.c | 46 ++++++------ psk/server-psk-nonblocking.c | 131 +++++++++++++++++++++++------------ psk/server-psk-threaded.c | 81 +++++++++++++++++----- psk/server-psk.c | 89 ++++++++++++++++++------ 6 files changed, 305 insertions(+), 172 deletions(-) diff --git a/psk/client-psk-nonblocking.c b/psk/client-psk-nonblocking.c index f3f7d1d7..746782bb 100644 --- a/psk/client-psk-nonblocking.c +++ b/psk/client-psk-nonblocking.c @@ -34,6 +34,7 @@ #define MAXLINE 256 /* max text line length */ #define SERV_PORT 11111 /* default port*/ +#define PSK_KEY_LEN 4 /* * enum used for tcp_select function @@ -66,12 +67,12 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } int main(int argc, char **argv) { - int sockfd, ret, error, select_ret = 0, currTimeout; + int sockfd, ret, error, select_ret, currTimeout; int nfds; int result; char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ @@ -88,15 +89,6 @@ int main(int argc, char **argv) return 1; } - wolfSSL_Init(); /* initialize wolfSSL */ - - - /* create and initialize WOLFSSL_CTX structure */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { - fprintf(stderr, "SSL_CTX_new error.\n"); - return 1; - } - /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); @@ -109,35 +101,18 @@ int main(int argc, char **argv) /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - if (ret != 1) { - printf("inet_pton error\n"); + printf("inet_pton error\n"); return 1; } - /* set up pre shared keys */ - wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb); - /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); - if (ret != 0) { - printf("Connection Error\n"); + printf("Connection Error\n"); return 1; } - /* create wolfSSL object after each tcp connect */ - if ((ssl = wolfSSL_new(ctx)) == NULL) { - fprintf(stderr, "wolfSSL_new error.\n"); - return 1; - } - - /* associate the file descriptor with the session */ - wolfSSL_set_fd(ssl, sockfd); - - /* tell wolfSSL that nonblocking is going to be used */ - wolfSSL_set_using_nonblock(ssl, 1); - /* invokes the fcntl callable service to get the file status * flags for a file. checks if it returns an error, if it does * stop program */ @@ -157,15 +132,39 @@ int main(int argc, char **argv) return 1; } + wolfSSL_Init(); /* initialize wolfSSL */ + + /* create and initialize WOLFSSL_CTX structure */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "wolfSSL_CTX_new error.\n"); + return 1; + } + + /* set up pre shared keys */ + wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb); + + /* create wolfSSL object after each tcp connect */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "wolfSSL_new error.\n"); + return 1; + } + + /* associate the file descriptor with the session */ + wolfSSL_set_fd(ssl, sockfd); + + /* tell wolfSSL that nonblocking is going to be used */ + wolfSSL_set_using_nonblock(ssl, 1); + + /* setting up and running nonblocking socket */ ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); - while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || - error == SSL_ERROR_WANT_WRITE)) { + while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ || + error == WOLFSSL_ERROR_WANT_WRITE)) { currTimeout = 1; - if (error == SSL_ERROR_WANT_READ) { + if (error == WOLFSSL_ERROR_WANT_READ) { printf("... client would read block\n"); } else { @@ -206,27 +205,30 @@ int main(int argc, char **argv) error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { - error = SSL_ERROR_WANT_READ; + error = WOLFSSL_ERROR_WANT_READ; } else { - error = SSL_FATAL_ERROR; + error = WOLFSSL_FATAL_ERROR; } } - if (ret != SSL_SUCCESS){ - printf("SSL_connect failed"); + if (ret != WOLFSSL_SUCCESS){ + printf("wolfSSL_connect failed"); return 1; } /* takes inputting string and outputs it to the server */ /* write string to the server */ if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { - printf("Write Error to Server\n"); - return 1; + printf("Write Error to Server\n"); + return 1; } - /* flags if the Server stopped before the client could end */ - if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { - printf("Client: Server Terminated Prematurely!