David Garske
GitHub
commit
c090a1c28b
|
|
@ -34,6 +34,7 @@
|
|||
|
||||
#define MAXLINE 256 /* max text line length */
|
||||
#define SERV_PORT 11111 /* default port*/
|
||||
#define PSK_KEY_LEN 4
|
||||
|
||||
/*
|
||||
* enum used for tcp_select function
|
||||
|
|
@ -66,12 +67,12 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int sockfd, ret, error, select_ret = 0, currTimeout;
|
||||
int sockfd, ret, error, select_ret, currTimeout;
|
||||
int nfds;
|
||||
int result;
|
||||
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
|
||||
|
|
@ -88,15 +89,6 @@ int main(int argc, char **argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "SSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* create a stream socket using tcp,internet protocal IPv4,
|
||||
* full-duplex stream */
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
|
@ -109,35 +101,18 @@ int main(int argc, char **argv)
|
|||
|
||||
/* converts IPv4 addresses from text to binary form */
|
||||
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
|
||||
|
||||
if (ret != 1) {
|
||||
printf("inet_pton error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
|
||||
|
||||
/* attempts to make a connection on a socket */
|
||||
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
|
||||
|
||||
if (ret != 0) {
|
||||
printf("Connection Error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* create wolfSSL object after each tcp connect */
|
||||
if ((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* associate the file descriptor with the session */
|
||||
wolfSSL_set_fd(ssl, sockfd);
|
||||
|
||||
/* tell wolfSSL that nonblocking is going to be used */
|
||||
wolfSSL_set_using_nonblock(ssl, 1);
|
||||
|
||||
/* invokes the fcntl callable service to get the file status
|
||||
* flags for a file. checks if it returns an error, if it does
|
||||
* stop program */
|
||||
|
|
@ -157,15 +132,39 @@ int main(int argc, char **argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx,My_Psk_Client_Cb);
|
||||
|
||||
/* create wolfSSL object after each tcp connect */
|
||||
if ((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* associate the file descriptor with the session */
|
||||
wolfSSL_set_fd(ssl, sockfd);
|
||||
|
||||
/* tell wolfSSL that nonblocking is going to be used */
|
||||
wolfSSL_set_using_nonblock(ssl, 1);
|
||||
|
||||
|
||||
/* setting up and running nonblocking socket */
|
||||
ret = wolfSSL_connect(ssl);
|
||||
error = wolfSSL_get_error(ssl, 0);
|
||||
|
||||
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
||||
error == SSL_ERROR_WANT_WRITE)) {
|
||||
while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
|
||||
error == WOLFSSL_ERROR_WANT_WRITE)) {
|
||||
currTimeout = 1;
|
||||
|
||||
if (error == SSL_ERROR_WANT_READ) {
|
||||
if (error == WOLFSSL_ERROR_WANT_READ) {
|
||||
printf("... client would read block\n");
|
||||
}
|
||||
else {
|
||||
|
|
@ -206,14 +205,14 @@ int main(int argc, char **argv)
|
|||
error = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
else if (select_ret == TEST_TIMEOUT) {
|
||||
error = SSL_ERROR_WANT_READ;
|
||||
error = WOLFSSL_ERROR_WANT_READ;
|
||||
}
|
||||
else {
|
||||
error = SSL_FATAL_ERROR;
|
||||
error = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
if (ret != SSL_SUCCESS){
|
||||
printf("SSL_connect failed");
|
||||
if (ret != WOLFSSL_SUCCESS){
|
||||
printf("wolfSSL_connect failed");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -225,7 +224,10 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
/* flags if the Server stopped before the client could end */
|
||||
if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) {
|
||||
while (wolfSSL_read(ssl, recvline, MAXLINE) == -1 ) {
|
||||
if (wolfSSL_want_read(ssl)) {
|
||||
continue;
|
||||
}
|
||||
printf("Client: Server Terminated Prematurely!\n");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@
|
|||
|
||||
#define MAXLINE 256 /* max text line length */
|
||||
#define SERV_PORT 11111 /* default port*/
|
||||
#define PSK_KEY_LEN 4
|
||||
|
||||
/*
|
||||
*psk client set up.
