void kad_setup( void ) {
UCHAR node_id[SHA1_BIN_LENGTH];
int s4, s6;
s4 = -1;
s6 = -1;
/* Let the DHT output debug text */
if( gconf->verbosity == VERBOSITY_DEBUG ) {
dht_debug = stdout;
}
bytes_from_hex( node_id, gconf->node_id_str, strlen( gconf->node_id_str ) );
dht_lock_init();
if( gconf->af == AF_INET ) {
s4 = net_bind( "KAD", DHT_ADDR4, gconf->dht_port, gconf->dht_ifname, IPPROTO_UDP, AF_INET );
net_add_handler( s4, &dht_handler );
} else {
s6 = net_bind( "KAD", DHT_ADDR6, gconf->dht_port, gconf->dht_ifname, IPPROTO_UDP, AF_INET6 );
net_add_handler( s6, &dht_handler );
}
/* Init the DHT. Also set the sockets into non-blocking mode. */
if( dht_init( s4, s6, node_id, (UCHAR*) "KN\0\0") < 0 ) {
log_err( "KAD: Failed to initialize the DHT." );
}
}
void kad_setup( void ) {
int s4, s6;
s4 = -1;
s6 = -1;
/* Let the DHT output debug text */
if( gconf->verbosity == VERBOSITY_DEBUG ) {
dht_debug = stdout;
}
dht_lock_init();
if( gconf->af == AF_INET ) {
s4 = net_bind( "DHT", DHT_ADDR4, gconf->dht_port, gconf->dht_ifce, IPPROTO_UDP, AF_INET );
net_add_handler( s4, &dht_handler );
} else {
s6 = net_bind( "DHT", DHT_ADDR6, gconf->dht_port, gconf->dht_ifce, IPPROTO_UDP, AF_INET6 );
net_add_handler( s6, &dht_handler );
}
/* Init the DHT. Also set the sockets into non-blocking mode. */
if( dht_init( s4, s6, gconf->node_id, (UCHAR*) "KN\0\0") < 0 ) {
log_err( "DHT: Failed to initialize the DHT." );
}
}
int create_receive_socket( void ) {
const char *any_addr;
int sock;
any_addr = (gconf->af == AF_INET) ? "0.0.0.0" : "::";
sock = net_bind( "LPD", any_addr, LPD_PORT, gconf->dht_ifname, IPPROTO_UDP, gconf->af );
const int opt_off = 0;
if( multicast_set_loop( sock, gconf->af, opt_off ) < 0 ) {
log_warn( "LPD: Failed to set IP_MULTICAST_LOOP: %s", strerror( errno ) );
goto fail;
}
const int opt_on = 1;
if( setsockopt( sock, SOL_SOCKET, SO_REUSEADDR, &opt_on, sizeof(opt_on) ) < 0 ) {
log_warn( "LPD: Unable to set SO_REUSEADDR: %s", strerror( errno ) );
goto fail;
}
return sock;
fail:
close( sock );
return -1;
}
s32 create_server(u16 port) {
s32 server = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
if (server < 0)
return -1;
set_blocking(server, false);
struct sockaddr_in bindAddress;
memset(&bindAddress, 0, sizeof(bindAddress));
bindAddress.sin_family = AF_INET;
bindAddress.sin_port = htons(port);
bindAddress.sin_addr.s_addr = htonl(INADDR_ANY);
s32 ret;
if ((ret = net_bind(server, (struct sockaddr *)&bindAddress, sizeof(bindAddress))) < 0) {
net_close(server);
gxprintf("Error binding socket: [%i] %s\n", -ret, strerror(-ret));
return ret;
}
if ((ret = net_listen(server, 3)) < 0) {
net_close(server);
gxprintf("Error listening on socket: [%i] %s\n", -ret, strerror(-ret));
return ret;
}
return server;
}
NSAPI_PUBLIC SYS_NETFD INTnet_create_listener_alt(const char *ipstr, int port, PRBool internal)
{
SYS_NETFD sd;
struct sockaddr_in sa_server;
if (PR_TRUE == internal)
{
// internal listen sockets are always created without SSL
sd = INTnet_socket_alt(AF_INET,SOCK_STREAM,IPPROTO_TCP);
}
else
{
// otherwise the socket may be SSL
sd = net_socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
};
if (sd == SYS_NET_ERRORFD)
{
return SYS_NET_ERRORFD;
};
ZERO((char *) &sa_server, sizeof(sa_server));
sa_server.sin_family=AF_INET;
sa_server.sin_addr.s_addr = (ipstr ? inet_addr(ipstr) : htonl(INADDR_ANY));
sa_server.sin_port=htons(port);
if(net_bind(sd, (struct sockaddr *) &sa_server,sizeof(sa_server)) < 0) {
return SYS_NET_ERRORFD;
}
net_listen(sd, net_listenqsize);
return sd;
}
void network_init()
{
struct sockaddr_in my_name;
my_name.sin_family = AF_INET;
my_name.sin_port = htons(SERVER_PORT);
my_name.sin_addr.s_addr = htonl(INADDR_ANY);
net_init();
server_socket = net_socket(AF_INET, SOCK_STREAM, 0);
int yes = 1;
net_setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
while(net_bind(server_socket, (struct sockaddr*)&my_name, sizeof(my_name)) < 0)
{
}
net_listen(server_socket, 0);
struct sockaddr_in client_info;
socklen_t ssize = sizeof(client_info);
client_socket = net_accept(server_socket, (struct sockaddr*)&client_info, &ssize);
network_printf("Hello world!\n");
}
int
main (void)
{
int fd;
fd = net_bind ();
if (fd < 0)
{
perror ("bind");
return 1;
}
graphics_initialise ();
graphics_mode(1);
while (netphysics_read_packet (fd))
{
SDL_Event event;
if (SDL_PollEvent(&event) &&
(event.type == SDL_QUIT || (event.type == SDL_KEYDOWN &&
event.key.keysym.sym == SDLK_ESCAPE)))
return 0;
graphics_render (0, 0);
}
return 0;
}
/****************************************************************************
* NetworkWait
***************************************************************************/
int NetworkWait() {
if (!checkincomming)
return -3;
struct sockaddr_in sin;
struct sockaddr_in client_address;
socklen_t addrlen = sizeof(client_address);
//Open socket
socket = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
if (socket == INVALID_SOCKET) {
return socket;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(PORT);
sin.sin_addr.s_addr = htonl(INADDR_ANY);
if (net_bind(socket, (struct sockaddr*)&sin, sizeof(sin)) < 0) {
net_close(socket);
return -1;
}
if (net_listen(socket, 3) < 0) {
net_close(socket);
return -1;
}
connection = net_accept(socket, (struct sockaddr*)&client_address, &addrlen);
sprintf(incommingIP, "%s", inet_ntoa(client_address.sin_addr));
if (connection < 0) {
net_close(connection);
net_close(socket);
return -4;
} else {
unsigned char haxx[9];
//skip haxx
net_read(connection, &haxx, 8);
wiiloadVersion[0] = haxx[4];
wiiloadVersion[1] = haxx[5];
net_read(connection, &infilesize, 4);
