WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #175 from kaleb-himes/PSK-UPDATES 

Updating PSK examples
pull/190/head
David Garske 2020-02-04 19:32:34 -05:00 committed by GitHub
parent 360a7da821 db45a9c9e8
commit c090a1c28b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 305 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
psk/client-psk-nonblocking.c
View File

@ -34,6 +34,7 @@
#define MAXLINE 256 /* max text line length */ #define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/ #define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/* /*
* enum used for tcp_select function * enum used for tcp_select function
@ -66,12 +67,12 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int sockfd, ret, error, select_ret = 0, currTimeout; int sockfd, ret, error, select_ret, currTimeout;
int nfds; int nfds;
int result; int result;
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
@ -88,15 +89,6 @@ int main(int argc, char **argv)
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4, /* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */ * full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -109,35 +101,18 @@ int main(int argc, char **argv)
/* converts IPv4 addresses from text to binary form */ /* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1) { if (ret != 1) {
printf("inet_pton error\n"); printf("inet_pton error\n");
return 1; return 1;
} }
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
/* attempts to make a connection on a socket */ /* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0) { if (ret != 0) {
printf("Connection Error\n"); printf("Connection Error\n");
return 1; return 1;
} }
/* create wolfSSL object after each tcp connect */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
wolfSSL_set_fd(ssl, sockfd);
/* tell wolfSSL that nonblocking is going to be used */
wolfSSL_set_using_nonblock(ssl, 1);
/* invokes the fcntl callable service to get the file status /* invokes the fcntl callable service to get the file status
* flags for a file. checks if it returns an error, if it does * flags for a file. checks if it returns an error, if it does
* stop program */ * stop program */
@ -157,15 +132,39 @@ int main(int argc, char **argv)
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
/* create wolfSSL object after each tcp connect */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
return 1;
}
/* associate the file descriptor with the session */
wolfSSL_set_fd(ssl, sockfd);
/* tell wolfSSL that nonblocking is going to be used */
wolfSSL_set_using_nonblock(ssl, 1);
/* setting up and running nonblocking socket */ /* setting up and running nonblocking socket */
ret = wolfSSL_connect(ssl); ret = wolfSSL_connect(ssl);
error = wolfSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) { error == WOLFSSL_ERROR_WANT_WRITE)) {
currTimeout = 1; currTimeout = 1;
if (error == SSL_ERROR_WANT_READ) { if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... client would read block\n"); printf("... client would read block\n");
} }
else { else {
@ -206,14 +205,14 @@ int main(int argc, char **argv)
error = wolfSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else if (select_ret == TEST_TIMEOUT) { else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ; error = WOLFSSL_ERROR_WANT_READ;
} }
else { else {
error = SSL_FATAL_ERROR; error = WOLFSSL_FATAL_ERROR;
} }
} }
if (ret != SSL_SUCCESS){ if (ret != WOLFSSL_SUCCESS){
printf("SSL_connect failed"); printf("wolfSSL_connect failed");
return 1; return 1;
} }
@ -225,7 +224,10 @@ int main(int argc, char **argv)
} }
/* flags if the Server stopped before the client could end */ /* flags if the Server stopped before the client could end */
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { while (wolfSSL_read(ssl, recvline, MAXLINE) == -1 ) {
if (wolfSSL_want_read(ssl)) {
continue;
}
printf("Client: Server Terminated Prematurely!\n"); printf("Client: Server Terminated Prematurely!\n");
return 1; return 1;
} }