|
||||
|
|
@ -57,7 +58,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv){
|
||||
|
|
@ -77,14 +78,6 @@ int main(int argc, char **argv){
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "SSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* create a stream socket using tcp,internet protocal IPv4,
|
||||
* full-duplex stream */
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
|
@ -97,20 +90,27 @@ int main(int argc, char **argv){
|
|||
|
||||
/* converts IPv4 addresses from text to binary form */
|
||||
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
|
||||
|
||||
if (ret != 1){
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
|
||||
|
||||
/* attempts to make a connection on a socket */
|
||||
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
|
||||
if (ret != 0 ){
|
||||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
|
||||
|
||||
/* create wolfSSL object after each tcp connect */
|
||||
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_new error.\n");
|
||||
|
|
@ -167,7 +167,7 @@ int main(int argc, char **argv){
|
|||
wolfSSL_set_session(sslResume, session);
|
||||
|
||||
/* check has connect successfully */
|
||||
if (wolfSSL_connect(sslResume) != SSL_SUCCESS) {
|
||||
if (wolfSSL_connect(sslResume) != WOLFSSL_SUCCESS) {
|
||||
printf("SSL resume failed\n");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@
|
|||
|
||||
#define MAXLINE 256 /* max text line length */
|
||||
#define SERV_PORT 11111 /* default port*/
|
||||
#define PSK_KEY_LEN 4
|
||||
|
||||
/*
|
||||
*psk client set up.
|
||||
|
|
@ -55,7 +56,7 @@ static inline unsigned int My_Psk_Client_Cb(WOLFSSL* ssl, const char* hint,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
|
|
@ -63,9 +64,10 @@ int main(int argc, char **argv)
|
|||
int ret, sockfd;
|
||||
char sendline[MAXLINE]="Hello Server"; /* string to send to the server */
|
||||
char recvline[MAXLINE]; /* string received from the server */
|
||||
struct sockaddr_in servaddr;;
|
||||
|
||||
WOLFSSL* ssl;
|
||||
WOLFSSL_CTX* ctx;
|
||||
struct sockaddr_in servaddr;;
|
||||
|
||||
/* must include an ip address of this will flag */
|
||||
if (argc != 2) {
|
||||
|
|
@ -73,14 +75,6 @@ int main(int argc, char **argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "SSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* create a stream socket using tcp,internet protocal IPv4,
|
||||
* full-duplex stream */
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
|
@ -93,23 +87,30 @@ int main(int argc, char **argv)
|
|||
|
||||
/* converts IPv4 addresses from text to binary form */
|
||||
ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr);
|
||||
|
||||
if (ret != 1) {
|
||||
printf("inet_pton error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
|
||||
|
||||
/* attempts to make a connection on a socket */
|
||||
ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
|
||||
|
||||
if (ret != 0) {
|
||||
printf("Connection Error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_CTX_new error.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* set up pre shared keys */
|
||||
wolfSSL_CTX_set_psk_client_callback(ctx, My_Psk_Client_Cb);
|
||||
|
||||
/* creat wolfssl object after each tcp connct */
|
||||
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_new error.\n");
|
||||
|
|
@ -118,8 +119,7 @@ int main(int argc, char **argv)
|
|||
|
||||