if (haxx[4] > 0 || haxx[5] > 4) {
net_read(connection, &uncfilesize, 4); // Compressed protocol, read another 4 bytes
}
waitforanswer = true;
checkincomming = false;
networkHalt = true;
}
return 1;
}
void web_setup( void ) {
int sock;
if( str_isZero( gconf->web_port ) ) {
return;
}
sock = net_bind( "WEB", "localhost", gconf->web_port, NULL, IPPROTO_TCP, AF_UNSPEC );
net_add_handler( sock, &web_handler );
}
static int sock_autobind(struct socket *s)
{
static struct sockaddrs sa;
sa.addr = INADDR_ANY;
do {
sa.port = ntohs(nextauto++);
} while(sock_find(s->s_type, SADDR_SRC, &sa));
memcpy(&s->s_addr[SADDR_SRC], &sa, sizeof(sa));
return net_bind(s);
}
void cos_init(void *arg)
{
int c, accept_fd, ret;
long eid;
cvect_init_static(&evts);
cvect_init_static(&tor_from);
cvect_init_static(&tor_to);
eid = evt_get();
c = net_create_tcp_connection(cos_spd_id(), cos_get_thd_id(), eid);
if (c < 0) BUG();
ret = net_bind(cos_spd_id(), c, 0, 200);
if (ret < 0) BUG();
ret = net_listen(cos_spd_id(), c, 255);
if (ret < 0) BUG();
accept_fd = c;
evt_add(c, eid);
while (1) {
struct tor_conn tc;
int t;
long evt;
memset(&tc, 0, sizeof(struct tor_conn));
printc("waiting...\n");
evt = evt_grp_wait(cos_spd_id());
t = evt_torrent(evt);
if (t > 0) {
tc.feid = evt;
tc.from = t;
if (t == accept_fd) {
tc.to = 0;
printc("accepting event.\n");
accept_new(accept_fd);
} else {
tc.to = tor_get_to(t);
assert(tc.to > 0);
printc("data from net.\n");
from_data_new(&tc);
}
} else {
t *= -1;
tc.teid = evt;
tc.to = t;
tc.from = tor_get_from(t);
assert(tc.from > 0);
printc("data from torrent.\n");
to_data_new(&tc);
}
cos_mpd_update();
}
}
int create_receive_socket( void ) {
int sock_recv;
sock_recv = net_bind( "LPD", gconf->lpd_addr, DHT_PORT_MCAST, gconf->dht_ifce, IPPROTO_UDP, gconf->af );
/* We don't want to receive our own packets */
if( multicast_set_loop( sock_recv, gconf->af, 0 ) < 0 ) {
close( sock_recv );
log_warn( "LPD: Failed to set IP_MULTICAST_LOOP: %s", strerror( errno ) );
return -1;
}
return sock_recv;
}
int WaitForConnection(int& server_socket)
{
int addrlen;
struct sockaddr_in my_name, peer_name;
int status;
server_socket = net_socket(AF_INET, SOCK_STREAM, 0);
if (server_socket == -1)
{
printf("Failed to create server socket\n");
}
int yes = 1;
net_setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int));
memset(&my_name, 0, sizeof(my_name));
my_name.sin_family = AF_INET;
my_name.sin_port = htons(DFF_CONN_PORT);
my_name.sin_addr.s_addr = htonl(INADDR_ANY);
status = net_bind(server_socket, (struct sockaddr*)&my_name, sizeof(my_name));
if (status == -1)
{
printf("Failed to bind server socket\n");
}
status = net_listen(server_socket, 5); // TODO: Change second parameter..
if (status == -1)
{
printf("Failed to listen on server socket\n");
}
printf("Listening now!\n");
int client_socket = -1;
struct sockaddr_in client_info;
socklen_t ssize = sizeof(client_info);
int new_socket = net_accept(server_socket, (struct sockaddr*)&client_info, &ssize);
if (new_socket < 0)
{
printf("accept failed!\n");
}
else
{
client_socket = new_socket;
printf("accept succeeded and returned %d\n", client_socket);
}
return client_socket;
}
static int
modify_connection(spdid_t spdid, net_connection_t nc, char *ops, int len)
{
struct intern_connection *ic;
char *prop;
int ret = -EINVAL;
prop = strstr(ops, "bind");
if (prop) {
u32_t ip;
u32_t port;
int r;
NET_LOCK_TAKE();
ic = net_conn_get_internal(nc);
//ic = net_verify_tcp_connection(nc, &ret);
if (NULL == ic) goto release;
r = sscanf(prop, "bind:%x:%d", &ip, &port);
if (r != 2) goto release;
port &= 0xFFFF;
ret = net_bind(spdid, nc, ip, port);
NET_LOCK_RELEASE();
}
prop = strstr(ops, "listen");
if (prop) {
int r;
unsigned int q;
NET_LOCK_TAKE();
ic = net_conn_get_internal(nc);
//ic = net_verify_tcp_connection(nc, &ret);
if (NULL == ic) goto release;
r = sscanf(prop, "listen:%d", &q);
if (r != 1) goto release;
printc("net_listen q %d\n", q);
ret = net_listen(spdid, nc, q);
NET_LOCK_RELEASE();
}
done:
return ret;
release:
NET_LOCK_RELEASE();
goto done;
}
main()
{
int fd;
struct sockaddr_in my_addr;
void echo_serv (int);
bzero((char *) &my_addr, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_addr.s_addr = htonl (INADDR_ANY);
my_addr.sin_port = htons(SERV_TCP_PORT);
fd = net_open ("/dev/udp", O_RDWR);
fd = net_bind (fd, &my_addr, sizeof (struct sockaddr_in));
echo_serv (fd);
exit (0); /* not reached */
}
static DWORD test_do(HWND hwnd)
{
int s = net_init();
fd_set rfds;
struct timeval tv;
struct sockaddr_in to;
struct sockaddr_in from;
int start = time(NULL);
int ret = 0;
net_address(&to, config_get("Host"), config_get_int("Port"));
net_bind("0.0.0.0", 8054);
net_write_int8(CMD_TESTP2P);
net_write_int32(start);
while (time(NULL) < start + 5)
{
net_send_noflush(&to);
FD_ZERO(&rfds);
FD_SET(s, &rfds);
tv.tv_sec = 1;
tv.tv_usec = 0;
if (select(s + 1, &rfds, NULL, NULL, &tv) > -1)
{
if (FD_ISSET(s, &rfds))
{
net_recv(&from);
if (net_read_int8() == CMD_TESTP2P && net_read_int32() == start)
{
ret = 1;
break;
}
}
}
}
net_free();
PostMessage(hwnd, WM_USER + 2, ret, 0);
return 0;
}
static struct net_connection* start_listening_socket(const char* bind_addr, uint16_t port, int backlog, struct hub_info* hub)
{
struct net_connection* server;
struct sockaddr_storage addr;
socklen_t sockaddr_size;
int sd, ret;
if (ip_convert_address(bind_addr, port, (struct sockaddr*) &addr, &sockaddr_size) == -1)
{
return 0;
}
sd = net_socket_create(addr.ss_family, SOCK_STREAM, IPPROTO_TCP);
if (sd == -1)
{
return 0;
}
if ((net_set_reuseaddress(sd, 1) == -1) || (net_set_nonblocking(sd, 1) == -1))