28
psk/client-psk-resume.c
View File

@ -35,6 +35,7 @@
#define MAXLINE 256 /* max text line length */ #define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/ #define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/* /*
*psk client set up. *psk client set up.
@ -57,7 +58,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
int main(int argc, char **argv){ int main(int argc, char **argv){
@ -77,14 +78,6 @@ int main(int argc, char **argv){
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4, /* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */ * full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -97,20 +90,27 @@ int main(int argc, char **argv){
/* converts IPv4 addresses from text to binary form */ /* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1){ if (ret != 1){
return 1; return 1;
} }
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */ /* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0 ){ if (ret != 0 ){
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* create wolfSSL object after each tcp connect */ /* create wolfSSL object after each tcp connect */
if ( (ssl = wolfSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
@ -167,7 +167,7 @@ int main(int argc, char **argv){
wolfSSL_set_session(sslResume, session); wolfSSL_set_session(sslResume, session);
/* check has connect successfully */ /* check has connect successfully */
if (wolfSSL_connect(sslResume) != SSL_SUCCESS) { if (wolfSSL_connect(sslResume) != WOLFSSL_SUCCESS) {
printf("SSL resume failed\n"); printf("SSL resume failed\n");
return 1; return 1;
} }

34
psk/client-psk.c
View File

@ -33,6 +33,7 @@
#define MAXLINE 256 /* max text line length */ #define MAXLINE 256 /* max text line length */
#define SERV_PORT 11111 /* default port*/ #define SERV_PORT 11111 /* default port*/
#define PSK_KEY_LEN 4
/* /*
*psk client set up. *psk client set up.
@ -55,7 +56,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
int main(int argc, char **argv) int main(int argc, char **argv)
@ -63,9 +64,10 @@ int main(int argc, char **argv)
int ret, sockfd; int ret, sockfd;
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */ char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
char recvline[MAXLINE]; /* string received from the server */ char recvline[MAXLINE]; /* string received from the server */
struct sockaddr_in servaddr;;
WOLFSSL* ssl; WOLFSSL* ssl;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
struct sockaddr_in servaddr;;
/* must include an ip address of this will flag */ /* must include an ip address of this will flag */
if (argc != 2) { if (argc != 2) {
@ -73,14 +75,6 @@ int main(int argc, char **argv)
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new error.\n");
return 1;
}
/* create a stream socket using tcp,internet protocal IPv4, /* create a stream socket using tcp,internet protocal IPv4,
* full-duplex stream */ * full-duplex stream */
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);
@ -93,23 +87,30 @@ int main(int argc, char **argv)
/* converts IPv4 addresses from text to binary form */ /* converts IPv4 addresses from text to binary form */
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
if (ret != 1) { if (ret != 1) {
printf("inet_pton error\n"); printf("inet_pton error\n");
return 1; return 1;
} }
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* attempts to make a connection on a socket */ /* attempts to make a connection on a socket */
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
if (ret != 0) { if (ret != 0) {
printf("Connection Error\n"); printf("Connection Error\n");
return 1; return 1;
} }
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return 1;
}
/* set up pre shared keys */
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
/* creat wolfssl object after each tcp connct */ /* creat wolfssl object after each tcp connct */
if ( (ssl = wolfSSL_new(ctx)) == NULL) { if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n"); fprintf(stderr, "wolfSSL_new error.\n");
@ -118,8 +119,7 @@ int main(int argc, char **argv)
/* associate the file descriptor with the session */ /* associate the file descriptor with the session */
ret = wolfSSL_set_fd(ssl, sockfd); ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != WOLFSSL_SUCCESS) {
if (ret != SSL_SUCCESS) {
return 1; return 1;
} }

