Example #1
0
inline static CYASSL* create_cyassl_object( CYASSL_CTX* cya_ctx, const Conn_t* conn )
{
    assert( cya_ctx != 0 && "CyaSSL context must not be null!" );
    assert( conn != 0 && "Conn ptr must not be null!" );

    CYASSL* xCyaSSL_Object = 0;

    xCyaSSL_Object = CyaSSL_new( cya_ctx );

    if( xCyaSSL_Object != NULL )
    {
        CyaSSL_SetIORecv( cya_ctx, myPrivateRecv );
        CyaSSL_SetIOSend( cya_ctx, myPrivateSend );

        /* Associate the created CyaSSL object with the connected socket. */
        if( CyaSSL_set_fd( xCyaSSL_Object, conn->sock_fd ) != SSL_SUCCESS )
        {
            return 0;
        }

        return xCyaSSL_Object;
    }

    return 0;
}
int Server(word16 port)
{
    char        msg[MAXSZ];
    const char  reply[]  = "I hear ya fa shizzle!\n";
    int         n, listenfd, connfd;
    CYASSL_CTX* ctx;
    CYASSL*     ssl;

    CyaSSL_Init();
    
    /* create ctx and configure certificates */
    if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL)
        err_sys("Fatal error : CyaSSL_CTX_new error");
   
    if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
        err_sys("can't load server cert file,"
                    "Please run from CyaSSL home dir");

    if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
        err_sys("can't load server key file, "
                    "Please run from CyaSSL home dir");
        
    /*sets the IO callback methods*/
    CyaSSL_SetIORecv(ctx, CbIORecv);
    CyaSSL_SetIOSend(ctx, CbIOSend);

    tcp_accept(&listenfd, &connfd, NULL, port, 1, 0);
        
    if (connfd < 0) {
        err_sys("Fatal error : accept error");
    }
    else {
        /* create CYASSL object and respond */
        if ((ssl = CyaSSL_new(ctx)) == NULL)
            err_sys("Fatal error : CyaSSL_new error");
  
        CyaSSL_set_fd(ssl, connfd);

	    memset(msg, 0, MAXSZ);
	    n = CyaSSL_read(ssl, msg, MAXSZ - 1);
	    if (n > 0) {
	        msg[n] = '\0';
	        printf("Client sent : %s\n", msg);
	        if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
	            err_sys("Fatal error : respond: write error");
	    }

	    if (n < 0)
	        err_sys("Fatal error :respond: read error");
            
        /* closes the connections after responding */
        CyaSSL_shutdown(ssl);
        CyaSSL_free(ssl);
        if (close(listenfd) == -1 && close(connfd) == -1)
            err_sys("Fatal error : close error");
    }
   
    /* free up memory used by CyaSSL */
    CyaSSL_CTX_free(ctx);

    return 0;
}
Example #3
0
static int _tls_session_init_client(tls_session_t *s, int sockfd,
				    const tls_init_config_t *cfg)
{
	int ret;
	SSL_METHOD *method;

#if defined(CYASSL_DTLS)
	method = DTLSv1_client_method();
#elif !defined(NO_TLS)
	method = SSLv23_client_method();
#else
	method = SSLv3_client_method();
#endif

	s->ctx = SSL_CTX_new(method);

#ifndef NO_PSK
	SSL_CTX_set_psk_client_callback(s->ctx, my_psk_client_cb);
#endif

#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
	/* don't use EDH, can't sniff tmp keys */
	SSL_CTX_set_cipher_list(s->ctx, "AES256-SHA");
#endif

	if (cfg->flags & TLS_CHECK_SERVER_CERT) {
		ASSERT(cfg->tls.client.ca_cert_size != 0);
		/* Load server certificates  from buffer */
		tls_d("Loading CA certificate file. Size: %d",
		      cfg->tls.client.ca_cert_size);
		ret = CyaSSL_CTX_load_verify_buffer(s->ctx,
						    cfg->tls.client.ca_cert,
						    cfg->tls.client.
						    ca_cert_size,
						    SSL_FILETYPE_PEM);
		if (ret != SSL_SUCCESS) {
			tls_e("Unable to load CA certificate");
			SSL_CTX_free(s->ctx);
			return -WM_FAIL;
		}
	} else {
		tls_d("Disabling certificate check");
		SSL_CTX_set_verify(s->ctx, SSL_VERIFY_NONE, 0);
	}

	if (cfg->flags & TLS_USE_CLIENT_CERT) {

		/* The server wants to verify our certificates */
		ASSERT(cfg->tls.client.client_cert_size != 0);
		ASSERT(cfg->tls.client.client_key_size != 0);