{
net_close(sd);
return 0;
}
ret = net_bind(sd, (struct sockaddr*) &addr, sockaddr_size);
if (ret == -1)
{
LOG_ERROR("hub_start_service(): Unable to bind to TCP local address. errno=%d, str=%s", net_error(), net_error_string(net_error()));
net_close(sd);
return 0;
}
ret = net_listen(sd, backlog);
if (ret == -1)
{
LOG_ERROR("hub_start_service(): Unable to listen to socket");
net_close(sd);
return 0;
}
server = net_con_create();
net_con_initialize(server, sd, net_on_accept, hub, NET_EVENT_READ);
return server;
}
void cmd_setup( void ) {
int sock;
if( str_isZero( gconf->cmd_port ) ) {
return;
}
sock = net_bind( "CMD", "::1", gconf->cmd_port, NULL, IPPROTO_UDP, AF_INET6 );
net_add_handler( sock, &cmd_remote_handler );
if( gconf->is_daemon == 0 && gconf->cmd_disable_stdin == 0 ) {
/* Wait for other messages to be displayed */
sleep( 1 );
fprintf( stdout, "Press Enter for help.\n" );
net_add_handler( STDIN_FILENO, &cmd_console_handler );
}
}
void
NetworkConsole::Init()
{
printf("Initializing Network\n");
int Connect = net_init();
if(Connect != 0)
{
printf("Net_Init() failed.\n");
}
else
{
printf("Net_Init() successful.\n\n");
printf("Net_Socket Initializing.\n");
Data->netSocket = net_socket(AF_INET, SOCK_DGRAM, 0);
if(Data->netSocket == INVALID_SOCKET)
{
printf("Net_Socket Initialization failed.\n");
}
else
{
printf("Net_Socket Initialized.\n\n");
printf("Establishing server on port %d.\n",MULTICAST_PORT);
Data->sin.sin_port=htons(MULTICAST_PORT);
Data->sin.sin_addr.s_addr=inet_addr(MULTICAST_GROUP);//replace with multicast destination
Data->sin.sin_family=AF_INET;
if(net_bind(Data->netSocket,(sockaddr*)&(Data->sin), sizeof(Data->sin)) == SOCKET_ERROR)
{
printf("Failed to bind.\n");
}
else
{
printf("Server established!\n");
if(net_connect(Data->netSocket,(sockaddr*)&(Data->sin), sizeof(Data->sin))==-1)
{
printf("net_connect Error\n");
}
}
}
}
}
static s32 helper_setup_socket( u16 port)
{
s32 sock;
int ret;
//u32 clientlen;
struct sockaddr_in server;
struct sockaddr_in client;
//clientlen = sizeof(client);
sock = net_socket (AF_INET, SOCK_STREAM, IPPROTO_IP);
if (sock == INVALID_SOCKET) {
printf( "setup():INVALID_SOCKET\n");
return -1;
}
memset (&server, 0, sizeof (server));
memset (&client, 0, sizeof (client));
server.sin_family = AF_INET;
server.sin_port = htons (port);
server.sin_addr.s_addr = INADDR_ANY;
ret = net_bind (sock, (struct sockaddr *) &server, sizeof (server));
if ( ret ) {
printf( "net_bind():INVALID_SOCKET\n");
net_close( sock);
return -1;
}
if ( (ret = net_listen( sock, 1)) ) {
printf( "net_listen():INVALID_SOCKET\n");
net_close( sock);
return -1;
}
#if 0
ret = setNonblocking(sock);
printf( "setNonblocking(%d) returns=%d.\n", sock, ret);
#endif
return sock;
}
arg_t _bind(void)
{
struct socket *s = sock_get(fd, NULL);
struct sockaddr_in sin;
if (s == NULL)
return -1;
if (s->s_state != SS_UNCONNECTED)
return -1;
if (sa_getlocal(uaddr, &sin) == -1)
return -1;
if (sock_find_local(sin.sin_addr.s_addr, sin.sin_port)) {
udata.u_error = EADDRINUSE;
return -1;
}
s->s_addr[SADDR_SRC].addr = sin.sin_addr.s_addr;
s->s_addr[SADDR_SRC].port = sin.sin_port;
return net_bind(s);
}
TCPSTREAM *tcp_open (char *host,char *service,unsigned long port)
{
TCPSTREAM *stream = NIL;
unsigned long sock;
int status;
char tmp[MAILTMPLEN];
/* hostname to connect to */
struct dsc$descriptor HostDesc = { 0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL };
port &= 0xffff; /* erase flags */
/* assign a local socket */
if (!((status = net_assign (&sock)) & 0x1)) {
sprintf (tmp,"Unable to assign to net, status=%d",status);
mm_log (tmp,ERROR);
return NIL;
}
if (!((status = net_bind (&sock,1)) & 0x1)) {
sprintf (tmp,"Unable to create local socket, status=%d",status);
mm_log (tmp,ERROR);
return NIL;
}
/* open connection */
HostDesc.dsc$w_length = strlen (host);
HostDesc.dsc$a_pointer = host;
if (!((status = tcp_connect (&sock,&HostDesc,port)) & 0x1)) {
sprintf (tmp,"Can't connect to %.80s,%lu: %s",host,port,strerror (errno));
mm_log (tmp,ERROR);
return NIL;
}
/* create TCP/IP stream */
stream = (TCPSTREAM *) fs_get (sizeof (TCPSTREAM));
stream->host = cpystr (host); /* copy official host name */
/* copy local host name */
stream->localhost = cpystr (mylocalhost ());
stream->port = port; /* copy port number */
/* init sockets */
stream->tcpsi = stream->tcpso = sock;
stream->ictr = 0; /* init input counter */
return stream; /* return success */
}
int main()
{
IRCD *ircd = malloc(sizeof(IRCD));
ircd->numusers = 0;
ircd->numchans = 0;
ircd->exiting = 0;
ircd->socks.ircd = get_socket(CLIENT_CONNECT_PORT, 0);
net_bind(ircd->socks.ircd);
net_listen(ircd->socks.ircd);
/*
strcpy(ircd->users[0].nick, "test");
ircd->channels[0].users[0] = ircd->users[0];
printf("Nick of first user in channel: %s; user's nick: %s\n", ircd->channels[0].users[0].nick, ircd->users[0].nick);
*/
/* START: Reuse port
* This bit of code lets you reuse the port (http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html#bind)
*/
int yes=1;
//char yes='1'; // Solaris people use this
// lose the pesky "Address already in use" error message
if (setsockopt(ircd->socks.ircd.fd,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(int)) == -1) {
perror("setsockopt");
exit(1);
}
/* END: Reuse port */
while(1){
check_for_clients(ircd);
recv_from_clients(ircd);
}
pthread_exit(NULL);
}
/**
* \brief Create a listening socket on bind_ip:port.
* If bind_ip == NULL, all interfaces are binded.
*
* \param fd Socket to use
* \param bind_ip IP to bind to, can be NULL
* \param port Port number to use
*
* \return 0 if successful, or one of:
