main.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351
  1. /*
  2. * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <unistd.h>
  11. #include <string.h>
  12. #include <sys/socket.h>
  13. #include <arpa/inet.h>
  14. #include <netinet/in.h>
  15. #include <openssl/ssl.h>
  16. #include <openssl/err.h>
  17. #include <signal.h>
  18. static const int server_port = 4433;
  19. typedef unsigned char bool;
  20. #define true 1
  21. #define false 0
  22. /*
  23. * This flag won't be useful until both accept/read (TCP & SSL) methods
  24. * can be called with a timeout. TBD.
  25. */
  26. static volatile bool server_running = true;
  27. int create_socket(bool isServer)
  28. {
  29. int s;
  30. int optval = 1;
  31. struct sockaddr_in addr;
  32. s = socket(AF_INET, SOCK_STREAM, 0);
  33. if (s < 0) {
  34. perror("Unable to create socket");
  35. exit(EXIT_FAILURE);
  36. }
  37. if (isServer) {
  38. addr.sin_family = AF_INET;
  39. addr.sin_port = htons(server_port);
  40. addr.sin_addr.s_addr = INADDR_ANY;
  41. /* Reuse the address; good for quick restarts */
  42. if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval))
  43. < 0) {
  44. perror("setsockopt(SO_REUSEADDR) failed");
  45. exit(EXIT_FAILURE);
  46. }
  47. if (bind(s, (struct sockaddr*) &addr, sizeof(addr)) < 0) {
  48. perror("Unable to bind");
  49. exit(EXIT_FAILURE);
  50. }
  51. if (listen(s, 1) < 0) {
  52. perror("Unable to listen");
  53. exit(EXIT_FAILURE);
  54. }
  55. }
  56. return s;
  57. }
  58. SSL_CTX* create_context(bool isServer)
  59. {
  60. const SSL_METHOD *method;
  61. SSL_CTX *ctx;
  62. if (isServer)
  63. method = TLS_server_method();
  64. else
  65. method = TLS_client_method();
  66. ctx = SSL_CTX_new(method);
  67. if (ctx == NULL) {
  68. perror("Unable to create SSL context");
  69. ERR_print_errors_fp(stderr);
  70. exit(EXIT_FAILURE);
  71. }
  72. return ctx;
  73. }
  74. void configure_server_context(SSL_CTX *ctx)
  75. {
  76. /* Set the key and cert */
  77. if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) {
  78. ERR_print_errors_fp(stderr);
  79. exit(EXIT_FAILURE);
  80. }
  81. if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0) {
  82. ERR_print_errors_fp(stderr);
  83. exit(EXIT_FAILURE);
  84. }
  85. }
  86. void configure_client_context(SSL_CTX *ctx)
  87. {
  88. /*
  89. * Configure the client to abort the handshake if certificate verification
  90. * fails
  91. */
  92. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
  93. /*
  94. * In a real application you would probably just use the default system certificate trust store and call:
  95. * SSL_CTX_set_default_verify_paths(ctx);
  96. * In this demo though we are using a self-signed certificate, so the client must trust it directly.
  97. */
  98. if (!SSL_CTX_load_verify_locations(ctx, "cert.pem", NULL)) {
  99. ERR_print_errors_fp(stderr);
  100. exit(EXIT_FAILURE);
  101. }
  102. }
  103. void usage(void)
  104. {
  105. printf("Usage: sslecho s\n");
  106. printf(" --or--\n");
  107. printf(" sslecho c ip\n");
  108. printf(" c=client, s=server, ip=dotted ip of server\n");
  109. exit(EXIT_FAILURE);
  110. }
  111. int main(int argc, char **argv)
  112. {
  113. bool isServer;
  114. int result;
  115. SSL_CTX *ssl_ctx = NULL;
  116. SSL *ssl = NULL;
  117. int server_skt = -1;
  118. int client_skt = -1;
  119. /* used by getline relying on realloc, can't be statically allocated */
  120. char *txbuf = NULL;
  121. size_t txcap = 0;
  122. int txlen;
  123. char rxbuf[128];
  124. size_t rxcap = sizeof(rxbuf);
  125. int rxlen;
  126. char *rem_server_ip = NULL;
  127. struct sockaddr_in addr;
  128. unsigned int addr_len = sizeof(addr);
  129. /* ignore SIGPIPE so that server can continue running when client pipe closes abruptly */
  130. signal(SIGPIPE, SIG_IGN);
  131. /* Splash */
  132. printf("\nsslecho : Simple Echo Client/Server (OpenSSL 3.0.1-dev) : %s : %s\n\n", __DATE__,
  133. __TIME__);
  134. /* Need to know if client or server */
  135. if (argc < 2) {
  136. usage();
  137. /* NOTREACHED */
  138. }
  139. isServer = (argv[1][0] == 's') ? true : false;
  140. /* If client get remote server address (could be 127.0.0.1) */
  141. if (!isServer) {
  142. if (argc != 3) {
  143. usage();
  144. /* NOTREACHED */
  145. }
  146. rem_server_ip = argv[2];
  147. }
  148. /* Create context used by both client and server */
  149. ssl_ctx = create_context(isServer);
  150. /* If server */
  151. if (isServer) {
  152. printf("We are the server on port: %d\n\n", server_port);
  153. /* Configure server context with appropriate key files */
  154. configure_server_context(ssl_ctx);
  155. /* Create server socket; will bind with server port and listen */
  156. server_skt = create_socket(true);
  157. /*
  158. * Loop to accept clients.