/* associate the file descriptor with the session */
|
||||
ret = wolfSSL_set_fd(ssl, sockfd);
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,12 +32,14 @@
|
|||
#include <errno.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <signal.h>
|
||||
#include <fcntl.h> /* needed for runing nonblocking connections */
|
||||
#include <fcntl.h> /* needed for running non-blocking connections */
|
||||
#include <time.h> /* for time out on read loop */
|
||||
|
||||
#define MAXLINE 4096
|
||||
#define LISTENQ 1024
|
||||
#define SERV_PORT 11111
|
||||
#define PSK_KEY_LEN 4
|
||||
#define dhParamFile "../certs/dh2048.pem"
|
||||
|
||||
/* states of the tcp connection */
|
||||
enum{
|
||||
|
|
@ -65,7 +67,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -75,7 +77,7 @@ int main()
|
|||
int ret;
|
||||
int error;
|
||||
int result;
|
||||
int select_ret = 0;
|
||||
int select_ret;
|
||||
int sockfd;
|
||||
int nfds;
|
||||
int currTimeout = 1;
|
||||
|
|
@ -84,26 +86,39 @@ int main()
|
|||
char buff[MAXLINE]; /* buffer for tcp connection */
|
||||
char buf[MAXLINE]; /* string read from client */
|
||||
char response[] = "I hear ya for shizzle";
|
||||
char suites[] =
|
||||
#ifdef WOLFSSL_STATIC_PSK
|
||||
"PSK-AES256-GCM-SHA384:"
|
||||
"PSK-AES128-GCM-SHA256:"
|
||||
"PSK-AES256-CBC-SHA384:"
|
||||
"PSK-AES128-CBC-SHA256:"
|
||||
"PSK-AES128-CBC-SHA:"
|
||||
"PSK-AES256-CBC-SHA:"
|
||||
"PSK-CHACHA20-POLY1305:"
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
|
||||
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
|
||||
defined(WOLFSSL_TLS13)
|
||||
"TLS13-AES128-GCM-SHA256:"
|
||||
"TLS13-AES256-GCM-SHA384:"
|
||||
"TLS13-CHACHA20-POLY1305-SHA256:"
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
"DHE-PSK-AES256-GCM-SHA384:"
|
||||
"DHE-PSK-AES128-GCM-SHA256:"
|
||||
"DHE-PSK-AES256-CBC-SHA384:"
|
||||
"DHE-PSK-AES128-CBC-SHA256:"
|
||||
"DHE-PSK-CHACHA20-POLY1305"
|
||||
#endif
|
||||
"ECDHE-PSK-AES128-CBC-SHA256:"
|
||||
"ECDHE-PSK-CHACHA20-POLY1305:";
|
||||
|
||||
fd_set recvfds, errfds;
|
||||
socklen_t cliLen;
|
||||
WOLFSSL_CTX* ctx;
|
||||
struct sockaddr_in cliAddr, servAddr;
|
||||
struct timeval timeout = {currTimeout, 0};
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
|
||||
!= SSL_SUCCESS) {
|
||||
printf("Fatal error : server can't set cipher list\n");
|
||||
}
|
||||
|
||||
/* find a socket */
|
||||
listenfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
|
@ -122,7 +137,7 @@ int main()
|
|||
opt = 1;
|
||||
if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void*)&opt,
|
||||
sizeof(int)) != 0) {
|
||||
printf("Fatal error : setsockopt errer");
|
||||
printf("Fatal error : setsockopt error");
|
||||
return 1;
|
||||
}
|
||||
if (bind(listenfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
|
||||
|
|
@ -130,6 +145,32 @@ int main()
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
|
||||
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
|
||||
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, suites) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : server can't set cipher list\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef NO_DH
|
||||
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
|
||||
) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error: server set temp DH params returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* main loop for accepting and responding to clients */
