made *-tls-ecdhe from *-tls
parent
74deab3262
commit
cc2fe9cae0
|
@ -51,23 +51,23 @@ android/wolfssljni-ndk-sample/proguard-project.txt
|
|||
/psk/server-psk
|
||||
/psk/server-tcp
|
||||
|
||||
/tls/client-callback
|
||||
/tls/client-tls-nonblocking
|
||||
/tls/client-tls-resume
|
||||
/tls/client-tls
|
||||
/tls/client-tls-writedup
|
||||
/tls/client-tcp
|
||||
/tls/memory-tls
|
||||
/tls/server-callback
|
||||
/tls/server-tls-nonblocking
|
||||
/tls/server-tls-threaded
|
||||
/tls/server-tls
|
||||
/tls/server-tcp
|
||||
/tls/client-tls
|
||||
/tls/client-tls-callback
|
||||
/tls/client-tls-ecdhe
|
||||
/tls/server-tls-ecdhe
|
||||
/tls/client-tls-nonblocking
|
||||
/tls/client-tls-perf
|
||||
/tls/client-tls-resume
|
||||
/tls/client-tls-writedup
|
||||
/tls/memory-tls
|
||||
/tls/server-tcp
|
||||
/tls/server-tls
|
||||
/tls/server-tls-callback
|
||||
/tls/server-tls-ecdhe
|
||||
/tls/server-tls-epoll-perf
|
||||
/tls/server-tls-epoll-threaded
|
||||
/tls/server-tls-nonblocking
|
||||
/tls/server-tls-threaded
|
||||
|
||||
crypto/3des/3des-file-encrypt
|
||||
crypto/aes/aes-file-encrypt
|
||||
|
|
|
@ -99,7 +99,7 @@ int main(int argc, char** argv)
|
|||
}
|
||||
|
||||
/* Print the message to stdout */
|
||||
printf("Recieved: %s\n", buff);
|
||||
printf("Recieved: %s\n", buff);
|
||||
|
||||
|
||||
/* Cleanup and return */
|
||||
|
|
|
@ -136,6 +136,8 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
|
|||
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
#define CERT_FILE "../certs/ca-cert.pem"
|
||||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
int sockfd;
|
||||
|
@ -175,10 +177,10 @@ int main(int argc, char** argv)
|
|||
}
|
||||
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please "
|
||||
"check the file.\n");
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,157 +18,156 @@
|
|||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/ssl.h> /* wolfSSL security library */
|
||||
#include <wolfssl/test.h>
|
||||
|
||||
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */
|
||||
#define SERV_PORT 11111 /* define default port number */
|
||||
/* the usual suspects */
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
const char* cert = "../certs/server-ecc.pem";
|
||||
/* socket includes */
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/*
|
||||
* clients initial contact with server. (socket to connect, security layer)
|
||||
*/
|
||||
int ClientGreet(int sock, WOLFSSL* ssl)
|
||||
{
|
||||
/* data to send to the server, data recieved from the server */
|
||||
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
|
||||
int ret = 0; /* variable for error checking */
|
||||
|
||||
printf("Message for server:\t");
|
||||
fgets(sendBuff, MAXDATASIZE, stdin);
|
||||
|
||||
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
|
||||
/* the message is not able to send, or error trying */
|
||||
ret = wolfSSL_get_error(ssl, 0);
|
||||
printf("Write error: Error: %i\n", ret);
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) {
|
||||
/* the server failed to send data, or error trying */
|
||||
ret = wolfSSL_get_error(ssl, 0);
|
||||
printf("Read error. Error: %i\n", ret);
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
printf("Recieved: \t%s\n", rcvBuff);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* applies TLS 1.2 security layer to data being sent.