* POLARSSL_ERR_NET_SOCKET_FAILED,
* POLARSSL_ERR_NET_BIND_FAILED,
* POLARSSL_ERR_NET_LISTEN_FAILED
*/
int net_bind_proxy( int *fd, const char *bind_ip, int port )
{
mute();
int ret = net_bind(fd, bind_ip, port);
unmute();
SymN("socket", 0);
Nondet();
assume_intype("bitstring");
size_t len = sizeof(*fd);
assume_len(&len, false, sizeof(len));
store_buf(fd);
load_buf(bind_ip, strlen_proxy(bind_ip), "");
output();
load_buf(&port, sizeof(port), "");
output();
// Let the attacker decide what this function returns.
input("net_bind_result", sizeof(ret));
store_buf(&ret);
return ret;
}
main()
{
int fd;
struct sockaddr_in my_addr;
struct sockaddr_in serv_addr;
char buf[128];
void echo_driver(int, struct sockaddr_in *);
if ((fd = net_open ("/dev/udp", O_RDWR)) < 0)
{
fprintf (stderr, "open failed.\n");
exit (-1);
}
/*
* bind any address to us.
*/
bzero((char *) &my_addr, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_addr.s_addr = htonl (INADDR_ANY);
my_addr.sin_port = htons(0);
fd = net_bind (fd, &my_addr, sizeof (struct sockaddr_in));
/*
* set up server's address
*/
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = inet_addr (SERV_HOST_ADDR);
serv_addr.sin_port = htons(SERV_TCP_PORT);
echo_driver (fd, &serv_addr);
close (fd);
exit (0);
}
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags;
int listen_fd;
int client_fd = -1;
unsigned char buf[1024];
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[256];
size_t psk_len = 0;
#endif
const char *pers = "ssl_server2";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt cacert;
x509_crt srvcert;
pk_context pkey;
x509_crt srvcert2;
pk_context pkey2;
int key_cert_init = 0, key_cert_init2 = 0;
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[100000];
#endif
int i;
char *p, *q;
const int *list;
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
/*
* Make sure memory references are valid in case we exit early.
*/
listen_fd = 0;
memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_init( &cacert );
x509_crt_init( &srvcert );
pk_init( &pkey );
x509_crt_init( &srvcert2 );
pk_init( &pkey2 );
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#endif
if( argc == 0 )
{
usage:
if( ret == 0 )
ret = 1;
printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
printf("\n");
goto exit;
}
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.ca_file = DFL_CA_FILE;
opt.ca_path = DFL_CA_PATH;
opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE;
opt.crt_file2 = DFL_CRT_FILE2;
opt.key_file2 = DFL_KEY_FILE2;
opt.psk = DFL_PSK;
opt.psk_identity = DFL_PSK_IDENTITY;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS;
for( i = 1; i < argc; i++ )
{
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
*q++ = '\0';
if( strcmp( p, "server_port" ) == 0 )
{
opt.server_port = atoi( q );
if( opt.server_port < 1 || opt.server_port > 65535 )
goto usage;
}
else if( strcmp( p, "server_addr" ) == 0 )
opt.server_addr = q;
else if( strcmp( p, "debug_level" ) == 0 )
{
opt.debug_level = atoi( q );
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "ca_file" ) == 0 )
opt.ca_file = q;
else if( strcmp( p, "ca_path" ) == 0 )
opt.ca_path = q;
else if( strcmp( p, "crt_file" ) == 0 )
opt.crt_file = q;
else if( strcmp( p, "key_file" ) == 0 )
opt.key_file = q;
else if( strcmp( p, "crt_file2" ) == 0 )
opt.crt_file2 = q;
else if( strcmp( p, "key_file2" ) == 0 )
opt.key_file2 = q;
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
opt.psk_identity = q;
else if( strcmp( p, "force_ciphersuite" ) == 0 )
{
opt.force_ciphersuite[0] = -1;
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
if( opt.force_ciphersuite[0] <= 0 )
{
ret = 2;
goto usage;
}
opt.force_ciphersuite[1] = 0;
}
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
opt.allow_legacy = atoi( q );
if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
goto usage;
}
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.min_version = SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
opt.min_version = SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 )
opt.min_version = SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 )
opt.min_version = SSL_MINOR_VERSION_3;
else
goto usage;
}
else if( strcmp( p, "max_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.max_version = SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
opt.max_version = SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 )
opt.max_version = SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 )
opt.max_version = SSL_MINOR_VERSION_3;
else
goto usage;
}
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
{
opt.min_version = SSL_MINOR_VERSION_0;
opt.max_version = SSL_MINOR_VERSION_0;
}
else if( strcmp( q, "tls1" ) == 0 )
{
opt.min_version = SSL_MINOR_VERSION_1;
opt.max_version = SSL_MINOR_VERSION_1;
}
else if( strcmp( q, "tls1_1" ) == 0 )
{
opt.min_version = SSL_MINOR_VERSION_2;
opt.max_version = SSL_MINOR_VERSION_2;
}
else if( strcmp( q, "tls1_2" ) == 0 )
{
opt.min_version = SSL_MINOR_VERSION_3;
opt.max_version = SSL_MINOR_VERSION_3;
}
else
goto usage;
}
else if( strcmp( p, "auth_mode" ) == 0 )
{
if( strcmp( q, "none" ) == 0 )
opt.auth_mode = SSL_VERIFY_NONE;
else if( strcmp( q, "optional" ) == 0 )
opt.auth_mode = SSL_VERIFY_OPTIONAL;
else if( strcmp( q, "required" ) == 0 )
opt.auth_mode = SSL_VERIFY_REQUIRED;
else
goto usage;
}
else if( strcmp( p, "max_frag_len" ) == 0 )
{
if( strcmp( q, "512" ) == 0 )
opt.mfl_code = SSL_MAX_FRAG_LEN_512;
else if( strcmp( q, "1024" ) == 0 )
opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
else if( strcmp( q, "2048" ) == 0 )
opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
else if( strcmp( q, "4096" ) == 0 )
opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
else
goto usage;
}
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
if( opt.tickets < 0 || opt.tickets > 1 )
goto usage;
}
else
goto usage;
}
if( opt.force_ciphersuite[0] > 0 )
{
const ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.max_version > ciphersuite_info->max_minor_ver )
opt.max_version = ciphersuite_info->max_minor_ver;
if( opt.min_version < ciphersuite_info->min_minor_ver )
opt.min_version = ciphersuite_info->min_minor_ver;
}
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key if any is given
*/
if( strlen( opt.psk ) )
{
unsigned char c;
size_t j;
if( strlen( opt.psk ) % 2 != 0 )
{
printf("pre-shared key not valid hex\n");
goto exit;
}
psk_len = strlen( opt.psk ) / 2;
for( j = 0; j < strlen( opt.psk ); j += 2 )
{
c = opt.psk[j];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
{
printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] = c << 4;
c = opt.psk[j + 1];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
{
printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] |= c;
}
}
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
/*
* 0. Initialize the RNG and the session data
*/
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
goto exit;
}
printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 1.1. Load the trusted CA
*/
printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
if( strlen( opt.ca_path ) )
ret = x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
ret = x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
strlen( test_ca_list ) );
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*/
printf( " . Loading the server cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
{
key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( strlen( opt.key_file ) )
{
key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
if( key_cert_init == 1 )
{
printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
goto exit;
}
if( strlen( opt.crt_file2 ) )
{
key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( strlen( opt.key_file2 ) )
{
key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( key_cert_init2 == 1 )
{
printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
goto exit;
}
#endif
if( key_cert_init == 0 && key_cert_init2 == 0 )
{
#if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit;
#else
#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert,
(const unsigned char *) test_srv_crt_rsa,
strlen( test_srv_crt_rsa ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey,
(const unsigned char *) test_srv_key_rsa,
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init = 2;
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2,
(const unsigned char *) test_srv_crt_ec,
strlen( test_srv_crt_ec ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey2,
(const unsigned char *) test_srv_key_ec,
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init2 = 2;
#endif /* POLARSSL_ECDSA_C */
#endif /* POLARSSL_CERTS_C */
}
printf( " ok\n" );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
/*
* 3. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ssl_set_max_frag_len( &ssl, opt.mfl_code );
#endif
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets );
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
#if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
if( key_cert_init )
ssl_set_own_cert( &ssl, &srvcert, &pkey );
if( key_cert_init2 )
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) );
#endif
#if defined(POLARSSL_DHM_C)
/*
* Use different group than default DHM group
*/
ssl_set_dh_param( &ssl, POLARSSL_DHM_RFC5114_MODP_2048_P,
POLARSSL_DHM_RFC5114_MODP_2048_G );
#endif
if( opt.min_version != -1 )
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
if( opt.max_version != -1 )
ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( client_fd != -1 )
net_close( client_fd );
ssl_session_reset( &ssl );
/*
* 3. Wait until a client connects
*/
client_fd = -1;
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
goto exit;
}
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
printf( " ok\n" );
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto reset;
}
}
printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
printf( " failed\n" );
if( !ssl_get_peer_cert( &ssl ) )
printf( " ! no client certificate sent\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! client certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! client certificate has been revoked\n" );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
}
else
printf( " ok\n" );
if( ssl_get_peer_cert( &ssl ) )
{
printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned -0x%x\n", -ret );
break;
}
break;
}
len = ret;
printf( " %d bytes read\n\n%s\n", len, (char *) buf );
if( memcmp( buf, "SERVERQUIT", 10 ) == 0 )
{
ret = 0;
goto exit;
}
if( ret > 0 )
break;
}
while( 1 );
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
}
buf[written] = '\0';
printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
#ifdef TEST_RENEGO
/*
* Request renegotiation (this must be done when the client is still
* waiting for input from our side).
*/
printf( " . Requestion renegotiation..." );
fflush( stdout );
while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
goto exit;
}
}
/*
* Should be a while loop, not an if, but here we're not actually
* expecting data from the client, and since we're running tests locally,
* we can just hope the handshake will finish the during the first call.