|
||||
for ( ; ; ) {
|
||||
WOLFSSL* ssl;
|
||||
|
|
@ -171,23 +212,22 @@ int main()
|
|||
ret = wolfSSL_accept(ssl);
|
||||
error = wolfSSL_get_error(ssl, 0);
|
||||
|
||||
/* clearing buffer for client reponse to prevent unexpected output*/
|
||||
/* clear buffer for client response to prevent unexpected output */
|
||||
memset(buf, 0, MAXLINE);
|
||||
do {
|
||||
|
||||
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
||||
error == SSL_ERROR_WANT_WRITE)) {
|
||||
while (ret != WOLFSSL_SUCCESS &&
|
||||
(error == WOLFSSL_ERROR_WANT_READ ||
|
||||
error == WOLFSSL_ERROR_WANT_WRITE)) {
|
||||
|
||||
/* print out for user notification */
|
||||
if (error == SSL_ERROR_WANT_READ) {
|
||||
if (error == WOLFSSL_ERROR_WANT_READ) {
|
||||
printf("... server would read block\n");
|
||||
}
|
||||
else {
|
||||
printf("... server would write block\n");
|
||||
}
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* TCP */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
FD_ZERO(&recvfds);
|
||||
FD_SET(sockfd, &recvfds);
|
||||
FD_ZERO(&errfds);
|
||||
|
|
@ -211,26 +251,26 @@ int main()
|
|||
select_ret = TEST_SELECT_FAIL;
|
||||
}
|
||||
|
||||
/* if tcp_select signals ready try to accept otherwise continue loop*/
|
||||
/* if tcp_select signal is ready try to accept else continue loop */
|
||||
if ((select_ret == TEST_RECV_READY) ||
|
||||
(select_ret == TEST_ERROR_READY)) {
|
||||
ret = wolfSSL_accept(ssl);
|
||||
error = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
else if (select_ret == TEST_TIMEOUT) {
|
||||
error = SSL_ERROR_WANT_READ;
|
||||
error = WOLFSSL_ERROR_WANT_READ;
|
||||
}
|
||||
else {
|
||||
error = SSL_FATAL_ERROR;
|
||||
error = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
/* faliure to accept */
|
||||
if (ret != SSL_SUCCESS) {
|
||||
printf("Fatal error : SSL_accept failed\n");
|
||||
ret = SSL_FATAL_ERROR;
|
||||
/* failure to accept */
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : wolfSSL_accept failed\n");
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -241,19 +281,18 @@ int main()
|
|||
}
|
||||
while(n < 0);
|
||||
|
||||
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
||||
error == SSL_ERROR_WANT_WRITE)) {
|
||||
while (ret != WOLFSSL_SUCCESS &&
|
||||
(error == WOLFSSL_ERROR_WANT_READ ||
|
||||
error == WOLFSSL_ERROR_WANT_WRITE)) {
|
||||
|
||||
/* print out for user notification */
|
||||
if (error == SSL_ERROR_WANT_READ) {
|
||||
if (error == WOLFSSL_ERROR_WANT_READ) {
|
||||
printf("... server would read block\n");
|
||||
}
|
||||
else {
|
||||
printf("... server would write block\n");
|
||||
}
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* TCP */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
FD_ZERO(&recvfds);
|
||||
FD_SET(sockfd, &recvfds);
|
||||
FD_ZERO(&errfds);
|
||||
|
|
@ -284,20 +323,20 @@ int main()
|
|||
error = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
else if (select_ret == TEST_TIMEOUT) {
|
||||
error = SSL_ERROR_WANT_READ;
|
||||
error = WOLFSSL_ERROR_WANT_READ;
|
||||
}
|
||||
else {
|
||||
error = SSL_FATAL_ERROR;
|
||||
error = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* faliure to accept */
|
||||
if (ret != SSL_SUCCESS) {
|
||||
printf("Fatal error : SSL_accept failed\n");
|
||||
ret = SSL_FATAL_ERROR;
|
||||
/* failure to accept */
