inline static CYASSL* create_cyassl_object( CYASSL_CTX* cya_ctx, const Conn_t* conn )
{
assert( cya_ctx != 0 && "CyaSSL context must not be null!" );
assert( conn != 0 && "Conn ptr must not be null!" );
CYASSL* xCyaSSL_Object = 0;
xCyaSSL_Object = CyaSSL_new( cya_ctx );
if( xCyaSSL_Object != NULL )
{
CyaSSL_SetIORecv( cya_ctx, myPrivateRecv );
CyaSSL_SetIOSend( cya_ctx, myPrivateSend );
/* Associate the created CyaSSL object with the connected socket. */
if( CyaSSL_set_fd( xCyaSSL_Object, conn->sock_fd ) != SSL_SUCCESS )
{
return 0;
}
return xCyaSSL_Object;
}
return 0;
}
int Server(word16 port)
{
char msg[MAXSZ];
const char reply[] = "I hear ya fa shizzle!\n";
int n, listenfd, connfd;
CYASSL_CTX* ctx;
CYASSL* ssl;
CyaSSL_Init();
/* create ctx and configure certificates */
if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_server_method())) == NULL)
err_sys("Fatal error : CyaSSL_CTX_new error");
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file,"
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
/*sets the IO callback methods*/
CyaSSL_SetIORecv(ctx, CbIORecv);
CyaSSL_SetIOSend(ctx, CbIOSend);
tcp_accept(&listenfd, &connfd, NULL, port, 1, 0);
if (connfd < 0) {
err_sys("Fatal error : accept error");
}
else {
/* create CYASSL object and respond */
if ((ssl = CyaSSL_new(ctx)) == NULL)
err_sys("Fatal error : CyaSSL_new error");
CyaSSL_set_fd(ssl, connfd);
memset(msg, 0, MAXSZ);
n = CyaSSL_read(ssl, msg, MAXSZ - 1);
if (n > 0) {
msg[n] = '\0';
printf("Client sent : %s\n", msg);
if (CyaSSL_write(ssl, reply, strlen(reply)) > strlen(reply))
err_sys("Fatal error : respond: write error");
}
if (n < 0)
err_sys("Fatal error :respond: read error");
/* closes the connections after responding */
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
if (close(listenfd) == -1 && close(connfd) == -1)
err_sys("Fatal error : close error");
}
/* free up memory used by CyaSSL */
CyaSSL_CTX_free(ctx);
return 0;
}
static int _tls_session_init_client(tls_session_t *s, int sockfd,
const tls_init_config_t *cfg)
{
int ret;
SSL_METHOD *method;
#if defined(CYASSL_DTLS)
method = DTLSv1_client_method();
#elif !defined(NO_TLS)
method = SSLv23_client_method();
#else
method = SSLv3_client_method();
#endif
s->ctx = SSL_CTX_new(method);
#ifndef NO_PSK
SSL_CTX_set_psk_client_callback(s->ctx, my_psk_client_cb);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(s->ctx, "AES256-SHA");
#endif
if (cfg->flags & TLS_CHECK_SERVER_CERT) {
ASSERT(cfg->tls.client.ca_cert_size != 0);
/* Load server certificates from buffer */
tls_d("Loading CA certificate file. Size: %d",
cfg->tls.client.ca_cert_size);
ret = CyaSSL_CTX_load_verify_buffer(s->ctx,
cfg->tls.client.ca_cert,
cfg->tls.client.
ca_cert_size,
SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
tls_e("Unable to load CA certificate");
SSL_CTX_free(s->ctx);
return -WM_FAIL;
}
} else {
tls_d("Disabling certificate check");
SSL_CTX_set_verify(s->ctx, SSL_VERIFY_NONE, 0);
}
if (cfg->flags & TLS_USE_CLIENT_CERT) {
/* The server wants to verify our certificates */
ASSERT(cfg->tls.client.client_cert_size != 0);
ASSERT(cfg->tls.client.client_key_size != 0);
/* Load client certificates and client private keys from
buffer */
tls_d("Loading client certificate buffer. Size: %d",
cfg->tls.client.client_cert_size);
ret = CyaSSL_CTX_use_certificate_buffer(s->ctx,
cfg->tls.client.
client_cert,
cfg->tls.client.
client_cert_size,
SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
tls_e("Unable to load client certificate");
SSL_CTX_free(s->ctx);
return -WM_FAIL;
}
tls_d("Loading client private key buffer. Size: %d",
cfg->tls.client.client_key_size);
ret = CyaSSL_CTX_use_PrivateKey_buffer(s->ctx,
cfg->tls.client.
client_key,
cfg->tls.client.
