From cc2fe9cae09a3df0154ef7952a5731324a8c8a5a Mon Sep 17 00:00:00 2001 From: Levi Rak Date: Wed, 31 May 2017 14:05:02 -0600 Subject: [PATCH] made *-tls-ecdhe from *-tls --- .gitignore | 24 ++-- tls/client-tcp.c | 2 +- tls/client-tls-callback.c | 8 +- tls/client-tls-ecdhe.c | 263 ++++++++++++++++++----------------- tls/client-tls.c | 8 +- tls/server-tls-callback.c | 22 +-- tls/server-tls-ecdhe.c | 279 ++++++++++++++++++-------------------- tls/server-tls.c | 22 +-- 8 files changed, 312 insertions(+), 316 deletions(-) diff --git a/.gitignore b/.gitignore index 1716ae1b..b1322dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -51,23 +51,23 @@ android/wolfssljni-ndk-sample/proguard-project.txt /psk/server-psk /psk/server-tcp -/tls/client-callback -/tls/client-tls-nonblocking -/tls/client-tls-resume -/tls/client-tls -/tls/client-tls-writedup /tls/client-tcp -/tls/memory-tls -/tls/server-callback -/tls/server-tls-nonblocking -/tls/server-tls-threaded -/tls/server-tls -/tls/server-tcp +/tls/client-tls +/tls/client-tls-callback /tls/client-tls-ecdhe -/tls/server-tls-ecdhe +/tls/client-tls-nonblocking /tls/client-tls-perf +/tls/client-tls-resume +/tls/client-tls-writedup +/tls/memory-tls +/tls/server-tcp +/tls/server-tls +/tls/server-tls-callback +/tls/server-tls-ecdhe /tls/server-tls-epoll-perf /tls/server-tls-epoll-threaded +/tls/server-tls-nonblocking +/tls/server-tls-threaded crypto/3des/3des-file-encrypt crypto/aes/aes-file-encrypt diff --git a/tls/client-tcp.c b/tls/client-tcp.c index 1ab10488..3fea4a2f 100644 --- a/tls/client-tcp.c +++ b/tls/client-tcp.c @@ -99,7 +99,7 @@ int main(int argc, char** argv) } /* Print the message to stdout */ - printf("Recieved: %s\n", buff); + printf("Recieved: %s\n", buff); /* Cleanup and return */ diff --git a/tls/client-tls-callback.c b/tls/client-tls-callback.c index b5bb244f..725a58d9 100644 --- a/tls/client-tls-callback.c +++ b/tls/client-tls-callback.c @@ -136,6 +136,8 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx) #define DEFAULT_PORT 11111 +#define CERT_FILE "../certs/ca-cert.pem" + int main(int argc, char** argv) { int sockfd; @@ -175,10 +177,10 @@ int main(int argc, char** argv) } /* Load client certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL) + if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please " - "check the file.\n"); + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); return -1; } diff --git a/tls/client-tls-ecdhe.c b/tls/client-tls-ecdhe.c index c3881c04..ec14f8e7 100644 --- a/tls/client-tls-ecdhe.c +++ b/tls/client-tls-ecdhe.c @@ -18,157 +18,156 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -#include -#include -#include -#include -#include -#include -#include /* wolfSSL security library */ -#include -#define MAXDATASIZE 4096 /* maximum acceptable amount of data */ -#define SERV_PORT 11111 /* define default port number */ +/* the usual suspects */ +#include +#include +#include -const char* cert = "../certs/server-ecc.pem"; +/* socket includes */ +#include +#include +#include +#include -/* - * clients initial contact with server. (socket to connect, security layer) - */ -int ClientGreet(int sock, WOLFSSL* ssl) -{ - /* data to send to the server, data recieved from the server */ - char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; - int ret = 0; /* variable for error checking */ - - printf("Message for server:\t"); - fgets(sendBuff, MAXDATASIZE, stdin); - - if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { - /* the message is not able to send, or error trying */ - ret = wolfSSL_get_error(ssl, 0); - printf("Write error: Error: %i\n", ret); - return EXIT_FAILURE; - } - - if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) { - /* the server failed to send data, or error trying */ - ret = wolfSSL_get_error(ssl, 0); - printf("Read error. Error: %i\n", ret); - return EXIT_FAILURE; - } - printf("Recieved: \t%s\n", rcvBuff); - - return ret; -} - -/* - * applies TLS 1.2 security layer to data being sent. - */ -int Security(int sock) -{ - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; /* create WOLFSSL object */ - int ret = 0; - const char* myCert = "../certs/client-ecc-cert.pem"; - const char* myKey = "../certs/ecc-client-key.pem"; - char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305"; - char buffer[WOLFSSL_MAX_ERROR_SZ]; - - wolfSSL_Init(); /* initialize wolfSSL */ - - /* create and initiLize WOLFSSL_CTX structure */ - if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { - printf("SSL_CTX_new error.