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : wolfSSL_accept failed\n");
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
if ( wolfSSL_write(ssl, response, strlen(response)) !=
|
||||
|
|
|
|||
|
|
@ -37,6 +37,8 @@
|
|||
#define MAXLINE 4096
|
||||
#define LISTENQ 1024
|
||||
#define SERV_PORT 11111
|
||||
#define PSK_KEY_LEN 4
|
||||
#define dhParamFile "../certs/dh2048.pem"
|
||||
|
||||
WOLFSSL_CTX* ctx; /* global so it's shared by threads */
|
||||
|
||||
|
|
@ -59,7 +61,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -67,6 +69,7 @@ static inline unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
|||
*/
|
||||
void* wolfssl_thread(void* fd)
|
||||
{
|
||||
int ret;
|
||||
WOLFSSL* ssl;
|
||||
int connfd = *((int*)fd);
|
||||
int n;
|
||||
|
|
@ -83,6 +86,13 @@ void* wolfssl_thread(void* fd)
|
|||
|
||||
wolfSSL_set_fd(ssl, connfd);
|
||||
|
||||
if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
|
||||
printf("wolfSSL_accept failed with %d\n", ret);
|
||||
wolfSSL_free(ssl);
|
||||
close(connfd);
|
||||
pthread_exit(NULL);
|
||||
}
|
||||
|
||||
/* respond to client */
|
||||
n = wolfSSL_read(ssl, buf, MAXLINE);
|
||||
if (n > 0) {
|
||||
|
|
@ -112,26 +122,38 @@ void* wolfssl_thread(void* fd)
|
|||
int main()
|
||||
{
|
||||
int listenfd, connfd;
|
||||
int opt;
|
||||
int opt, ret;
|
||||
struct sockaddr_in cliAddr, servAddr;
|
||||
char buff[MAXLINE];
|
||||
socklen_t cliLen;
|
||||
pthread_t thread;
|
||||
void* wolfssl_thread(void*);
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
|
||||
!= SSL_SUCCESS) {
|
||||
printf("Fatal error : server can't set cipher list");
|
||||
}
|
||||
char suites[] =
|
||||
#ifdef WOLFSSL_STATIC_PSK
|
||||
"PSK-AES256-GCM-SHA384:"
|
||||
"PSK-AES128-GCM-SHA256:"
|
||||
"PSK-AES256-CBC-SHA384:"
|
||||
"PSK-AES128-CBC-SHA256:"
|
||||
"PSK-AES128-CBC-SHA:"
|
||||
"PSK-AES256-CBC-SHA:"
|
||||
"PSK-CHACHA20-POLY1305:"
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
|
||||
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
|
||||
defined(WOLFSSL_TLS13)
|
||||
"TLS13-AES128-GCM-SHA256:"
|
||||
"TLS13-AES256-GCM-SHA384:"
|
||||
"TLS13-CHACHA20-POLY1305-SHA256:"
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
"DHE-PSK-AES256-GCM-SHA384:"
|
||||
"DHE-PSK-AES128-GCM-SHA256:"
|
||||
"DHE-PSK-AES256-CBC-SHA384:"
|
||||
"DHE-PSK-AES128-CBC-SHA256:"
|
||||
"DHE-PSK-CHACHA20-POLY1305"
|
||||
#endif
|
||||
"ECDHE-PSK-AES128-CBC-SHA256:"
|
||||
"ECDHE-PSK-CHACHA20-POLY1305:";
|
||||
|
||||
/* find a socket */
|
||||
listenfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
|
@ -157,6 +179,33 @@ int main()
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
|
||||
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : server can't set cipher list");
|
||||
}
|
||||
|
||||
#ifndef NO_DH
|
||||
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
|
||||
) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error: server set temp DH params returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* main loop for accepting and responding to clients */
|
||||
for ( ; ; ) {
|
||||
/* listen to the socket */
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@
|
|||
#define MAXLINE 4096
|
||||
#define LISTENQ 1024
|
||||
#define SERV_PORT 11111
|
||||
#define PSK_KEY_LEN 4
|
||||
#define dhParamFile "../certs/dh2048.pem"
|
||||
|
||||
/*
|
||||
* Identify which psk key to use.