*/
if( ( ret = ssl_read( &ssl, buf, 0 ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_read returned %d\n\n", ret );
/* Unexpected message probably means client didn't renegotiate */
if( ret == POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE )
goto reset;
else
goto exit;
}
}
printf( " ok\n" );
#endif
ret = 0;
goto reset;
exit:
#ifdef POLARSSL_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
}
#endif
net_close( client_fd );
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_free( &cacert );
x509_crt_free( &srvcert );
pk_free( &pkey );
x509_crt_free( &srvcert2 );
pk_free( &pkey2 );
#endif
ssl_free( &ssl );
entropy_free( &entropy );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
#if defined(POLARSSL_MEMORY_DEBUG)
memory_buffer_alloc_status();
#endif
memory_buffer_alloc_free();
#endif
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
// Shell can not handle large exit numbers -> 1 for errors
if( ret < 0 )
ret = 1;
return( ret );
}
void receiver(char *key, int key_len, char *message)
/*@ requires [_]public_invar(hmac_pub) &*&
principal(?receiver, _) &*&
[?f1]cryptogram(key, key_len, ?key_cs, ?key_cg) &*&
key_cg == cg_symmetric_key(?sender, ?id) &*&
receiver == shared_with(sender, id) &*&
chars(message, MESSAGE_SIZE, _); @*/
/*@ ensures principal(receiver, _) &*&
[f1]cryptogram(key, key_len, key_cs, key_cg) &*&
chars(message, MESSAGE_SIZE, ?msg_cs) &*&
col || bad(sender) || bad(receiver) ||
send(sender, receiver, msg_cs); @*/
{
//@ open principal(receiver, _);
int socket1;
int socket2;
if(net_bind(&socket1, NULL, SERVER_PORT) != 0)
abort();
if(net_accept(socket1, &socket2, NULL) != 0)
abort();
if(net_set_block(socket2) != 0)
abort();
{
int size;
char buffer[MAX_MESSAGE_SIZE];
char hmac[64];
size = net_recv(&socket2, buffer, MAX_MESSAGE_SIZE);
int expected_size = MESSAGE_SIZE + 64;
if (size != expected_size) abort();
//@ chars_split(buffer, expected_size);
//@ assert chars(buffer, MESSAGE_SIZE, ?msg_cs);
/*@ close hide_chars((void*) buffer + expected_size,
MAX_MESSAGE_SIZE - expected_size, _); @*/
//Verify the hmac
//@ chars_to_crypto_chars(buffer, MESSAGE_SIZE);
sha512_hmac(key, (unsigned int) key_len, buffer,
(unsigned int) MESSAGE_SIZE, hmac, 0);
memcpy(message, (void*) buffer , MESSAGE_SIZE);
//@ open cryptogram(hmac, 64, ?hmac_cs, ?hmac_cg);
//@ close memcmp_secret(hmac, 64, hmac_cs, hmac_cg);
//@ assert hmac_cg == cg_hmac(sender, id, msg_cs);
//@ assert chars((void*) buffer + MESSAGE_SIZE, 64, ?hmac_cs2);
//@ public_chars((void*) buffer + MESSAGE_SIZE, 64);
//@ chars_to_crypto_chars((void*) buffer + MESSAGE_SIZE, 64);
if (memcmp((void*) buffer + MESSAGE_SIZE, hmac, 64) != 0) abort();
//@ crypto_chars_join(buffer);
//@ crypto_chars_to_chars(buffer, expected_size);
//@ public_crypto_chars(hmac, 64);
/*@ if (!col && !bad(sender) && !bad(receiver))
{
public_chars_extract(hmac, hmac_cg);
open [_]hmac_pub(hmac_cg);
assert (send(sender, receiver, msg_cs) == true);
}
@*/
/*@ open hide_chars((void*) buffer + expected_size,
MAX_MESSAGE_SIZE - expected_size, _); @*/
}
net_close(socket2);
net_close(socket1);
//@ close principal(receiver, _);
}
int main( int argc, const char *argv[] )
{
/* Client and server declarations. */
int ret;
int len;
#if SOCKET_COMMUNICATION
int listen_fd = -1;
int client_fd = -1;
int server_fd = -1;
#endif
unsigned char buf[1024];
/* Handshake step counter */
size_t step = 1;
int flags;
ssl_context s_ssl, c_ssl;
x509_crt srvcert;
pk_context pkey;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#endif
if( argc == 3)
{
packet_in_num = atoi(argv[1]);
packet_in_file = argv[2];
}
else if( argc != 1)
{
usage(argv[0]);
exit(1);
}
/* Server init */
memset( &s_ssl, 0, sizeof( ssl_context ) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#endif
x509_crt_init( &srvcert );
pk_init( &pkey );
/* Client init */
memset( &c_ssl, 0, sizeof( ssl_context ) );
/*x509_crt_init( &cacert );*/
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#endif
/*
* Server:
* Load the certificates and private RSA key
*/
if( packet_in_num == 0 )
{
printf( " . Loading the server cert. and key..." );
fflush( stdout );
}
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
* server and CA certificates, as well as pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
strlen( test_ca_list ) );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
/*
* Server:
* Setup stuff
*/
if( packet_in_num == 0 )
{
printf( " . Server: Setting up the SSL data...." );
fflush( stdout );
}
if( ( ret = ssl_init( &s_ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
ssl_set_endpoint( &s_ssl, SSL_IS_SERVER );
ssl_set_authmode( &s_ssl, SSL_VERIFY_NONE );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &s_ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &s_ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &s_ssl, ctr_drbg_deterministic, NULL );
ssl_set_dbg( &s_ssl, my_debug, stdout );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &s_ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
ssl_set_ca_chain( &s_ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &s_ssl, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
ssl_session_reset( &s_ssl );
#if SOCKET_COMMUNICATION
/*
* Server:
* Setup the listening TCP socket
*/
if( packet_in_num == 0 )
{
printf( " . Bind on https://localhost:%d/ ...", SERVER_PORT );
fflush( stdout );
}
if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
/*
* Client:
* Start the connection
*/
if( packet_in_num == 0 )
{
printf( " . Connecting to tcp/%s/%d...", SERVER_NAME, SERVER_PORT );
fflush( stdout );
}
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
/*
* Server:
* Start listening for client connections
*/
if( packet_in_num == 0 )
{
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
}
/*
* Server:
* Accept client connection (socket is set non-blocking in
* library/net.c)
*/
if( ( ret = net_accept( listen_fd, &client_fd,
NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
ssl_set_bio( &s_ssl, recv_custom, &client_fd, send_custom, &client_fd );
#else
ssl_set_bio( &s_ssl, func_server_recv_buf, NULL, func_server_send_buf, NULL );
#endif
/*
* Client:
* Setup stuff
*/
if( packet_in_num == 0 )
{
printf( " . Client: Setting up the SSL/TLS structure..." );
fflush( stdout );
}
if( ( ret = ssl_init( &c_ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
if( packet_in_num == 0 )
{
polarssl_printf( " ok\n" );
}
ssl_set_endpoint( &c_ssl, SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
ssl_set_authmode( &c_ssl, SSL_VERIFY_OPTIONAL );
/* NONE permits man-in-the-middle attacks. */
/*ssl_set_authmode( &c_ssl, VERIFY_NONE );*/
/*ssl_set_authmode( &c_ssl, SSL_VERIFY_REQUIRED );*/
ssl_set_ca_chain( &c_ssl, &srvcert, NULL, "PolarSSL Server 1" );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &c_ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &c_ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &c_ssl, ctr_drbg_deterministic, NULL );
ssl_set_dbg( &c_ssl, my_debug, stdout );
if( ( ret = ssl_set_hostname( &c_ssl, "mbed TLS Server 1" ) ) != 0 )
{
printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#if SOCKET_COMMUNICATION
ssl_set_bio( &c_ssl, recv_custom, &server_fd, send_custom, &server_fd );
#else
ssl_set_bio( &c_ssl, func_client_recv_buf, NULL, func_client_send_buf, NULL );
#endif
if( packet_in_num == 0 )
{
printf( " . Performing the SSL/TLS handshake...\n" );
fflush( stdout );
}
/*
* The following number of steps are hardcoded to ensure
* that the client and server complete the handshake without
* waiting infinitely for the other side to send data.