131
psk/server-psk-nonblocking.c
View File

@ -32,12 +32,14 @@
#include <errno.h> #include <errno.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <signal.h> #include <signal.h>
#include <fcntl.h> /* needed for runing nonblocking connections */ #include <fcntl.h> /* needed for running non-blocking connections */
#include <time.h> /* for time out on read loop */ #include <time.h> /* for time out on read loop */
#define MAXLINE 4096 #define MAXLINE 4096
#define LISTENQ 1024 #define LISTENQ 1024
#define SERV_PORT 11111 #define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
/* states of the tcp connection */ /* states of the tcp connection */
enum{ enum{
@ -65,7 +67,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
@ -75,7 +77,7 @@ int main()
int ret; int ret;
int error; int error;
int result; int result;
int select_ret = 0; int select_ret;
int sockfd; int sockfd;
int nfds; int nfds;
int currTimeout = 1; int currTimeout = 1;
@ -84,26 +86,39 @@ int main()
char buff[MAXLINE]; /* buffer for tcp connection */ char buff[MAXLINE]; /* buffer for tcp connection */
char buf[MAXLINE]; /* string read from client */ char buf[MAXLINE]; /* string read from client */
char response[] = "I hear ya for shizzle"; char response[] = "I hear ya for shizzle";
char suites[] =
#ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
"PSK-AES128-GCM-SHA256:"
"PSK-AES256-CBC-SHA384:"
"PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
"PSK-AES256-CBC-SHA:"
"PSK-CHACHA20-POLY1305:"
#endif
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
fd_set recvfds, errfds; fd_set recvfds, errfds;
socklen_t cliLen; socklen_t cliLen;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
struct sockaddr_in cliAddr, servAddr; struct sockaddr_in cliAddr, servAddr;
struct timeval timeout = {currTimeout, 0}; struct timeval timeout = {currTimeout, 0};
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
}
/* find a socket */ /* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0); listenfd = socket(AF_INET, SOCK_STREAM, 0);
@ -122,7 +137,7 @@ int main()
opt = 1; opt = 1;
if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt, if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt,
sizeof(int)) != 0) { sizeof(int)) != 0) {
printf("Fatal error : setsockopt errer"); printf("Fatal error : setsockopt error");
return 1; return 1;
} }
if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
@ -130,6 +145,32 @@ int main()
return 1; return 1;
} }
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, suites) != WOLFSSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
return 1;
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */ /* main loop for accepting and responding to clients */
for ( ; ; ) { for ( ; ; ) {
WOLFSSL* ssl; WOLFSSL* ssl;
@ -171,23 +212,22 @@ int main()
ret = wolfSSL_accept(ssl); ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
/* clearing buffer for client reponse to prevent unexpected output*/ /* clear buffer for client response to prevent unexpected output */
memset(buf, 0, MAXLINE); memset(buf, 0, MAXLINE);
do { do {
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || while (ret != WOLFSSL_SUCCESS &&
error == SSL_ERROR_WANT_WRITE)) { (error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE)) {
/* print out for user notification */ /* print out for user notification */
if (error == SSL_ERROR_WANT_READ) { if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... server would read block\n"); printf("... server would read block\n");
} }
else { else {
printf("... server would write block\n"); printf("... server would write block\n");
} }
/* -------------------------------------------------------------------------- */
/* TCP */
/* -------------------------------------------------------------------------- */
FD_ZERO(&recvfds); FD_ZERO(&recvfds);
FD_SET(sockfd, &recvfds); FD_SET(sockfd, &recvfds);
FD_ZERO(&errfds); FD_ZERO(&errfds);
@ -211,26 +251,26 @@ int main()
select_ret = TEST_SELECT_FAIL; select_ret = TEST_SELECT_FAIL;
} }
/* if tcp_select signals ready try to accept otherwise continue loop*/ /* if tcp_select signal is ready try to accept else continue loop */
if ((select_ret == TEST_RECV_READY) || if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) { (select_ret == TEST_ERROR_READY)) {
ret = wolfSSL_accept(ssl); ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else if (select_ret == TEST_TIMEOUT) { else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ; error = WOLFSSL_ERROR_WANT_READ;
} }
else { else {
error = SSL_FATAL_ERROR; error = WOLFSSL_FATAL_ERROR;
} }
} }
/* faliure to accept */ /* failure to accept */
if (ret != SSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
printf("Fatal error : SSL_accept failed\n"); printf("Fatal error : wolfSSL_accept failed\n");
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
if (ret != SSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
return 1; return 1;
} }
@ -241,19 +281,18 @@ int main()
} }
while(n < 0); while(n < 0);
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || while (ret != WOLFSSL_SUCCESS &&
error == SSL_ERROR_WANT_WRITE)) { (error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE)) {
/* print out for user notification */ /* print out for user notification */
if (error == SSL_ERROR_WANT_READ) { if (error == WOLFSSL_ERROR_WANT_READ) {
printf("... server would read block\n"); printf("... server would read block\n");
} }
else { else {
printf("... server would write block\n"); printf("... server would write block\n");
} }
/* -------------------------------------------------------------------------- */
/* TCP */
/* -------------------------------------------------------------------------- */
FD_ZERO(&recvfds); FD_ZERO(&recvfds);
FD_SET(sockfd, &recvfds); FD_SET(sockfd, &recvfds);
FD_ZERO(&errfds); FD_ZERO(&errfds);
@ -284,20 +323,20 @@ int main()
error = wolfSSL_get_error(ssl, 0); error = wolfSSL_get_error(ssl, 0);
} }
else if (select_ret == TEST_TIMEOUT) { else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ; error = WOLFSSL_ERROR_WANT_READ;
} }
else { else {
error = SSL_FATAL_ERROR; error = WOLFSSL_FATAL_ERROR;
} }
} }
/* faliure to accept */ /* failure to accept */
if (ret != SSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
printf("Fatal error : SSL_accept failed\n"); printf("Fatal error : wolfSSL_accept failed\n");
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
if (ret != SSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
return 1; return 1;
} }
if ( wolfSSL_write(ssl, response, strlen(response)) != if ( wolfSSL_write(ssl, response, strlen(response)) !=