		/* Load client certificates and client private keys from
		   buffer */
		tls_d("Loading client certificate buffer. Size: %d",
		      cfg->tls.client.client_cert_size);
		ret = CyaSSL_CTX_use_certificate_buffer(s->ctx,
							cfg->tls.client.
							client_cert,
							cfg->tls.client.
							client_cert_size,
							SSL_FILETYPE_PEM);
		if (ret != SSL_SUCCESS) {
			tls_e("Unable to load client certificate");
			SSL_CTX_free(s->ctx);
			return -WM_FAIL;
		}

		tls_d("Loading client private key buffer. Size: %d",
		      cfg->tls.client.client_key_size);
		ret = CyaSSL_CTX_use_PrivateKey_buffer(s->ctx,
						       cfg->tls.client.
						       client_key,
						       cfg->tls.client.
						       client_key_size,
						       SSL_FILETYPE_PEM);
		if (ret != SSL_SUCCESS) {
			tls_e("Unable to load client key");
			SSL_CTX_free(s->ctx);
			return -WM_FAIL;
		}
	}

	s->ssl = SSL_new(s->ctx);
	SSL_set_fd(s->ssl, sockfd);

#ifdef CONFIG_WPA2_ENTP
	if (cfg->flags & TLS_WPA2_ENTP) {
		CyaSSL_SetIOSend(s->ctx, SSLSend);
		CyaSSL_SetIORecv(s->ctx, SSLReceive);
	}
#endif

#ifdef NON_BLOCKING
	tcp_set_nonblocking(&sockfd);
	NonBlockingSSL_Connect(s->ssl);
#else
#ifndef CYASSL_CALLBACKS
	tls_d("Starting SSL connect");
	/* see note at top of README */
	if (SSL_connect(s->ssl) != SSL_SUCCESS) {
#ifdef CONFIG_ENABLE_ERROR_LOGS
		int err = SSL_get_error(s->ssl, 0);
		char buffer[80];
		tls_e("err = %d, %s", err, ERR_error_string(err, buffer));
		/* if you're getting an error here  */
		tls_e("SSL_connect failed");
#endif /* CONFIG_ENABLE_ERROR_LOGS */
		SSL_free(s->ssl);
		SSL_CTX_free(s->ctx);
		return -WM_FAIL;
	}
#else
	timeout.tv_sec = 2;
	timeout.tv_usec = 0;
	NonBlockingSSL_Connect(s->ssl);	/* will keep retrying on timeout */
#endif
#endif
	showPeer(s->ssl);

	s->session_setup_done = true;

	tls_d("SSL Connect success");

#ifdef CONFIG_WPA2_ENTP
	if (cfg->flags & TLS_WPA2_ENTP)
		return tls_session_success(s);
#endif

	return WM_SUCCESS;
}
Example #4
0
int SSL_send_and_recv(char *send_buf, char *recv_buf)
{
  SSL* ssl;
  SSL_CTX* ctx;
  int ret = 0, read_size = 0;
  int i = 0;

  struct sockaddr_in addr;
  struct hostent *host = 0;

  //名前解決
  if((host = gethostbyname("api.twitter.com")) == NULL) {
    printf("ドメイン解決に失敗しました。\n");
    return -1;
  }
  printf("DNS OK.\n");

  //ポート番号などの設定
  memset(&addr, 0, sizeof(addr));
  addr.sin_family = AF_INET;
  addr.sin_addr.s_addr = *((unsigned long *)host->h_addr_list[0]);
  addr.sin_port = htons(443);

  sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

  //接続の確立
  if(connect(sock, (struct sockaddr*)&addr, sizeof(addr)) == -1) {
    printf("接続できませんでした。\n");
    return -1;
  }

  //SSL接続の準備
  SSL_load_error_strings();
  SSL_library_init();
  
  ctx = SSL_CTX_new(SSLv3_client_method());
  if(ctx == 0) {
    return -2;
  }

  CyaSSL_SetIORecv(ctx, recvf);
  CyaSSL_SetIOSend(ctx, sendf);
  printf("step:10\n");
  
  SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

  ssl = NULL;
  ssl = SSL_new(ctx);
  if(ssl == NULL) {
    return -3;
  }
  
  ret = SSL_set_fd(ssl, sock);
  if(ret == 0) {
    return -4;
  }

  //SSLセッション
  ret = SSL_connect(ssl);

  if(ret != 1) {
    return -5;
  }

  //リクエストの送信
  if(SSL_write(ssl, (void *)send_buf, strlen((void *)send_buf)) == -1) {
    return -6;
  }