  159. * Need to implement timeouts on TCP & SSL connect/read functions
  160. * before we can catch a CTRL-C and kill the server.
  161. */
  162. while (server_running) {
  163. /* Wait for TCP connection from client */
  164. client_skt = accept(server_skt, (struct sockaddr*) &addr,
  165. &addr_len);
  166. if (client_skt < 0) {
  167. perror("Unable to accept");
  168. exit(EXIT_FAILURE);
  169. }
  170. printf("Client TCP connection accepted\n");
  171. /* Create server SSL structure using newly accepted client socket */
  172. ssl = SSL_new(ssl_ctx);
  173. SSL_set_fd(ssl, client_skt);
  174. /* Wait for SSL connection from the client */
  175. if (SSL_accept(ssl) <= 0) {
  176. ERR_print_errors_fp(stderr);
  177. server_running = false;
  178. } else {
  179. printf("Client SSL connection accepted\n\n");
  180. /* Echo loop */
  181. while (true) {
  182. /* Get message from client; will fail if client closes connection */
  183. if ((rxlen = SSL_read(ssl, rxbuf, rxcap)) <= 0) {
  184. if (rxlen == 0) {
  185. printf("Client closed connection\n");
  186. } else {
  187. printf("SSL_read returned %d\n", rxlen);
  188. }
  189. ERR_print_errors_fp(stderr);
  190. break;
  191. }
  192. /* Insure null terminated input */
  193. rxbuf[rxlen] = 0;
  194. /* Look for kill switch */
  195. if (strcmp(rxbuf, "kill\n") == 0) {
  196. /* Terminate...with extreme prejudice */
  197. printf("Server received 'kill' command\n");
  198. server_running = false;
  199. break;
  200. }
  201. /* Show received message */
  202. printf("Received: %s", rxbuf);
  203. /* Echo it back */
  204. if (SSL_write(ssl, rxbuf, rxlen) <= 0) {
  205. ERR_print_errors_fp(stderr);
  206. }
  207. }
  208. }
  209. if (server_running) {
  210. /* Cleanup for next client */
  211. SSL_shutdown(ssl);
  212. SSL_free(ssl);
  213. close(client_skt);
  214. }
  215. }
  216. printf("Server exiting...\n");
  217. }
  218. /* Else client */
  219. else {
  220. printf("We are the client\n\n");
  221. /* Configure client context so we verify the server correctly */
  222. configure_client_context(ssl_ctx);
  223. /* Create "bare" socket */
  224. client_skt = create_socket(false);
  225. /* Set up connect address */
  226. addr.sin_family = AF_INET;
  227. inet_pton(AF_INET, rem_server_ip, &addr.sin_addr.s_addr);
  228. addr.sin_port = htons(server_port);
  229. /* Do TCP connect with server */
  230. if (connect(client_skt, (struct sockaddr*) &addr, sizeof(addr)) != 0) {
  231. perror("Unable to TCP connect to server");
  232. goto exit;
  233. } else {
  234. printf("TCP connection to server successful\n");
  235. }
  236. /* Create client SSL structure using dedicated client socket */
  237. ssl = SSL_new(ssl_ctx);
  238. SSL_set_fd(ssl, client_skt);
  239. /* Set hostname for SNI */
  240. SSL_set_tlsext_host_name(ssl, rem_server_ip);
  241. /* Configure server hostname check */
  242. SSL_set1_host(ssl, rem_server_ip);
  243. /* Now do SSL connect with server */
  244. if (SSL_connect(ssl) == 1) {
  245. printf("SSL connection to server successful\n\n");
  246. /* Loop to send input from keyboard */
  247. while (true) {
  248. /* Get a line of input */
  249. txlen = getline(&txbuf, &txcap, stdin);
  250. /* Exit loop on error */
  251. if (txlen < 0 || txbuf == NULL) {
  252. break;
  253. }
  254. /* Exit loop if just a carriage return */
  255. if (txbuf[0] == '\n') {
  256. break;
  257. }
  258. /* Send it to the server */
  259. if ((result = SSL_write(ssl, txbuf, txlen)) <= 0) {
  260. printf("Server closed connection\n");
  261. ERR_print_errors_fp(stderr);
  262. break;
  263. }
  264. /* Wait for the echo */
  265. rxlen = SSL_read(ssl, rxbuf, rxcap);
  266. if (rxlen <= 0) {
  267. printf("Server closed connection\n");
  268. ERR_print_errors_fp(stderr);
  269. break;
  270. } else {
  271. /* Show it */
  272. rxbuf[rxlen] = 0;
  273. printf("Received: %s", rxbuf);
  274. }
  275. }
  276. printf("Client exiting...\n");
  277. } else {
  278. printf("SSL connection to server failed\n\n");
  279. ERR_print_errors_fp(stderr);
  280. }
  281. }
  282. exit:
  283. /* Close up */
  284. if (ssl != NULL) {
  285. SSL_shutdown(ssl);
  286. SSL_free(ssl);
  287. }
  288. SSL_CTX_free(ssl_ctx);
  289. if (client_skt != -1)
  290. close(client_skt);
  291. if (server_skt != -1)
  292. close(server_skt);
  293. if (txbuf != NULL && txcap > 0)
  294. free(txbuf);
  295. printf("sslecho exiting\n");
  296. return EXIT_SUCCESS;
  297. }