\n"); - return EXIT_FAILURE; - } - - if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - err_sys("client can't set cipher list 1"); - - if (wolfSSL_CTX_use_certificate_chain_file(ctx, myCert) - != SSL_SUCCESS) - err_sys("can't load client cert file, check file and run from" - " wolfSSL home dir"); - - if (wolfSSL_CTX_use_PrivateKey_file(ctx, myKey, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load client private key file, check file and run " - "from wolfSSL home dir"); - - /* load CA certificates into wolfSSL_CTX. which will verify the server */ - if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { - printf("Error loading %s. Please check the file.\n", cert); - return EXIT_FAILURE; - } - - if ((ssl = wolfSSL_new(ctx)) == NULL) { - printf("wolfSSL_new error.\n"); - return EXIT_FAILURE; - } - wolfSSL_set_fd(ssl, sock); - - ret = wolfSSL_connect(ssl); - if (ret == SSL_SUCCESS) { - ret = ClientGreet(sock, ssl); - } else { - printf("Failure:"); - ret = wolfSSL_get_error(ssl, 0); - printf(" ret = %d", ret); - printf(" %s\n", wolfSSL_ERR_error_string(ret, buffer)); - } +/* wolfSSL */ +#include - /* frees all data before client termination */ - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); - wolfSSL_Cleanup(); +#define DEFAULT_PORT 11111 - return ret; -} +#define CERT_FILE "../certs/server-ecc.pem" + +#define ECC_FILE "../certs/client-ecc-cert.pem" +#define KEY_FILE "../certs/ecc-client-key.pem" +#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305" -/* - * Command line argumentCount and argumentValues - */ int main(int argc, char** argv) { - int sockfd; /* socket file descriptor */ - struct sockaddr_in servAddr; /* struct for server address */ - int ret = 0; /* variable for error checking */ + int sockfd; + struct sockaddr_in servAddr; + char buff[256]; + size_t len; + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + + /* Check for proper calling convention */ if (argc != 2) { - /* if the number of arguments is not two, error */ - printf("usage: ./client-tcp \n"); - return EXIT_FAILURE; + printf("usage: %s \n", argv[0]); + return 0; } - /* internet address family, stream based tcp, default protocol */ - sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd < 0) { - printf("Failed to create socket. Error: %i\n", errno); - return EXIT_FAILURE; + /* Initialize wolfSSL */ + wolfSSL_Init(); + + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + return -1; } - memset(&servAddr, 0, sizeof(servAddr)); /* clears memory block for use */ - servAddr.sin_family = AF_INET; /* sets addressfamily to internet*/ - servAddr.sin_port = htons(SERV_PORT); /* sets port to defined port */ - /* looks for the server at the entered address (ip in the command line) */ - if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) < 1) { - /* checks validity of address */ - ret = errno; - printf("Invalid Address. Error: %i\n", ret); - return EXIT_FAILURE; + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + return -1; } - if (connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) { - /* if socket fails to connect to the server*/ - ret = errno; - printf("Connect error. Error: %i\n", ret); - return EXIT_FAILURE; + /* Load client certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + return -1; } - Security(sockfd); - return ret; + /* Load client ecc certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_certificate_chain_file(ctx, ECC_FILE) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + ECC_FILE); + return -1; + } + + /* Load client ecc key into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); + return -1; + } + + /* Set cipher list */ + if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set cipher list\n"); + return -1; + } + + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) { + fprintf(stderr, "ERROR: invalid Address\n"); + return -1; + } + + + /* Connect to the server */ + if (connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)) < 0) { + fprintf(stderr, "ERROR: failed to connect\n"); + return -1; + } + + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + return -1; + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, sockfd); + + + /* Get a message for the server from stdin */ + printf("Message for server: "); + memset(buff, 0, sizeof(buff)); + fgets(buff, sizeof(buff), stdin); + len = strnlen(buff, sizeof(buff)); + + /* Send the message */ + if (wolfSSL_write(ssl, buff, len) != len) { + fprintf(stderr, "ERROR: failed to write\n"); + return -1; + } + + + /* Get a response from the server */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) < 0) { + fprintf(stderr, "ERROR: failed to read\n"); + return -1; + } + + /* Print the message to stdout */ + printf("Recieved: %s\n", buff); + + + /* Cleanup and return */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + return 0; /* Return reporting a success */ } diff --git a/tls/client-tls.c b/tls/client-tls.c index 63d60367..4dcf6fe3 100644 --- a/tls/client-tls.c +++ b/tls/client-tls.c @@ -36,6 +36,8 @@ #define DEFAULT_PORT 11111 +#define CERT_FILE "../certs/ca-cert.pem" + int main(int argc, char** argv) { int sockfd; @@ -75,10 +77,10 @@ int main(int argc, char** argv) } /* Load client certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL) + if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please " - "check the file.