client_key_size,
SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
tls_e("Unable to load client key");
SSL_CTX_free(s->ctx);
return -WM_FAIL;
}
}
s->ssl = SSL_new(s->ctx);
SSL_set_fd(s->ssl, sockfd);
#ifdef CONFIG_WPA2_ENTP
if (cfg->flags & TLS_WPA2_ENTP) {
CyaSSL_SetIOSend(s->ctx, SSLSend);
CyaSSL_SetIORecv(s->ctx, SSLReceive);
}
#endif
#ifdef NON_BLOCKING
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(s->ssl);
#else
#ifndef CYASSL_CALLBACKS
tls_d("Starting SSL connect");
/* see note at top of README */
if (SSL_connect(s->ssl) != SSL_SUCCESS) {
#ifdef CONFIG_ENABLE_ERROR_LOGS
int err = SSL_get_error(s->ssl, 0);
char buffer[80];
tls_e("err = %d, %s", err, ERR_error_string(err, buffer));
/* if you're getting an error here */
tls_e("SSL_connect failed");
#endif /* CONFIG_ENABLE_ERROR_LOGS */
SSL_free(s->ssl);
SSL_CTX_free(s->ctx);
return -WM_FAIL;
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(s->ssl); /* will keep retrying on timeout */
#endif
#endif
showPeer(s->ssl);
s->session_setup_done = true;
tls_d("SSL Connect success");
#ifdef CONFIG_WPA2_ENTP
if (cfg->flags & TLS_WPA2_ENTP)
return tls_session_success(s);
#endif
return WM_SUCCESS;
}
int SSL_send_and_recv(char *send_buf, char *recv_buf)
{
SSL* ssl;
SSL_CTX* ctx;
int ret = 0, read_size = 0;
int i = 0;
struct sockaddr_in addr;
struct hostent *host = 0;
//名前解決
if((host = gethostbyname("api.twitter.com")) == NULL) {
printf("ドメイン解決に失敗しました。\n");
return -1;
}
printf("DNS OK.\n");
//ポート番号などの設定
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = *((unsigned long *)host->h_addr_list[0]);
addr.sin_port = htons(443);
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
//接続の確立
if(connect(sock, (struct sockaddr*)&addr, sizeof(addr)) == -1) {
printf("接続できませんでした。\n");
return -1;
}
//SSL接続の準備
SSL_load_error_strings();
SSL_library_init();
ctx = SSL_CTX_new(SSLv3_client_method());
if(ctx == 0) {
return -2;
}
CyaSSL_SetIORecv(ctx, recvf);
CyaSSL_SetIOSend(ctx, sendf);
printf("step:10\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
ssl = NULL;
ssl = SSL_new(ctx);
if(ssl == NULL) {
return -3;
}
ret = SSL_set_fd(ssl, sock);
if(ret == 0) {
return -4;
}
//SSLセッション
ret = SSL_connect(ssl);
if(ret != 1) {
return -5;
}
//リクエストの送信
if(SSL_write(ssl, (void *)send_buf, strlen((void *)send_buf)) == -1) {
return -6;
}
//レスポンス取得
for(i=0; i<BUF_SIZE; i++) recv_buf[i] = 0;
while((read_size = SSL_read(ssl, recv_buf, BUF_SIZE-1)) > 0) {
fwrite(recv_buf, read_size, 1, stdout);
}
//SSLクローズ
ret = SSL_shutdown(ssl);
if(ret != 0) {
return -7;
}
//close(*sck);
close(sock);
return 0;
}
int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct capwap_dtls_param* param) {
ASSERT(dtlscontext != NULL);
ASSERT(param != NULL);
memset(dtlscontext, 0, sizeof(struct capwap_dtls_context));
dtlscontext->type = param->type;
dtlscontext->mode = param->mode;
/* Alloc context */
dtlscontext->sslcontext = (void*)CyaSSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? CyaDTLSv1_server_method() : CyaDTLSv1_client_method()));
if (!dtlscontext->sslcontext) {
capwap_logging_debug("Error to initialize dtls context");
return 0;
}
/* Set context IO */
CyaSSL_SetIORecv((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_recv);
CyaSSL_SetIOSend((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_send);
CyaSSL_CTX_SetGenCookie((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_createcookie);
/* */
if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) {
/* Check context */
if (!param->cert.filecert || !strlen(param->cert.filecert)) {
capwap_logging_debug("Error, request certificate file");
capwap_crypt_freecontext(dtlscontext);
return 0;
} else if (!param->cert.filekey || !strlen(param->cert.filekey)) {
capwap_logging_debug("Error, request privatekey file");
capwap_crypt_freecontext(dtlscontext);
return 0;
} else if (!param->cert.fileca || !strlen(param->cert.fileca)) {
capwap_logging_debug("Error, request ca file");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* Public certificate */
if (!CyaSSL_CTX_use_certificate_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load certificate file");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* Private key */
if (!CyaSSL_CTX_use_PrivateKey_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load private key file");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
if (!CyaSSL_CTX_check_private_key((CYASSL_CTX*)dtlscontext->sslcontext)) {
capwap_logging_debug("Error to check private key");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* Certificate Authority */
if (!CyaSSL_CTX_load_verify_locations((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) {
capwap_logging_debug("Error to load ca file");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* Verify certificate callback */
CyaSSL_CTX_set_verify((CYASSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), capwap_crypt_verifycertificate);
/* Cipher list:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*/
if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) {
capwap_logging_debug("Error to select cipher list");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
} else if (dtlscontext->mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) {
/* Cipher list:
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
*/
if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA")) {
capwap_logging_debug("Error to select cipher list");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* */
if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
if (param->presharedkey.hint) {
CyaSSL_CTX_use_psk_identity_hint((CYASSL_CTX*)dtlscontext->sslcontext, param->presharedkey.hint);
} else {
capwap_logging_debug("Error to presharedkey hint");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
}
/* */
dtlscontext->presharedkey.identity = capwap_duplicate_string(param->presharedkey.identity);
dtlscontext->presharedkey.pskkeylength = capwap_crypt_psk_to_bin(param->presharedkey.pskkey, &dtlscontext->presharedkey.pskkey);
if (!dtlscontext->presharedkey.pskkeylength) {
capwap_logging_debug("Error to presharedkey");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
/* */
if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
CyaSSL_CTX_set_psk_server_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_server);
} else {
CyaSSL_CTX_set_psk_client_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_client);
}
} else {
capwap_logging_debug("Invalid DTLS mode");
capwap_crypt_freecontext(dtlscontext);
return 0;
}
return 1;
}