*
* 1 2 3 4 5 6 7 8 9
*/
int client_steps[] = { 2, 1, 1, 1, 4, 2, 1, 1, 3 };
int server_steps[] = { 3, 1, 1, 3, 2, 1, 2, 1, 2 };
do {
/*
* Client:
* Handshake step
*/
int i;
int no_steps;
if( c_ssl.state == SSL_HANDSHAKE_OVER ) {
no_steps = 0;
} else {
no_steps = client_steps[step - 1];
}
for (i = 0; i < no_steps; i++) {
if( ( ret = ssl_handshake_step( &c_ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
}
if( packet_in_num == 0 )
{
printf( "--- client handshake step %zd ok\n", step );
}
/*
* Server:
* Handshake step
*/
if( s_ssl.state == SSL_HANDSHAKE_OVER ) {
printf("over\n");
no_steps = 0;
} else {
no_steps = server_steps[step - 1];
}
for (i = 0; i < no_steps; i++) {
if( ( ret = ssl_handshake_step( &s_ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
}
if( packet_in_num == 0 )
{
printf( "--- server handshake step %zd ok\n", step );
}
step++;
} while( ((c_ssl.state != SSL_HANDSHAKE_OVER)
|| (s_ssl.state != SSL_HANDSHAKE_OVER))
&& (step <= MAX_HANDSHAKE_STEPS) );
if( packet_in_num == 0 )
{
printf( "c_ssl.state: %d\n", c_ssl.state != SSL_HANDSHAKE_OVER );
printf( "s_ssl.state: %d\n", s_ssl.state != SSL_HANDSHAKE_OVER );
}
/*
* Client:
* Verify the server certificate
*/
if( packet_in_num == 0 )
{
printf( " . Verifying peer X.509 certificate..." );
}
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = ssl_get_verify_result( &c_ssl ) ) != 0 )
{
char vrfy_buf[512];
printf( " failed\n" );
x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
printf( "%s\n", vrfy_buf );
}
else if( packet_in_num == 0 )
{
printf( " ok\n" );
}
/*
* Client:
* Write the GET request
*/
if( packet_in_num == 0 )
{
printf( " > Write to server:" );
fflush( stdout );
}
len = sprintf( (char *) buf, GET_REQUEST );
while( ( ret = ssl_write( &c_ssl, buf, len ) ) <= 0 )
{
if( ret !=POLARSSL_ERR_NET_WANT_READ && ret !=POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
if( packet_in_num == 0 )
{
printf( " %d bytes written\n\n%s", len, (char *) buf );
}
/*
* Server:
* Read the HTTP Request
*/
if( packet_in_num == 0 )
{
printf( " < Read from client:" );
fflush( stdout );
}
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &s_ssl, buf, len );
if( ret ==POLARSSL_ERR_NET_WANT_READ || ret ==POLARSSL_ERR_NET_WANT_WRITE )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned -0x%x\n", -ret );
break;
}
break;
}
len = ret;
if( packet_in_num == 0 )
{
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
if( ret > 0 )
break;
}
while( 1 );
/*
* Server:
* Write the 200 Response
*/
if( packet_in_num == 0 )
{
printf( " > Write to client:" );
fflush( stdout );
}
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &s_ssl ) );
while( ( ret = ssl_write( &s_ssl, buf, len ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
goto exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
if( packet_in_num == 0 )
{
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
}
/*
* Client:
* Read the HTTP response
*/
if( packet_in_num == 0 )
{
printf( " < Read from server:" );
fflush( stdout );
}
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &c_ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
continue;
if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
{
ret = 0;
break;
}
if( ret < 0 )
{
printf( "failed\n ! ssl_read returned %d\n\n", ret );
break;
}
if( ret == 0 )
{
printf( "\n\nEOF\n\n" );
break;
}
len = ret;
if( packet_in_num == 0 )
{
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
/*
* Server:
* Client read response. Close connection.
*/
if ( packet_in_num == 0 )
{
printf( " . Closing the connection..." );
fflush( stdout );
}
while( ( ret = ssl_close_notify( &s_ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
goto exit;
}
}
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
}
while( 1 );
/*
* Client:
* Close connection.
*/
if( packet_in_num == 0 )
{
printf( " . Closing the connection..." );
fflush( stdout );
}
ssl_close_notify( &c_ssl );
if( packet_in_num == 0 )
{
printf( " ok\n" );
}
/*
* Server:
* We do not have multiple clients and therefore do not goto reset.