  //レスポンス取得
  for(i=0; i<BUF_SIZE; i++) recv_buf[i] = 0;
  while((read_size = SSL_read(ssl, recv_buf, BUF_SIZE-1)) > 0) {
    fwrite(recv_buf, read_size, 1, stdout);
  }

  //SSLクローズ
  ret = SSL_shutdown(ssl);
  if(ret != 0) {
    return -7;
  }

  //close(*sck);
  close(sock);

  return 0;
}
Example #5
0
int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct capwap_dtls_param* param) {
	ASSERT(dtlscontext != NULL);
	ASSERT(param != NULL);

	memset(dtlscontext, 0, sizeof(struct capwap_dtls_context));
	dtlscontext->type = param->type;
	dtlscontext->mode = param->mode;

	/* Alloc context */
	dtlscontext->sslcontext = (void*)CyaSSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? CyaDTLSv1_server_method() : CyaDTLSv1_client_method()));
	if (!dtlscontext->sslcontext) {
		capwap_logging_debug("Error to initialize dtls context");
		return 0;
	}

	/* Set context IO */
	CyaSSL_SetIORecv((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_recv);
	CyaSSL_SetIOSend((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_send);
	CyaSSL_CTX_SetGenCookie((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_createcookie);

	/* */
	if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) {
		/* Check context */
		if (!param->cert.filecert || !strlen(param->cert.filecert)) {
			capwap_logging_debug("Error, request certificate file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		} else if (!param->cert.filekey || !strlen(param->cert.filekey)) {
			capwap_logging_debug("Error, request privatekey file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		} else if (!param->cert.fileca || !strlen(param->cert.fileca)) {
			capwap_logging_debug("Error, request ca file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* Public certificate */
		if (!CyaSSL_CTX_use_certificate_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) {
			capwap_logging_debug("Error to load certificate file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* Private key */
		if (!CyaSSL_CTX_use_PrivateKey_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) {
			capwap_logging_debug("Error to load private key file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		if (!CyaSSL_CTX_check_private_key((CYASSL_CTX*)dtlscontext->sslcontext)) {
			capwap_logging_debug("Error to check private key");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* Certificate Authority */
		if (!CyaSSL_CTX_load_verify_locations((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) {
			capwap_logging_debug("Error to load ca file");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* Verify certificate callback */
		CyaSSL_CTX_set_verify((CYASSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), capwap_crypt_verifycertificate);

		/* 	Cipher list: 
				TLS_RSA_WITH_AES_128_CBC_SHA
				TLS_DHE_RSA_WITH_AES_128_CBC_SHA
				TLS_RSA_WITH_AES_256_CBC_SHA
				TLS_DHE_RSA_WITH_AES_256_CBC_SHA
		*/
		if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) {
			capwap_logging_debug("Error to select cipher list");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}
	} else if (dtlscontext->mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) {
		/* 	Cipher list: 
				TLS_PSK_WITH_AES_128_CBC_SHA
				TLS_DHE_PSK_WITH_AES_128_CBC_SHA
				TLS_PSK_WITH_AES_256_CBC_SHA
				TLS_DHE_PSK_WITH_AES_256_CBC_SHA
		*/
		if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA")) {
			capwap_logging_debug("Error to select cipher list");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* */
		if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
			if (param->presharedkey.hint) {
				CyaSSL_CTX_use_psk_identity_hint((CYASSL_CTX*)dtlscontext->sslcontext, param->presharedkey.hint);
			} else {
				capwap_logging_debug("Error to presharedkey hint");
				capwap_crypt_freecontext(dtlscontext);
				return 0;
			}
		}

		/* */
		dtlscontext->presharedkey.identity = capwap_duplicate_string(param->presharedkey.identity);
		dtlscontext->presharedkey.pskkeylength = capwap_crypt_psk_to_bin(param->presharedkey.pskkey, &dtlscontext->presharedkey.pskkey);
		if (!dtlscontext->presharedkey.pskkeylength) {
			capwap_logging_debug("Error to presharedkey");
			capwap_crypt_freecontext(dtlscontext);
			return 0;
		}

		/* */
		if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
			CyaSSL_CTX_set_psk_server_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_server);
		} else {
			CyaSSL_CTX_set_psk_client_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_client);
		}
	} else {
		capwap_logging_debug("Invalid DTLS mode");
		capwap_crypt_freecontext(dtlscontext);
		return 0;
	}

	return 1;
}