|
||||
*/
|
||||
int Security(int sock)
|
||||
{
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl; /* create WOLFSSL object */
|
||||
int ret = 0;
|
||||
const char* myCert = "../certs/client-ecc-cert.pem";
|
||||
const char* myKey = "../certs/ecc-client-key.pem";
|
||||
char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305";
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
|
||||
wolfSSL_Init(); /* initialize wolfSSL */
|
||||
|
||||
/* create and initiLize WOLFSSL_CTX structure */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
printf("SSL_CTX_new error.\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
|
||||
err_sys("client can't set cipher list 1");
|
||||
|
||||
if (wolfSSL_CTX_use_certificate_chain_file(ctx, myCert)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load client cert file, check file and run from"
|
||||
" wolfSSL home dir");
|
||||
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, myKey, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load client private key file, check file and run "
|
||||
"from wolfSSL home dir");
|
||||
|
||||
/* load CA certificates into wolfSSL_CTX. which will verify the server */
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
|
||||
printf("Error loading %s. Please check the file.\n", cert);
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
if ((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
printf("wolfSSL_new error.\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
wolfSSL_set_fd(ssl, sock);
|
||||
|
||||
ret = wolfSSL_connect(ssl);
|
||||
if (ret == SSL_SUCCESS) {
|
||||
ret = ClientGreet(sock, ssl);
|
||||
} else {
|
||||
printf("Failure:");
|
||||
ret = wolfSSL_get_error(ssl, 0);
|
||||
printf(" ret = %d", ret);
|
||||
printf(" %s\n", wolfSSL_ERR_error_string(ret, buffer));
|
||||
}
|
||||
/* wolfSSL */
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
|
||||
/* frees all data before client termination */
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
wolfSSL_Cleanup();
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
return ret;
|
||||
}
|
||||
#define CERT_FILE "../certs/server-ecc.pem"
|
||||
|
||||
#define ECC_FILE "../certs/client-ecc-cert.pem"
|
||||
#define KEY_FILE "../certs/ecc-client-key.pem"
|
||||
#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||
|
||||
/*
|
||||
* Command line argumentCount and argumentValues
|
||||
*/
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
int sockfd; /* socket file descriptor */
|
||||
struct sockaddr_in servAddr; /* struct for server address */
|
||||
int ret = 0; /* variable for error checking */
|
||||
int sockfd;
|
||||
struct sockaddr_in servAddr;
|
||||
char buff[256];
|
||||
size_t len;
|
||||
|
||||
/* declare wolfSSL objects */
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
|
||||
/* Check for proper calling convention */
|
||||
if (argc != 2) {
|
||||
/* if the number of arguments is not two, error */
|
||||
printf("usage: ./client-tcp <IP address>\n");
|
||||
return EXIT_FAILURE;
|
||||
printf("usage: %s <IPv4 address>\n", argv[0]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* internet address family, stream based tcp, default protocol */
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
||||
if (sockfd < 0) {
|
||||
printf("Failed to create socket. Error: %i\n", errno);
|
||||
return EXIT_FAILURE;
|
||||
/* Initialize wolfSSL */
|
||||
wolfSSL_Init();
|
||||
|
||||
|
||||
/* Create a socket that uses an internet IPv4 address,
|
||||
* Sets the socket to be stream based (TCP),
|
||||
* 0 means choose the default protocol. */
|
||||
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
|
||||
fprintf(stderr, "ERROR: failed to create the socket\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
memset(&servAddr, 0, sizeof(servAddr)); /* clears memory block for use */
|
||||
servAddr.sin_family = AF_INET; /* sets addressfamily to internet*/
|
||||
servAddr.sin_port = htons(SERV_PORT); /* sets port to defined port */
|
||||
|
||||
/* looks for the server at the entered address (ip in the command line) */
|
||||
if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) < 1) {
|
||||
/* checks validity of address */
|
||||
ret = errno;
|
||||
printf("Invalid Address. Error: %i\n", ret);
|
||||
return EXIT_FAILURE;
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
|
||||
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
|
||||
/* if socket fails to connect to the server*/
|
||||
ret = errno;
|
||||
printf("Connect error. Error: %i\n", ret);
|
||||
return EXIT_FAILURE;
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
Security(sockfd);
|
||||
|
||||
return ret;
|
||||