\n"); + /* flags if the Server stopped before the client could end */ + while (wolfSSL_read(ssl, recvline, MAXLINE) == -1 ) { + if (wolfSSL_want_read(ssl)) { + continue; + } + printf("Client: Server Terminated Prematurely!\n"); return 1; } diff --git a/psk/client-psk-resume.c b/psk/client-psk-resume.c index 260b28ae..10165642 100644 --- a/psk/client-psk-resume.c +++ b/psk/client-psk-resume.c @@ -35,6 +35,7 @@ #define MAXLINE 256 /* max text line length */ #define SERV_PORT 11111 /* default port*/ +#define PSK_KEY_LEN 4 /* *psk client set up. @@ -57,7 +58,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } int main(int argc, char **argv){ @@ -77,14 +78,6 @@ int main(int argc, char **argv){ return 1; } - wolfSSL_Init(); /* initialize wolfSSL */ - - /* create and initialize WOLFSSL_CTX structure */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { - fprintf(stderr, "SSL_CTX_new error.\n"); - return 1; - } - /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); @@ -97,20 +90,27 @@ int main(int argc, char **argv){ /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - if (ret != 1){ return 1; } - /* set up pre shared keys */ - wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); - /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0 ){ return 1; } + wolfSSL_Init(); /* initialize wolfSSL */ + + /* create and initialize WOLFSSL_CTX structure */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "wolfSSL_CTX_new error.\n"); + return 1; + } + + /* set up pre shared keys */ + wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); + /* create wolfSSL object after each tcp connect */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); @@ -122,18 +122,18 @@ int main(int argc, char **argv){ /* takes inputting string and outputs it to the server */ if (wolfSSL_write(ssl, sendline, sizeof(sendline)) != sizeof(sendline)) { - printf("Write Error to Server\n"); - return 1; + printf("Write Error to Server\n"); + return 1; } - /* flags if the Server stopped before the client could end */ + /* flags if the Server stopped before the client could end */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); return 1; } /* show message from the server */ - printf("Server Message: %s\n", recvline); + printf("Server Message: %s\n", recvline); /* Save the session ID to reuse */ session = wolfSSL_get_session(ssl); @@ -167,24 +167,24 @@ int main(int argc, char **argv){ wolfSSL_set_session(sslResume, session); /* check has connect successfully */ - if (wolfSSL_connect(sslResume) != SSL_SUCCESS) { + if (wolfSSL_connect(sslResume) != WOLFSSL_SUCCESS) { printf("SSL resume failed\n"); return 1; } if (wolfSSL_write(sslResume, sendline, sizeof(sendline)) != sizeof(sendline)) { - printf("Write Error to Server\n"); - return 1; + printf("Write Error to Server\n"); + return 1; } - /* flags if the Server stopped before the client could end */ + /* flags if the Server stopped before the client could end */ if (wolfSSL_read(sslResume, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); return 1; } /* show message from the server */ - printf("Server Message: %s\n", recvline); + printf("Server Message: %s\n", recvline); /* check to see if the session id is being reused */ if (wolfSSL_session_reused(sslResume)) { printf("reused session id\n"); diff --git a/psk/client-psk.c b/psk/client-psk.c index 1b0c6beb..ac9e4a05 100755 --- a/psk/client-psk.c +++ b/psk/client-psk.c @@ -33,6 +33,7 @@ #define MAXLINE 256 /* max text line length */ #define SERV_PORT 11111 /* default port*/ +#define PSK_KEY_LEN 4 /* *psk client set up. @@ -55,7 +56,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } int main(int argc, char **argv) @@ -63,9 +64,10 @@ int main(int argc, char **argv) int ret, sockfd; char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char recvline[MAXLINE]; /* string received from the server */ + struct sockaddr_in servaddr;; + WOLFSSL* ssl; WOLFSSL_CTX* ctx; - struct sockaddr_in servaddr;; /* must include an ip address of this will flag */ if (argc != 2) { @@ -73,14 +75,6 @@ int main(int argc, char **argv) return 1; } - wolfSSL_Init(); /* initialize wolfSSL */ - - /* create and initialize WOLFSSL_CTX structure */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { - fprintf(stderr, "SSL_CTX_new error.\n"); - return 1; - } - /* create a stream socket using tcp,internet protocal IPv4, * full-duplex stream */ sockfd = socket(AF_INET, SOCK_STREAM, 0); @@ -93,23 +87,30 @@ int main(int argc, char **argv) /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); - if (ret != 1) { printf("inet_pton error\n"); - return 1; + return 1; } - /* set up pre shared keys */ - wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); - /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); - if (ret != 0) { printf("Connection Error\n"); return 1; } + + wolfSSL_Init(); /* initialize wolfSSL */ + + /* create and initialize WOLFSSL_CTX structure */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "wolfSSL_CTX_new error.\n"); + return 1; + } + + /* set up pre shared keys */ + wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb); + /* creat wolfssl object after each tcp connct */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); @@ -118,17 +119,16 @@ int main(int argc, char **argv) /* associate the file descriptor with the session */ ret = wolfSSL_set_fd(ssl, sockfd); - - if (ret != SSL_SUCCESS) { + if (ret != WOLFSSL_SUCCESS) { return 1; } /* write string to the server */ - if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { - printf("Write Error to Server\n"); - return 1; + if (wolfSSL_write(ssl, sendline, MAXLINE) != sizeof(sendline)) { + printf("Write Error to Server\n"); + return 1; } - + /* check if server ended before client could read a response */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); @@ -136,7 +136,7 @@ int main(int argc, char **argv) } /* show message from the server */ - printf("Server Message: %s\n", recvline); + printf("Server Message: %s\n", recvline); /* cleanup */ wolfSSL_free(ssl); diff --git a/psk/server-psk-nonblocking.c b/psk/server-psk-nonblocking.c index 80d0ce20..db55b55a 100644 --- a/psk/server-psk-nonblocking.c +++ b/psk/server-psk-nonblocking.c @@ -32,12 +32,14 @@ #include #include #include -#include /* needed for runing nonblocking connections */ +#include /* needed for running non-blocking connections */ #include /* for time out on read loop */ #define MAXLINE 4096 #define LISTENQ 1024 #define SERV_PORT 11111 +#define PSK_KEY_LEN 4 +#define dhParamFile "../certs/dh2048.pem" /* states of the tcp connection */ enum{ @@ -65,7 +67,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } @@ -75,7 +77,7 @@ int main() int ret; int error; int result; - int select_ret = 0; + int select_ret; int sockfd; int nfds; int currTimeout = 1; @@ -84,26 +86,39 @@ int main() char buff[MAXLINE]; /* buffer for tcp connection */ char buf[MAXLINE]; /* string read from client */ char response[] = "I hear ya for shizzle"; + char suites[] = +#ifdef WOLFSSL_STATIC_PSK + "PSK-AES256-GCM-SHA384:" + "PSK-AES128-GCM-SHA256:" + "PSK-AES256-CBC-SHA384:" + "PSK-AES128-CBC-SHA256:" + "PSK-AES128-CBC-SHA:" + "PSK-AES256-CBC-SHA:" + "PSK-CHACHA20-POLY1305:" +#endif +#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \ + defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \ + defined(WOLFSSL_TLS13) + "TLS13-AES128-GCM-SHA256:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-CHACHA20-POLY1305-SHA256:" +#endif +#ifndef NO_DH + "DHE-PSK-AES256-GCM-SHA384:" + "DHE-PSK-AES128-GCM-SHA256:" + "DHE-PSK-AES256-CBC-SHA384:" + "DHE-PSK-AES128-CBC-SHA256:" + "DHE-PSK-CHACHA20-POLY1305" +#endif + "ECDHE-PSK-AES128-CBC-SHA256:" + "ECDHE-PSK-CHACHA20-POLY1305:"; + fd_set recvfds, errfds; socklen_t cliLen; WOLFSSL_CTX* ctx; struct sockaddr_in cliAddr, servAddr; struct timeval timeout = {currTimeout, 0}; - wolfSSL_Init(); - - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { - printf("Fatal error : wolfSSL_CTX_new error\n"); - return 1; - } - - /* use psk suite for security */ - wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); - if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") - != SSL_SUCCESS) { - printf("Fatal error : server can't set cipher list\n"); - } /* find a socket */ listenfd = socket(AF_INET, SOCK_STREAM, 0); @@ -122,7 +137,7 @@ int main() opt = 1; if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt, sizeof(int)) != 0) { - printf("Fatal error : setsockopt errer"); + printf("Fatal error : setsockopt error"); return 1; } if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { @@ -130,6 +145,32 @@ int main() return 1; } + wolfSSL_Init(); + + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + printf("Fatal error : wolfSSL_CTX_new error\n"); + return 1; + } + + /* use psk suite for security */ + wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + + wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); + + if (wolfSSL_CTX_set_cipher_list(ctx, suites) != WOLFSSL_SUCCESS) { + printf("Fatal error : server can't set cipher list\n"); + return 1; + } + +#ifndef NO_DH + if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM) + ) != WOLFSSL_SUCCESS) { + printf("Fatal error: server set temp DH params returned %d\n", ret); + return ret; + } +#endif + + /* main loop for accepting and responding to clients */ for ( ; ; ) { WOLFSSL* ssl; @@ -171,23 +212,22 @@ int main() ret = wolfSSL_accept(ssl); error = wolfSSL_get_error(ssl, 0); - /* clearing buffer for client reponse to prevent unexpected output*/ + /* clear buffer for client response to prevent unexpected output */ memset(buf, 0, MAXLINE); do { - while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || - error == SSL_ERROR_WANT_WRITE)) { + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || + error == WOLFSSL_ERROR_WANT_WRITE)) { /* print out for user notification */ - if (error == SSL_ERROR_WANT_READ) { + if (error == WOLFSSL_ERROR_WANT_READ) { printf("... server would read block\n"); } else { printf("... server would write block\n"); } -/* -------------------------------------------------------------------------- */ -/* TCP */ -/* -------------------------------------------------------------------------- */ + FD_ZERO(&recvfds); FD_SET(sockfd, &recvfds); FD_ZERO(&errfds); @@ -211,26 +251,26 @@ int main() select_ret = TEST_SELECT_FAIL; } - /* if tcp_select signals ready try to accept otherwise continue loop*/ + /* if tcp_select signal is ready try to accept else continue loop */ if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { ret = wolfSSL_accept(ssl); error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { - error = SSL_ERROR_WANT_READ; + error = WOLFSSL_ERROR_WANT_READ; } else { - error = SSL_FATAL_ERROR; + error = WOLFSSL_FATAL_ERROR; } } - /* faliure to accept */ - if (ret != SSL_SUCCESS) { - printf("Fatal error : SSL_accept failed\n"); - ret = SSL_FATAL_ERROR; + /* failure to accept */ + if (ret != WOLFSSL_SUCCESS) { + printf("Fatal error : wolfSSL_accept failed\n"); + ret = WOLFSSL_FATAL_ERROR; } - if (ret != SSL_SUCCESS) { + if (ret != WOLFSSL_SUCCESS) { return 1; } @@ -241,19 +281,18 @@ int main() } while(n < 0); - while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || - error == SSL_ERROR_WANT_WRITE)) { + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || + error == WOLFSSL_ERROR_WANT_WRITE)) { /* print out for user notification */ - if (error == SSL_ERROR_WANT_READ) { + if (error == WOLFSSL_ERROR_WANT_READ) { printf("... server