|
||||
|
|
@ -54,37 +56,48 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
|||
key[2] = 60;
|
||||
key[3] = 77;
|
||||
|
||||
return 4;
|
||||
return PSK_KEY_LEN;
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
int n; /* length of string read */
|
||||
int listenfd, connfd;
|
||||
int listenfd, connfd, ret;
|
||||
int opt;
|
||||
char buff[MAXLINE];
|
||||
char buf[MAXLINE]; /* string read from client */
|
||||
char response[] = "I hear ya for shizzle";
|
||||
char suites[] =
|
||||
#ifdef WOLFSSL_STATIC_PSK
|
||||
"PSK-AES256-GCM-SHA384:"
|
||||
"PSK-AES128-GCM-SHA256:"
|
||||
"PSK-AES256-CBC-SHA384:"
|
||||
"PSK-AES128-CBC-SHA256:"
|
||||
"PSK-AES128-CBC-SHA:"
|
||||
"PSK-AES256-CBC-SHA:"
|
||||
"PSK-CHACHA20-POLY1305:"
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13_DRAFT18) || defined(WOLFSSL_TLS13_DRAFT22) || \
|
||||
defined(WOLFSSL_TLS13_DRAFT23) || defined(WOLFSSL_TLS13_DRAFT26) || \
|
||||
defined(WOLFSSL_TLS13)
|
||||
"TLS13-AES128-GCM-SHA256:"
|
||||
"TLS13-AES256-GCM-SHA384:"
|
||||
"TLS13-CHACHA20-POLY1305-SHA256:"
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
"DHE-PSK-AES256-GCM-SHA384:"
|
||||
"DHE-PSK-AES128-GCM-SHA256:"
|
||||
"DHE-PSK-AES256-CBC-SHA384:"
|
||||
"DHE-PSK-AES128-CBC-SHA256:"
|
||||
"DHE-PSK-CHACHA20-POLY1305"
|
||||
#endif
|
||||
"ECDHE-PSK-AES128-CBC-SHA256:"
|
||||
"ECDHE-PSK-CHACHA20-POLY1305:";
|
||||
|
||||
struct sockaddr_in cliAddr, servAddr;
|
||||
socklen_t cliLen;
|
||||
WOLFSSL_CTX* ctx;
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
/* create ctx and configure certificates */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server");
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, "PSK-AES128-CBC-SHA256")
|
||||
!= SSL_SUCCESS) {
|
||||
printf("Fatal error : server can't set cipher list\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/* set up server address and port */
|
||||
|
|
@ -118,6 +131,35 @@ int main()
|
|||
return 1;
|
||||
}
|
||||
|
||||
wolfSSL_Init();
|
||||
/* create ctx and configure certificates */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
|
||||
printf("Fatal error : wolfSSL_CTX_new error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* use psk suite for security */
|
||||
wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
|
||||
|
||||
if ((ret = wolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"))
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : ctx use psk identity hint returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, suites)) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error : server set cipher list returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef NO_DH
|
||||
if ((ret = wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)
|
||||
) != WOLFSSL_SUCCESS) {
|
||||
printf("Fatal error: server set temp DH params returned %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* main loop for accepting and responding to clients */
|
||||
for ( ; ; ) {
|
||||
WOLFSSL* ssl;
|
||||
|
|
@ -142,7 +184,7 @@ int main()
|
|||
/* sets the file descriptor of the socket for the ssl session */
|
||||
wolfSSL_set_fd(ssl, connfd);
|
||||
|
||||
/* making sure buffered to store data sent from client is emprty */
|
||||
/* making sure buffered to store data sent from client is empty */
|
||||
memset(buf, 0, MAXLINE);
|
||||
|
||||
/* reads and displays data sent by client if no errors occur */
|
||||
|
|
@ -150,7 +192,8 @@ int main()
|
|||
if (n > 0) {
|
||||
printf("%s\n", buf);
|
||||
/* server response */
|
||||
if (wolfSSL_write(ssl, response, strlen(response)) > strlen(response)) {
|
||||
if (wolfSSL_write(ssl, response, strlen(response)) >
|
||||
strlen(response)) {
|
||||
printf("Fatal error : respond: write error\n");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue