123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350 |
- /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
- #include <stdio.h>
- #include <unistd.h>
- #include <string.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- #include <signal.h>
- static const int server_port = 4433;
- typedef unsigned char bool;
- #define true 1
- #define false 0
- /*
- * This flag won't be useful until both accept/read (TCP & SSL) methods
- * can be called with a timeout. TBD.
- */
- static volatile bool server_running = true;
- int create_socket(bool isServer)
- {
- int s;
- int optval = 1;
- struct sockaddr_in addr;
- s = socket(AF_INET, SOCK_STREAM, 0);
- if (s < 0) {
- perror("Unable to create socket");
- exit(EXIT_FAILURE);
- }
- if (isServer) {
- addr.sin_family = AF_INET;
- addr.sin_port = htons(server_port);
- addr.sin_addr.s_addr = INADDR_ANY;
- /* Reuse the address; good for quick restarts */
- if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval))
- < 0) {
- perror("setsockopt(SO_REUSEADDR) failed");
- exit(EXIT_FAILURE);
- }
- if (bind(s, (struct sockaddr*) &addr, sizeof(addr)) < 0) {
- perror("Unable to bind");
- exit(EXIT_FAILURE);
- }
- if (listen(s, 1) < 0) {
- perror("Unable to listen");
- exit(EXIT_FAILURE);
- }
- }
- return s;
- }
- SSL_CTX* create_context(bool isServer)
- {
- const SSL_METHOD *method;
- SSL_CTX *ctx;
- if (isServer)
- method = TLS_server_method();
- else
- method = TLS_client_method();
- ctx = SSL_CTX_new(method);
- if (ctx == NULL) {
- perror("Unable to create SSL context");
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- return ctx;
- }
- void configure_server_context(SSL_CTX *ctx)
- {
- /* Set the key and cert */
- if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) {
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- }
- void configure_client_context(SSL_CTX *ctx)
- {
- /*
- * Configure the client to abort the handshake if certificate verification
- * fails
- */
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
- /*
- * In a real application you would probably just use the default system certificate trust store and call:
- * SSL_CTX_set_default_verify_paths(ctx);
- * In this demo though we are using a self-signed certificate, so the client must trust it directly.
- */
- if (!SSL_CTX_load_verify_locations(ctx, "cert.pem", NULL)) {
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- }
- void usage(void)
- {
- printf("Usage: sslecho s\n");
- printf(" --or--\n");
- printf(" sslecho c ip\n");
- printf(" c=client, s=server, ip=dotted ip of server\n");
- exit(EXIT_FAILURE);
- }
- int main(int argc, char **argv)
- {
- bool isServer;
- int result;
- SSL_CTX *ssl_ctx = NULL;
- SSL *ssl = NULL;
- int server_skt = -1;
- int client_skt = -1;
- /* used by getline relying on realloc, can't be statically allocated */
- char *txbuf = NULL;
- size_t txcap = 0;
- int txlen;
- char rxbuf[128];
- size_t rxcap = sizeof(rxbuf);
- int rxlen;
- char *rem_server_ip = NULL;
- struct sockaddr_in addr;
- unsigned int addr_len = sizeof(addr);
- /* ignore SIGPIPE so that server can continue running when client pipe closes abruptly */
- signal(SIGPIPE, SIG_IGN);
- /* Splash */
- printf("\nsslecho : Simple Echo Client/Server : %s : %s\n\n", __DATE__,
- __TIME__);
- /* Need to know if client or server */
- if (argc < 2) {
- usage();
- /* NOTREACHED */
- }
- isServer = (argv[1][0] == 's') ? true : false;
- /* If client get remote server address (could be 127.0.0.1) */
- if (!isServer) {
- if (argc != 3) {
- usage();
- /* NOTREACHED */
- }
- rem_server_ip = argv[2];
- }
- /* Create context used by both client and server */
- ssl_ctx = create_context(isServer);
- /* If server */
- if (isServer) {
- printf("We are the server on port: %d\n\n", server_port);
- /* Configure server context with appropriate key files */
- configure_server_context(ssl_ctx);
- /* Create server socket; will bind with server port and listen */
- server_skt = create_socket(true);
- /*
- * Loop to accept clients.
- * Need to implement timeouts on TCP & SSL connect/read functions
- * before we can catch a CTRL-C and kill the server.
- */
- while (server_running) {
- /* Wait for TCP connection from client */
- client_skt = accept(server_skt, (struct sockaddr*) &addr,
- &addr_len);
- if (client_skt < 0) {
- perror("Unable to accept");
- exit(EXIT_FAILURE);
- }
- printf("Client TCP connection accepted\n");
- /* Create server SSL structure using newly accepted client socket */
- ssl = SSL_new(ssl_ctx);
- SSL_set_fd(ssl, client_skt);
- /* Wait for SSL connection from the client */
- if (SSL_accept(ssl) <= 0) {
- ERR_print_errors_fp(stderr);
- server_running = false;
- } else {
- printf("Client SSL connection accepted\n\n");
- /* Echo loop */
- while (true) {
- /* Get message from client; will fail if client closes connection */
- if ((rxlen = SSL_read(ssl, rxbuf, rxcap)) <= 0) {
- if (rxlen == 0) {
- printf("Client closed connection\n");
- } else {
- printf("SSL_read returned %d\n", rxlen);
- }
- ERR_print_errors_fp(stderr);
- break;
- }
- /* Insure null terminated input */
- rxbuf[rxlen] = 0;
- /* Look for kill switch */
- if (strcmp(rxbuf, "kill\n") == 0) {
- /* Terminate...with extreme prejudice */
- printf("Server received 'kill' command\n");
- server_running = false;
- break;
- }
- /* Show received message */
- printf("Received: %s", rxbuf);
- /* Echo it back */
- if (SSL_write(ssl, rxbuf, rxlen) <= 0) {
- ERR_print_errors_fp(stderr);
- }
- }
- }
- if (server_running) {
- /* Cleanup for next client */
- SSL_shutdown(ssl);
- SSL_free(ssl);
- close(client_skt);
- }
- }
- printf("Server exiting...\n");
- }
- /* Else client */
- else {
- printf("We are the client\n\n");
- /* Configure client context so we verify the server correctly */
- configure_client_context(ssl_ctx);
- /* Create "bare" socket */
- client_skt = create_socket(false);
- /* Set up connect address */
- addr.sin_family = AF_INET;
- inet_pton(AF_INET, rem_server_ip, &addr.sin_addr.s_addr);
- addr.sin_port = htons(server_port);
- /* Do TCP connect with server */
- if (connect(client_skt, (struct sockaddr*) &addr, sizeof(addr)) != 0) {
- perror("Unable to TCP connect to server");
- goto exit;
- } else {
- printf("TCP connection to server successful\n");
- }
- /* Create client SSL structure using dedicated client socket */
- ssl = SSL_new(ssl_ctx);
- SSL_set_fd(ssl, client_skt);
- /* Set hostname for SNI */
- SSL_set_tlsext_host_name(ssl, rem_server_ip);
- /* Configure server hostname check */
- SSL_set1_host(ssl, rem_server_ip);
- /* Now do SSL connect with server */
- if (SSL_connect(ssl) == 1) {
- printf("SSL connection to server successful\n\n");
- /* Loop to send input from keyboard */
- while (true) {
- /* Get a line of input */
- txlen = getline(&txbuf, &txcap, stdin);
- /* Exit loop on error */
- if (txlen < 0 || txbuf == NULL) {
- break;
- }
- /* Exit loop if just a carriage return */
- if (txbuf[0] == '\n') {
- break;
- }
- /* Send it to the server */
- if ((result = SSL_write(ssl, txbuf, txlen)) <= 0) {
- printf("Server closed connection\n");
- ERR_print_errors_fp(stderr);
- break;
- }
- /* Wait for the echo */
- rxlen = SSL_read(ssl, rxbuf, rxcap);
- if (rxlen <= 0) {
- printf("Server closed connection\n");
- ERR_print_errors_fp(stderr);
- break;
- } else {
- /* Show it */
- rxbuf[rxlen] = 0;
- printf("Received: %s", rxbuf);
- }
- }
- printf("Client exiting...\n");
- } else {
- printf("SSL connection to server failed\n\n");
- ERR_print_errors_fp(stderr);
- }
- }
- exit:
- /* Close up */
- if (ssl != NULL) {
- SSL_shutdown(ssl);
- SSL_free(ssl);
- }
- SSL_CTX_free(ssl_ctx);
- if (client_skt != -1)
- close(client_skt);
- if (server_skt != -1)
- close(server_skt);
- if (txbuf != NULL && txcap > 0)
- free(txbuf);
- printf("sslecho exiting\n");
- return EXIT_SUCCESS;
- }
|