81
psk/server-psk-threaded.c
View File

@ -37,6 +37,8 @@
#define MAXLINE 4096 #define MAXLINE 4096
#define LISTENQ 1024 #define LISTENQ 1024
#define SERV_PORT 11111 #define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
WOLFSSL_CTX* ctx; /* global so it's shared by threads */ WOLFSSL_CTX* ctx; /* global so it's shared by threads */
@ -59,7 +61,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
/* /*
@ -67,6 +69,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
*/ */
void* wolfssl_thread(void* fd) void* wolfssl_thread(void* fd)
{ {
int ret;
WOLFSSL* ssl; WOLFSSL* ssl;
int connfd = *((int*)fd); int connfd = *((int*)fd);
int n; int n;
@ -83,6 +86,13 @@ void* wolfssl_thread(void* fd)
wolfSSL_set_fd(ssl, connfd); wolfSSL_set_fd(ssl, connfd);
if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_accept failed with %d\n", ret);
wolfSSL_free(ssl);
close(connfd);
pthread_exit(NULL);
}
/* respond to client */ /* respond to client */
n = wolfSSL_read(ssl, buf, MAXLINE); n = wolfSSL_read(ssl, buf, MAXLINE);
if (n > 0) { if (n > 0) {
@ -112,26 +122,38 @@ void* wolfssl_thread(void* fd)
int main() int main()
{ {
int listenfd, connfd; int listenfd, connfd;
int opt; int opt, ret;
struct sockaddr_in cliAddr, servAddr; struct sockaddr_in cliAddr, servAddr;
char buff[MAXLINE]; char buff[MAXLINE];
socklen_t cliLen; socklen_t cliLen;
pthread_t thread; pthread_t thread;
void* wolfssl_thread(void*); void* wolfssl_thread(void*);
char suites[] =
wolfSSL_Init(); #ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { "PSK-AES128-GCM-SHA256:"
printf("Fatal error : wolfSSL_CTX_new error\n"); "PSK-AES256-CBC-SHA384:"
} "PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
/* use psk suite for security */ "PSK-AES256-CBC-SHA:"
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); "PSK-CHACHA20-POLY1305:"
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); #endif
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256") #if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
!= SSL_SUCCESS) { defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
printf("Fatal error : server can't set cipher list"); defined(WOLFSSL_TLS13)
} "TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
/* find a socket */ /* find a socket */
listenfd = socket(AF_INET, SOCK_STREAM, 0); listenfd = socket(AF_INET, SOCK_STREAM, 0);
@ -157,6 +179,33 @@ int main()
return 1; return 1;
} }
wolfSSL_Init();
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
!= WOLFSSL_SUCCESS) {
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
return ret;
}
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
printf("Fatal error : server can't set cipher list");
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */ /* main loop for accepting and responding to clients */
for ( ; ; ) { for ( ; ; ) {
/* listen to the socket */ /* listen to the socket */