/* Load client ecc certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ECC_FILE) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
ECC_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Load client ecc key into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
KEY_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Set cipher list */
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to set cipher list\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Initialize the server address struct with zeros */
|
||||
memset(&servAddr, 0, sizeof(servAddr));
|
||||
|
||||
/* Fill in the server address */
|
||||
servAddr.sin_family = AF_INET; /* using IPv4 */
|
||||
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
|
||||
|
||||
/* Get the server IPv4 address from the command line call */
|
||||
if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) {
|
||||
fprintf(stderr, "ERROR: invalid Address\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Connect to the server */
|
||||
if (connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)) < 0) {
|
||||
fprintf(stderr, "ERROR: failed to connect\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Create a WOLFSSL object */
|
||||
if ((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Attach wolfSSL to the socket */
|
||||
wolfSSL_set_fd(ssl, sockfd);
|
||||
|
||||
|
||||
/* Get a message for the server from stdin */
|
||||
printf("Message for server: ");
|
||||
memset(buff, 0, sizeof(buff));
|
||||
fgets(buff, sizeof(buff), stdin);
|
||||
len = strnlen(buff, sizeof(buff));
|
||||
|
||||
/* Send the message */
|
||||
if (wolfSSL_write(ssl, buff, len) != len) {
|
||||
fprintf(stderr, "ERROR: failed to write\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Get a response from the server */
|
||||
memset(buff, 0, sizeof(buff));
|
||||
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) < 0) {
|
||||
fprintf(stderr, "ERROR: failed to read\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Print the message to stdout */
|
||||
printf("Recieved: %s\n", buff);
|
||||
|
||||
|
||||
/* Cleanup and return */
|
||||
wolfSSL_free(ssl); /* Free the wolfSSL object */
|
||||
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
|
||||
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
|
||||
return 0; /* Return reporting a success */
|
||||
}
|
||||
|
|
|
@ -36,6 +36,8 @@
|
|||
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
#define CERT_FILE "../certs/ca-cert.pem"
|
||||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
int sockfd;
|
||||
|
@ -75,10 +77,10 @@ int main(int argc, char** argv)
|
|||
}
|
||||
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please "
|
||||
"check the file.\n");
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -136,6 +136,10 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
|
|||
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
#define CERT_FILE "../certs/server-cert.pem"
|
||||
#define KEY_FILE "../certs/server-key.pem"
|
||||
#define DH_FILE "../certs/dh2048.pem"
|
||||
|
||||
int main()
|
||||
{
|
||||
int sockfd;
|
||||
|
@ -171,23 +175,23 @@ int main()
|
|||
}
|
||||
|
||||
/* Load server certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please "
|
||||
"check the file.\n");
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Load server key into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please "
|
||||
"check the file.\n");
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
KEY_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Set DH params for WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM)
|
||||
if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to set DH parameters.\n");
|
||||
return -1;
|
||||
|
|
|
@ -17,184 +17,169 @@
|
|||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*=============================================================================
|
||||
*
|
||||
* This is a super basic example of what a TCP Server secured with TLS 1.2
|
||||
* might look like. This server can also resume the session if a client
|
||||
* inadvertantly disconnects.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <string.h>
|
||||
#include <netinet/in.h>
|
||||
/* the usual suspects */
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <wolfssl/options.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
/* include the wolfSSL library for our TLS 1.2 security */
|
||||
/* socket includes */
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/* wolfSSL */
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
|
||||
clientAddr);
|
||||
|
||||
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
|
||||
clientAddr)
|