*/
/*ret = 0;*/
/*goto reset;*/
exit:
#ifdef POLARSSL_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
#if SOCKET_COMMUNICATION
if ( client_fd != 1 )
net_close( client_fd );
if( server_fd != -1 )
net_close( server_fd );
if ( listen_fd != 1 )
net_close( listen_fd );
#endif
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &s_ssl );
ssl_free( &c_ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
fflush( stdout );
getchar();
#endif
return( ret );
}
void receiver(int sender, int receiver,
char *s_pub_key, char *r_priv_key,
char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
[_]decryption_key_classifier(nsl_public_key) &*&
principal(receiver, _) &*&
[?f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
?s_pub_key_ccs, ?s_pub_key_cg) &*&
s_pub_key_cg == cg_public_key(sender, ?s_id) &*&
[?f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
?r_priv_key_ccs, ?r_priv_key_cg) &*&
r_priv_key_cg == cg_private_key(receiver, ?r_id) &*&
chars(s_nonce, NONCE_SIZE, _) &*&
chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures principal(receiver, _) &*&
[f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
s_pub_key_ccs, s_pub_key_cg) &*&
[f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
r_priv_key_ccs, r_priv_key_cg) &*&
cryptogram(r_nonce, NONCE_SIZE, ?r_nonce_ccs, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
(
col || bad(sender) || bad(receiver) ?
chars(s_nonce, NONCE_SIZE, _)
:
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
int_pair(receiver, r_id))))
); @*/
{
//@ open principal(receiver, _);
int socket1;
int socket2;
pk_context s_context;
pk_context r_context;
havege_state havege_state;
if(net_bind(&socket1, NULL, SERVER_PORT) != 0)
abort();
if(net_accept(socket1, &socket2, NULL) != 0)
abort();
if(net_set_block(socket2) != 0)
abort();
//@ close pk_context(&s_context);
pk_init(&s_context);
if (pk_parse_public_key(&s_context, s_pub_key,
(unsigned int) 8 * KEY_SIZE) != 0)
abort();
//@ close pk_context(&r_context);
pk_init(&r_context);
if (pk_parse_key(&r_context, r_priv_key,
(unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
abort();
// Generate NB
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close principal(receiver, _);
receiver_msg1(&socket2, &havege_state, &r_context, sender, receiver, s_nonce);
//@ open principal(receiver, _);
//@ assert receiver_inter(?p_orig, ?c_orig, ?p_inst, ?s_nonce_ccs, ?s_nonce_cg);
//@ int info = int_pair(sender, int_pair(p_inst, int_pair(p_orig, c_orig)));
//@ close random_request(receiver, int_pair(2, info), false);
if (havege_random(&havege_state, r_nonce, NONCE_SIZE) != 0) abort();
//@ close principal(receiver, _);
receiver_msg2(&socket2, &havege_state, &s_context, receiver,
s_nonce, r_nonce);
//@ if (col || bad(p_inst) || bad(receiver)) chars_to_crypto_chars(s_nonce, NONCE_SIZE);
//@ close receiver_inter(p_orig, c_orig, p_inst, s_nonce_ccs, s_nonce_cg);
receiver_msg3(&socket2, &havege_state, &r_context, sender, receiver,
s_nonce, r_nonce);
/*@ if (col || bad(sender) || bad(receiver))
crypto_chars_to_chars(s_nonce, NONCE_SIZE); @*/
havege_free(&havege_state);
//@ open havege_state(&havege_state);
//@ pk_release_context_with_key(&s_context);
pk_free(&s_context);
//@ open pk_context(&s_context);
//@ pk_release_context_with_key(&r_context);
pk_free(&r_context);
//@ open pk_context(&r_context);
net_close(socket2);
net_close(socket1);
}
static void plainprpl_login(PurpleAccount *account)
{
PurpleConnection *gc = purple_account_get_connection(account);
purple_debug_info("plainprpl", "logging in %s\n", account->username);
purple_connection_update_progress(gc, _("Connecting"), 0, 2);
purple_connection_update_progress(gc, _("Connected"), 1, 2);
purple_connection_set_state(gc, PURPLE_CONNECTED);
/* Setup plugin data */
plain_plugin_state *pstate = g_new0(plain_plugin_state, 1);
/* General account data */
const char *listen_af = purple_account_get_string(account, "listen_af", NULL);
const char *listen_port = purple_account_get_string(account, "listen_port", NULL);
//check port
if (listen_port == NULL || atoi(listen_port) < 1 || atoi(listen_port) >= 65535) {
listen_port = PLAIN_DEFAULT_PORT_STR;
purple_account_set_string(account, "listen_port", listen_port);
}
//check protocol
if (listen_af == NULL || (strcmp(listen_af, "ipv4") && strcmp(listen_af, "ipv6"))) {
listen_af = "ipv4";
purple_account_set_string(account, "listen_port", listen_af);
}
/* Select the address to listen on */
const char *listen_addr = (strcmp(listen_af, "ipv4") == 0) ? "0.0.0.0" : "::1";
pstate->sockaf = str_to_af(listen_af);
pstate->sockfd = net_bind("plainprpl", listen_addr, listen_port, NULL, IPPROTO_UDP, pstate->sockaf);
if (pstate->sockfd < 0) {
purple_debug_info("plainprpl", "Failed to bind to %s\n", listen_addr);
g_free(pstate);
//TODO: diable plugin
return;
} else {
purple_debug_info("plainprpl", "Bind to %s\n", listen_addr);
}
pstate->receive_timer = purple_timeout_add(80, plain_receive, gc);
purple_connection_set_protocol_data(gc, pstate);
/* Attach buddy data to each buddy */
GSList *list = purple_find_buddies(account, NULL);
purple_debug_info("plainprpl", "Buddies to load: %d\n", g_slist_length(list));
GSList *iter = list;
while (iter) {
PurpleBuddy *buddy = iter->data;
//purple_debug_info("plainprpl", "#plainprpl_login: attach custom data to buddy: %s\n", buddy->name);
assert(purple_buddy_get_protocol_data(buddy) == NULL);
const char *addr_str = purple_blist_node_get_string(PURPLE_BLIST_NODE(buddy), "addr_str");
if (addr_str != NULL && strlen(addr_str)) {
add_buddy_sdata(buddy, pstate);
} else {
purple_debug_info("plainprpl", "Empty address for buddy: %s\n", buddy->name);
}
/* Set offline by default */
purple_prpl_got_user_status(account, buddy->name, PLAIN_STATUS_OFFLINE, NULL);
iter = iter->next;
}
g_slist_free(list);
/* Call the on_login script - if it is set */
const char *on_login = purple_account_get_string(account, "on_login", NULL);
exec_process(on_login, NULL, NULL, gc, NULL);
}