\n"); + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); return -1; } diff --git a/tls/server-tls-callback.c b/tls/server-tls-callback.c index 1d8a7ace..abc48391 100644 --- a/tls/server-tls-callback.c +++ b/tls/server-tls-callback.c @@ -136,6 +136,10 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx) #define DEFAULT_PORT 11111 +#define CERT_FILE "../certs/server-cert.pem" +#define KEY_FILE "../certs/server-key.pem" +#define DH_FILE "../certs/dh2048.pem" + int main() { int sockfd; @@ -171,23 +175,23 @@ int main() } /* Load server certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please " - "check the file.\n"); + if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); return -1; } /* Load server key into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please " - "check the file.\n"); + if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); return -1; } /* Set DH params for WOLFSSL_CTX */ - if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM) + if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "ERROR: failed to set DH parameters.\n"); return -1; diff --git a/tls/server-tls-ecdhe.c b/tls/server-tls-ecdhe.c index 1bfa9886..951de5e8 100644 --- a/tls/server-tls-ecdhe.c +++ b/tls/server-tls-ecdhe.c @@ -17,184 +17,169 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - *============================================================================= - * - * This is a super basic example of what a TCP Server secured with TLS 1.2 - * might look like. This server can also resume the session if a client - * inadvertantly disconnects. */ -#include -#include -#include -#include -#include -#include +/* the usual suspects */ #include -#include -#include +#include +#include -/* include the wolfSSL library for our TLS 1.2 security */ +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ #include + #define DEFAULT_PORT 11111 -int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in - clientAddr); - -int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in - clientAddr) -{ - /* Create our reply message */ - const char reply[] = "I hear ya fa shizzle!\n"; - socklen_t size = sizeof(clientAddr); - - /* Wait until a client connects */ - socklen_t connd = accept(sockfd, (struct sockaddr *)&clientAddr, &size); - - /* If fails to connect,int loop back up and wait for a new connection */ - if (connd == -1) { - printf("failed to accept the connection..\n"); - } - /* If it connects, read in and reply to the client */ - else { - printf("Client connected successfully\n"); - WOLFSSL* ssl; - - if ( (ssl = wolfSSL_new(ctx)) == NULL) { - fprintf(stderr, "wolfSSL_new error.\n"); - exit(EXIT_FAILURE); - } - - /* direct our ssl to our clients connection */ - wolfSSL_set_fd(ssl, connd); - - printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock( - ssl)); - - for ( ; ; ) { - char buff[256]; - int ret = 0; - - /* Clear the buffer memory for anything possibly left over */ - memset(&buff, 0, sizeof(buff)); - - /* Read the client data into our buff array */ - if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { - /* Print any data the client sends to the console */ - printf("Client: %s\n", buff); - - /* Reply back to the client */ - if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1)) - < 0) - { - printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret)); - } - break; - } - /* if the client disconnects break the loop */ - else { - if (ret < 0) - printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl - ,ret)); - else if (ret == 0) - printf("The client has closed the connection.\n"); - - break; - } - } - wolfSSL_free(ssl); /* Free the WOLFSSL object */ - } - close(connd); /* close the connected socket */ - - return 0; -} +#define CERT_FILE "../certs/server-ecc.pem" +#define KEY_FILE "../certs/ecc-key.pem" +#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305" int main() { - /* Create a ctx pointer for our ssl */ - WOLFSSL_CTX* ctx; + int sockfd; + int connd; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + int ret = 0; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; - /* - * Creates a socket that uses an internet IP address, - * Sets the type to be Stream based (TCP), - * 0 means choose the default protocol. - */ - socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0); - int loopExit = 0; /* 0 = False, 1 = True */ - int ret = 0; /* Return value */ - /* Server and client socket address structures */ - struct sockaddr_in serverAddr = {0}, clientAddr = {0}; - char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305"; /* Initialize wolfSSL */ wolfSSL_Init(); -#ifdef DEBUG_WOLFSSL - wolfSSL_Debugging_ON(); -#endif - /* If positive value, the socket is valid */ - if (sockfd == -1) { - printf("ERROR: failed to create the socket\n"); - return EXIT_FAILURE; /* Kill the server with exit status 1 */ + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + return -1; } - /* create and initialize WOLFSSL_CTX structure */ + + /* Create and initialize WOLFSSL_CTX */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { - fprintf(stderr, "wolfSSL_CTX_new error.\n"); - return EXIT_FAILURE; + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + return -1; } - /* Load server certificate into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-ecc.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "Error loading certs/server-cert.pem, please check" - "the file.\n"); - return EXIT_FAILURE; + /* Load server certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + return -1; } /* Load server key into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/ecc-key.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "Error loading certs/server-key.pem, please check" - "the file.\n"); - return EXIT_FAILURE; + if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); + return -1; } - if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - printf("client can't set cipher list 1"); - - /* Initialize the server address struct to zero */ - memset((char *)&serverAddr, 0, sizeof(serverAddr)); - - /* Fill the server's address family */ - serverAddr.sin_family = AF_INET; - serverAddr.sin_addr.s_addr = INADDR_ANY; - serverAddr.sin_port = htons(DEFAULT_PORT); - - /* Attach the server socket to our port */ - if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) - < 0) { - printf("ERROR: failed to bind\n"); - return EXIT_FAILURE; + /* Set cipher list */ + if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set cipher list\n"); + return -1; } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) { + fprintf(stderr, "ERROR: failed to bind\n"); + return -1; + } + + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + return -1; + } + + printf("Waiting for a connection...\n"); - /* Continuously accept connects while not currently in an active connection - or told to quit */ - while (loopExit == 0) { - /* listen for a new connection, allow 5 pending connections */ - ret = listen(sockfd, 5); - if (ret == 0) { - /* Accept client connections and read from them */ - loopExit = AcceptAndRead(ctx, sockfd, clientAddr); - ret = -1; - } + + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + return -1; } - wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */ - wolfSSL_Cleanup(); /* Free wolfSSL */ - return EXIT_SUCCESS; + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + return -1; + } + + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, connd); + + + printf("Client connected successfully\n"); + + /* Read in from the client while there is something to read */ + do { + /* Clear the buffer memory for anything possibly left over */ + memset(buff, 0, sizeof(buff)); + + + /* Read the client data into our buff array */ + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) > 0) { + /* Print any data the client sends to the console */ + printf("Client: %s\n", buff); + + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, "I hear ya fa shizzle!\n", 23); + + + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, sizeof(buff)-1) < 0) { + fprintf(stderr, "ERROR: failed to write\n"); + } + } + } while (ret > 0); + + + /* Check for a read error condition */ + if (ret == 0) { + printf("Client has closed the connection.\n"); + } + else { + fprintf(stderr, "ERROR: failed to read\n"); + } + + + /* Cleanup and return */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + return 0; /* Return reporting a success */ } diff --git a/tls/server-tls.c b/tls/server-tls.c index ace0cd44..f943dbf5 100644 --- a/tls/server-tls.c +++ b/tls/server-tls.c @@ -36,6 +36,10 @@ #define DEFAULT_PORT 11111 +#define CERT_FILE "../certs/server-cert.pem" +#define KEY_FILE "../certs/server-key.pem" +#define DH_FILE "../certs/dh2048.pem" + int main() { int sockfd; @@ -71,23 +75,23 @@ int main() } /* Load server certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please " - "check the file.\n"); + if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); return -1; } /* Load server key into WOLFSSL_CTX */ - if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please " - "check the file.\n"); + if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); return -1; } /* Set DH params for WOLFSSL_CTX */ - if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM) + if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "ERROR: failed to set DH parameters.\n"); return -1;