||||
{
|
||||
/* Create our reply message */
|
||||
const char reply[] = "I hear ya fa shizzle!\n";
|
||||
socklen_t size = sizeof(clientAddr);
|
||||
|
||||
/* Wait until a client connects */
|
||||
socklen_t connd = accept(sockfd, (struct sockaddr *)&clientAddr, &size);
|
||||
|
||||
/* If fails to connect,int loop back up and wait for a new connection */
|
||||
if (connd == -1) {
|
||||
printf("failed to accept the connection..\n");
|
||||
}
|
||||
/* If it connects, read in and reply to the client */
|
||||
else {
|
||||
printf("Client connected successfully\n");
|
||||
WOLFSSL* ssl;
|
||||
|
||||
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_new error.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/* direct our ssl to our clients connection */
|
||||
wolfSSL_set_fd(ssl, connd);
|
||||
|
||||
printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
|
||||
ssl));
|
||||
|
||||
for ( ; ; ) {
|
||||
char buff[256];
|
||||
int ret = 0;
|
||||
|
||||
/* Clear the buffer memory for anything possibly left over */
|
||||
memset(&buff, 0, sizeof(buff));
|
||||
|
||||
/* Read the client data into our buff array */
|
||||
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
|
||||
/* Print any data the client sends to the console */
|
||||
printf("Client: %s\n", buff);
|
||||
|
||||
/* Reply back to the client */
|
||||
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
|
||||
< 0)
|
||||
{
|
||||
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
|
||||
}
|
||||
break;
|
||||
}
|
||||
/* if the client disconnects break the loop */
|
||||
else {
|
||||
if (ret < 0)
|
||||
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
|
||||
,ret));
|
||||
else if (ret == 0)
|
||||
printf("The client has closed the connection.\n");
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
wolfSSL_free(ssl); /* Free the WOLFSSL object */
|
||||
}
|
||||
close(connd); /* close the connected socket */
|
||||
|
||||
return 0;
|
||||
}
|
||||
#define CERT_FILE "../certs/server-ecc.pem"
|
||||
#define KEY_FILE "../certs/ecc-key.pem"
|
||||
|
||||
#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||
|
||||
int main()
|
||||
{
|
||||
/* Create a ctx pointer for our ssl */
|
||||
WOLFSSL_CTX* ctx;
|
||||
int sockfd;
|
||||
int connd;
|
||||
struct sockaddr_in servAddr;
|
||||
struct sockaddr_in clientAddr;
|
||||
socklen_t size = sizeof(clientAddr);
|
||||
char buff[256];
|
||||
int ret = 0;
|
||||
|
||||
/* declare wolfSSL objects */
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
/*
|
||||
* Creates a socket that uses an internet IP address,
|
||||
* Sets the type to be Stream based (TCP),
|
||||
* 0 means choose the default protocol.
|
||||
*/
|
||||
socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
int loopExit = 0; /* 0 = False, 1 = True */
|
||||
int ret = 0; /* Return value */
|
||||
/* Server and client socket address structures */
|
||||
struct sockaddr_in serverAddr = {0}, clientAddr = {0};
|
||||
char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305";
|
||||
|
||||
/* Initialize wolfSSL */
|
||||
wolfSSL_Init();
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
|
||||
/* If positive value, the socket is valid */
|
||||
if (sockfd == -1) {
|
||||
printf("ERROR: failed to create the socket\n");
|
||||
return EXIT_FAILURE; /* Kill the server with exit status 1 */
|
||||
/* Create a socket that uses an internet IPv4 address,
|
||||
* Sets the socket to be stream based (TCP),
|
||||
* 0 means choose the default protocol. */
|
||||
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
|
||||
fprintf(stderr, "ERROR: failed to create the socket\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create and initialize WOLFSSL_CTX structure */
|
||||
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
|
||||
fprintf(stderr, "wolfSSL_CTX_new error.\n");
|
||||
return EXIT_FAILURE;
|
||||
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Load server certificate into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-ecc.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
|
||||
"the file.\n");
|
||||
return EXIT_FAILURE;
|
||||
/* Load server certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Load server key into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/ecc-key.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "Error loading certs/server-key.pem, please check"
|
||||
"the file.\n");
|
||||
return EXIT_FAILURE;
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
KEY_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
|
||||
printf("client can't set cipher list 1");
|
||||
|
||||
/* Initialize the server address struct to zero */
|