83
psk/server-psk.c
View File

@ -35,6 +35,8 @@
#define MAXLINE 4096 #define MAXLINE 4096
#define LISTENQ 1024 #define LISTENQ 1024
#define SERV_PORT 11111 #define SERV_PORT 11111
#define PSK_KEY_LEN 4
#define dhParamFile "../certs/dh2048.pem"
/* /*
* Identify which psk key to use. * Identify which psk key to use.
@ -54,37 +56,48 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
key[2] = 60; key[2] = 60;
key[3] = 77; key[3] = 77;
return 4; return PSK_KEY_LEN;
} }
int main() int main()
{ {
int n; /* length of string read */ int n; /* length of string read */
int listenfd, connfd; int listenfd, connfd, ret;
int opt; int opt;
char buff[MAXLINE]; char buff[MAXLINE];
char buf[MAXLINE]; /* string read from client */ char buf[MAXLINE]; /* string read from client */
char response[] = "I hear ya for shizzle"; char response[] = "I hear ya for shizzle";
char suites[] =
#ifdef WOLFSSL_STATIC_PSK
"PSK-AES256-GCM-SHA384:"
"PSK-AES128-GCM-SHA256:"
"PSK-AES256-CBC-SHA384:"
"PSK-AES128-CBC-SHA256:"
"PSK-AES128-CBC-SHA:"
"PSK-AES256-CBC-SHA:"
"PSK-CHACHA20-POLY1305:"
#endif
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256:"
"TLS13-AES256-GCM-SHA384:"
"TLS13-CHACHA20-POLY1305-SHA256:"
#endif
#ifndef NO_DH
"DHE-PSK-AES256-GCM-SHA384:"
"DHE-PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:"
"DHE-PSK-AES128-CBC-SHA256:"
"DHE-PSK-CHACHA20-POLY1305"
#endif
"ECDHE-PSK-AES128-CBC-SHA256:"
"ECDHE-PSK-CHACHA20-POLY1305:";
struct sockaddr_in cliAddr, servAddr; struct sockaddr_in cliAddr, servAddr;
socklen_t cliLen; socklen_t cliLen;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
wolfSSL_Init();
/* create ctx and configure certificates */
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
!= SSL_SUCCESS) {
printf("Fatal error : server can't set cipher list\n");
return 1;
}
/* set up server address and port */ /* set up server address and port */
@ -118,6 +131,35 @@ int main()
return 1; return 1;
} }
wolfSSL_Init();
/* create ctx and configure certificates */
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
printf("Fatal error : wolfSSL_CTX_new error\n");
return 1;
}
/* use psk suite for security */
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
!= WOLFSSL_SUCCESS) {
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
return ret;
}
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
printf("Fatal error : server set cipher list returned %d\n", ret);
return ret;
}
#ifndef NO_DH
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
) != WOLFSSL_SUCCESS) {
printf("Fatal error: server set temp DH params returned %d\n", ret);
return ret;
}
#endif
/* main loop for accepting and responding to clients */ /* main loop for accepting and responding to clients */
for ( ; ; ) { for ( ; ; ) {
WOLFSSL* ssl; WOLFSSL* ssl;
@ -142,7 +184,7 @@ int main()
/* sets the file descriptor of the socket for the ssl session */ /* sets the file descriptor of the socket for the ssl session */
wolfSSL_set_fd(ssl, connfd); wolfSSL_set_fd(ssl, connfd);
/* making sure buffered to store data sent from client is emprty */ /* making sure buffered to store data sent from client is empty */
memset(buf, 0, MAXLINE); memset(buf, 0, MAXLINE);
/* reads and displays data sent by client if no errors occur */ /* reads and displays data sent by client if no errors occur */
@ -150,7 +192,8 @@ int main()
if (n > 0) { if (n > 0) {
printf("%s\n", buf); printf("%s\n", buf);
/* server response */ /* server response */
if (wolfSSL_write(ssl, response, strlen(response)) > strlen(response)) { if (wolfSSL_write(ssl, response, strlen(response)) >
strlen(response)) {
printf("Fatal error : respond: write error\n"); printf("Fatal error : respond: write error\n");
return 1; return 1;
} }