would read block\n"); } else { printf("... server would write block\n"); } -/* -------------------------------------------------------------------------- */ -/* TCP */ -/* -------------------------------------------------------------------------- */ + FD_ZERO(&recvfds); FD_SET(sockfd, &recvfds); FD_ZERO(&errfds); @@ -284,20 +323,20 @@ int main() error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT) { - error = SSL_ERROR_WANT_READ; + error = WOLFSSL_ERROR_WANT_READ; } else { - error = SSL_FATAL_ERROR; + error = WOLFSSL_FATAL_ERROR; } } - /* faliure to accept */ - if (ret != SSL_SUCCESS) { - printf("Fatal error : SSL_accept failed\n"); - ret = SSL_FATAL_ERROR; + /* failure to accept */ + if (ret != WOLFSSL_SUCCESS) { + printf("Fatal error : wolfSSL_accept failed\n"); + ret = WOLFSSL_FATAL_ERROR; } - if (ret != SSL_SUCCESS) { + if (ret != WOLFSSL_SUCCESS) { return 1; } if ( wolfSSL_write(ssl, response, strlen(response)) != diff --git a/psk/server-psk-threaded.c b/psk/server-psk-threaded.c index 63a7e286..5782bf0b 100644 --- a/psk/server-psk-threaded.c +++ b/psk/server-psk-threaded.c @@ -37,6 +37,8 @@ #define MAXLINE 4096 #define LISTENQ 1024 #define SERV_PORT 11111 +#define PSK_KEY_LEN 4 +#define dhParamFile "../certs/dh2048.pem" WOLFSSL_CTX* ctx; /* global so it's shared by threads */ @@ -59,7 +61,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } /* @@ -67,6 +69,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, */ void* wolfssl_thread(void* fd) { + int ret; WOLFSSL* ssl; int connfd = *((int*)fd); int n; @@ -83,6 +86,13 @@ void* wolfssl_thread(void* fd) wolfSSL_set_fd(ssl, connfd); + if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) { + printf("wolfSSL_accept failed with %d\n", ret); + wolfSSL_free(ssl); + close(connfd); + pthread_exit(NULL); + } + /* respond to client */ n = wolfSSL_read(ssl, buf, MAXLINE); if (n > 0) { @@ -112,26 +122,38 @@ void* wolfssl_thread(void* fd) int main() { int listenfd, connfd; - int opt; + int opt, ret; struct sockaddr_in cliAddr, servAddr; char buff[MAXLINE]; socklen_t cliLen; pthread_t thread; void* wolfssl_thread(void*); - - wolfSSL_Init(); - - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { - printf("Fatal error : wolfSSL_CTX_new error\n"); - } - - /* use psk suite for security */ - wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); - if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") - != SSL_SUCCESS) { - printf("Fatal error : server can't set cipher list"); - } + char suites[] = +#ifdef WOLFSSL_STATIC_PSK + "PSK-AES256-GCM-SHA384:" + "PSK-AES128-GCM-SHA256:" + "PSK-AES256-CBC-SHA384:" + "PSK-AES128-CBC-SHA256:" + "PSK-AES128-CBC-SHA:" + "PSK-AES256-CBC-SHA:" + "PSK-CHACHA20-POLY1305:" +#endif +#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \ + defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \ + defined(WOLFSSL_TLS13) + "TLS13-AES128-GCM-SHA256:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-CHACHA20-POLY1305-SHA256:" +#endif +#ifndef NO_DH + "DHE-PSK-AES256-GCM-SHA384:" + "DHE-PSK-AES128-GCM-SHA256:" + "DHE-PSK-AES256-CBC-SHA384:" + "DHE-PSK-AES128-CBC-SHA256:" + "DHE-PSK-CHACHA20-POLY1305" +#endif + "ECDHE-PSK-AES128-CBC-SHA256:" + "ECDHE-PSK-CHACHA20-POLY1305:"; /* find a socket */ listenfd = socket(AF_INET, SOCK_STREAM, 0); @@ -157,6 +179,33 @@ int main() return 1; } + wolfSSL_Init(); + + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + printf("Fatal error : wolfSSL_CTX_new error\n"); + } + + /* use psk suite for security */ + wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + + if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server")) + != WOLFSSL_SUCCESS) { + printf("Fatal error : ctx use psk identity hint returned %d\n", ret); + return ret; + } + + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) { + printf("Fatal error : server can't set cipher list"); + } + +#ifndef NO_DH + if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM) + ) != WOLFSSL_SUCCESS) { + printf("Fatal error: server set temp DH params returned %d\n", ret); + return ret; + } +#endif + /* main loop for accepting and responding to clients */ for ( ; ; ) { /* listen to the socket */ diff --git a/psk/server-psk.c b/psk/server-psk.c index 06b7e74f..04388854 100644 --- a/psk/server-psk.c +++ b/psk/server-psk.c @@ -35,6 +35,8 @@ #define MAXLINE 4096 #define LISTENQ 1024 #define SERV_PORT 11111 +#define PSK_KEY_LEN 4 +#define dhParamFile "../certs/dh2048.pem" /* * Identify which psk key to use. @@ -54,37 +56,48 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, key[2] = 60; key[3] = 77; - return 4; + return PSK_KEY_LEN; } int main() { int n; /* length of string read */ - int listenfd, connfd; + int listenfd, connfd, ret; int opt; char buff[MAXLINE]; char buf[MAXLINE]; /* string read from client */ char response[] = "I hear ya for shizzle"; + char suites[] = +#ifdef WOLFSSL_STATIC_PSK + "PSK-AES256-GCM-SHA384:" + "PSK-AES128-GCM-SHA256:" + "PSK-AES256-CBC-SHA384:" + "PSK-AES128-CBC-SHA256:" + "PSK-AES128-CBC-SHA:" + "PSK-AES256-CBC-SHA:" + "PSK-CHACHA20-POLY1305:" +#endif +#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \ + defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \ + defined(WOLFSSL_TLS13) + "TLS13-AES128-GCM-SHA256:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-CHACHA20-POLY1305-SHA256:" +#endif +#ifndef NO_DH + "DHE-PSK-AES256-GCM-SHA384:" + "DHE-PSK-AES128-GCM-SHA256:" + "DHE-PSK-AES256-CBC-SHA384:" + "DHE-PSK-AES128-CBC-SHA256:" + "DHE-PSK-CHACHA20-POLY1305" +#endif + "ECDHE-PSK-AES128-CBC-SHA256:" + "ECDHE-PSK-CHACHA20-POLY1305:"; + struct sockaddr_in cliAddr, servAddr; socklen_t cliLen; WOLFSSL_CTX* ctx; - wolfSSL_Init(); - - /* create ctx and configure certificates */ - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { - printf("Fatal error : wolfSSL_CTX_new error\n"); - return 1; - } - - /* use psk suite for security */ - wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); - if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") - != SSL_SUCCESS) { - printf("Fatal error : server can't set cipher list\n"); - return 1; - } /* set up server address and port */ @@ -118,6 +131,35 @@ int main() return 1; } + wolfSSL_Init(); + /* create ctx and configure certificates */ + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + printf("Fatal error : wolfSSL_CTX_new error\n"); + return 1; + } + + /* use psk suite for security */ + wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + + if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server")) + != WOLFSSL_SUCCESS) { + printf("Fatal error : ctx use psk identity hint returned %d\n", ret); + return ret; + } + + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) { + printf("Fatal error : server set cipher list returned %d\n", ret); + return ret; + } + +#ifndef NO_DH + if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM) + ) != WOLFSSL_SUCCESS) { + printf("Fatal error: server set temp DH params returned %d\n", ret); + return ret; + } +#endif + /* main loop for accepting and responding to clients */ for ( ; ; ) { WOLFSSL* ssl; @@ -138,19 +180,20 @@ int main() printf("Fatal error : wolfSSL_new error\n"); return 1; } - + /* sets the file descriptor of the socket for the ssl session */ wolfSSL_set_fd(ssl, connfd); - - /* making sure buffered to store data sent from client is emprty */ + + /* making sure buffered to store data sent from client is empty */ memset(buf, 0, MAXLINE); - + /* reads and displays data sent by client if no errors occur */ n = wolfSSL_read(ssl, buf, MAXLINE); if (n > 0) { printf("%s\n", buf); /* server response */ - if (wolfSSL_write(ssl, response, strlen(response)) > strlen(response)) { + if (wolfSSL_write(ssl, response, strlen(response)) > + strlen(response)) { printf("Fatal error : respond: write error\n"); return 1; }