||||
memset((char *)&serverAddr, 0, sizeof(serverAddr));
|
||||
|
||||
/* Fill the server's address family */
|
||||
serverAddr.sin_family = AF_INET;
|
||||
serverAddr.sin_addr.s_addr = INADDR_ANY;
|
||||
serverAddr.sin_port = htons(DEFAULT_PORT);
|
||||
|
||||
/* Attach the server socket to our port */
|
||||
if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr))
|
||||
< 0) {
|
||||
printf("ERROR: failed to bind\n");
|
||||
return EXIT_FAILURE;
|
||||
/* Set cipher list */
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to set cipher list\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Initialize the server address struct with zeros */
|
||||
memset(&servAddr, 0, sizeof(servAddr));
|
||||
|
||||
/* Fill in the server address */
|
||||
servAddr.sin_family = AF_INET; /* using IPv4 */
|
||||
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
|
||||
servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
|
||||
|
||||
|
||||
/* Bind the server socket to our port */
|
||||
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) {
|
||||
fprintf(stderr, "ERROR: failed to bind\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Listen for a new connection, allow 5 pending connections */
|
||||
if (listen(sockfd, 5) == -1) {
|
||||
fprintf(stderr, "ERROR: failed to listen\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
printf("Waiting for a connection...\n");
|
||||
/* Continuously accept connects while not currently in an active connection
|
||||
or told to quit */
|
||||
while (loopExit == 0) {
|
||||
/* listen for a new connection, allow 5 pending connections */
|
||||
ret = listen(sockfd, 5);
|
||||
if (ret == 0) {
|
||||
/* Accept client connections and read from them */
|
||||
loopExit = AcceptAndRead(ctx, sockfd, clientAddr);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
/* Accept client connections */
|
||||
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) {
|
||||
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
|
||||
wolfSSL_Cleanup(); /* Free wolfSSL */
|
||||
return EXIT_SUCCESS;
|
||||
|
||||
/* Create a WOLFSSL object */
|
||||
if ((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* Attach wolfSSL to the socket */
|
||||
wolfSSL_set_fd(ssl, connd);
|
||||
|
||||
|
||||
printf("Client connected successfully\n");
|
||||
|
||||
/* Read in from the client while there is something to read */
|
||||
do {
|
||||
/* Clear the buffer memory for anything possibly left over */
|
||||
memset(buff, 0, sizeof(buff));
|
||||
|
||||
|
||||
/* Read the client data into our buff array */
|
||||
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) > 0) {
|
||||
/* Print any data the client sends to the console */
|
||||
printf("Client: %s\n", buff);
|
||||
|
||||
|
||||
/* Write our reply into buff */
|
||||
memset(buff, 0, sizeof(buff));
|
||||
memcpy(buff, "I hear ya fa shizzle!\n", 23);
|
||||
|
||||
|
||||
/* Reply back to the client */
|
||||
if (wolfSSL_write(ssl, buff, sizeof(buff)-1) < 0) {
|
||||
fprintf(stderr, "ERROR: failed to write\n");
|
||||
}
|
||||
}
|
||||
} while (ret > 0);
|
||||
|
||||
|
||||
/* Check for a read error condition */
|
||||
if (ret == 0) {
|
||||
printf("Client has closed the connection.\n");
|
||||
}
|
||||
else {
|
||||
fprintf(stderr, "ERROR: failed to read\n");
|
||||
}
|
||||
|
||||
|
||||
/* Cleanup and return */
|
||||
wolfSSL_free(ssl); /* Free the wolfSSL object */
|
||||
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
|
||||
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
|
||||
return 0; /* Return reporting a success */
|
||||
}
|
||||
|
|
|
@ -36,6 +36,10 @@
|
|||
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
#define CERT_FILE "../certs/server-cert.pem"
|
||||
#define KEY_FILE "../certs/server-key.pem"
|
||||
#define DH_FILE "../certs/dh2048.pem"
|
||||
|
||||
int main()
|
||||
{
|
||||
int sockfd;
|
||||
|
@ -71,23 +75,23 @@ int main()
|
|||
}
|
||||
|
||||
/* Load server certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please "
|
||||
"check the file.\n");
|
||||
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
CERT_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Load server key into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please "
|
||||
"check the file.\n");
|
||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
|
||||
KEY_FILE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Set DH params for WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM)
|
||||
if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS) {
|
||||
fprintf(stderr, "ERROR: failed to set DH parameters.\n");
|
||||
return -1;
|
||||
|
|
Loading…
Reference in New Issue