Home Explore Help
Sign In
cbocovic
/
slitheen
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0cc345a1f6
Branches Tags
slitheen
/
tests
/
client.c

client.c 7.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 
  1. /*
    2. 

  2.  * A "simple" SSLeay 0.8.0 demo program
    3. 

  3.  *
    4. 

  4.  * This program implements a simple SSL v2 or v3 client
    5. 

  5.  * which connects to a web server and issues a "HEAD / HTTP/1.0"
    6. 

  6.  * command and prints the output.
    7. 

  7.  *
    8. 

  8.  * Written by Emil Sit <sit@mit.edu>
    9. 

  9.  */
    10. 

  10. #include <stdio.h>
    11. 

  11. #include <stdlib.h>
    12. 

  12. 

  13. #include <string.h>
    14. 

  14. #include <fcntl.h>
    15. 

  15. 

  16. #include <netdb.h>
    17. 

  17. #include <netinet/in.h>
    18. 

  18. 

  19. #include <sys/types.h>
    20. 

  20. #include <sys/socket.h>
    21. 

  21. #include <unistd.h>
    22. 

  22. 

  23. #include <openssl/ssl.h>
    24. 

  24. #include <openssl/err.h>
    25. 

  25. 

  26. #include "slitheen.h"
    27. 

  27. 

  28. int my_connect( char *, int );
    29. 

  29. void apps_ssl_info_callback( SSL *s, int where, int ret );
    30. 

  30. 

  31. int my_dumb_callback( int ok, X509_STORE_CTX *ctx ) {
    32. 

  32.     return 1;
    33. 

  33. }
    34. 

  34. 

  35. int main( int argc, char **argv ) {
    36. 

  36.     SSL_CTX *ctx = NULL;
    37. 

  37.     SSL *session = NULL;
    38. 

  38. 

  39.     char *command = "HEAD / HTTP/1.0\r\n\r\n";
    40. 

  40.     
    41. 

  41.     int s;
    42. 

  42.     int status;
    43. 

  43. 

  44.     /* We first need to establish what sort of
    45. 

  45.      * connection we know how to make. We can use one of
    46. 

  46.      * SSLv23_client_method(), SSLv2_client_method() and
    47. 

  47.      * SSLv3_client_method().
    48. 

  48.      */
    49. 

  49.     const SSL_METHOD *meth = TLSv1_2_client_method();
    50. 

  50.     if (meth == NULL) {
    51. 

  51. 	fprintf( stderr, "no method. :(\n" ); exit(1);
    52. 

  52.     }
    53. 

  53. 

  54.     /* This enables all ciphers in SSLeay, these include:
    55. 

  55.      *   DES, RC4, IDEA, RC2, Blowfish,
    56. 

  56.      *   MD2, SHA, DSA.
    57. 

  57.      * See crypto/c_all.c
    58. 

  58.      */
    59. 

  59.     SSL_load_error_strings();	
    60. 

  60.     OpenSSL_add_ssl_algorithms();
    61. 

  61. 

  62.     /* Initialize the context. This is shared between SSL sessions
    63. 

  63.      * and can do FH caching.
    64. 

  64.      */
    65. 

  65.     ctx = SSL_CTX_new( meth );
    66. 

  66.     if ( ctx == NULL ) { fprintf( stderr, "no context. :(\n" ); exit(1);
    67. 

  67. 		ERR_print_errors_fp(stderr);
    68. 

  68. 	}
    69. 

  69. 

  70.     SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384");
    71. 

  71. 

  72.     /* Set slitheen callbacks */
    73. 

  73.     slitheen_init();
    74. 

  74. 

  75.     SSL_CTX_set_client_hello_callback(ctx, slitheen_tag_hello);
    76. 

  76.     SSL_CTX_set_generate_ec_key_callback(ctx, slitheen_ec_seed_from_tag);
    77. 

  77.     SSL_CTX_set_generate_key_callback(ctx, slitheen_seed_from_tag);
    78. 

  78.     SSL_CTX_set_finished_mac_callback(ctx, slitheen_finished_mac);
    79. 

  79. 

  80.     /* Set up a callback for each state change so we can see what's
    81. 

  81.      * going on */
    82. 

  82.     SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
    83. 

  83. 

  84.     /* Set it up so tha we will connect to *any* site, regardless
    85. 

  85.      * of their certificate. */
    86. 

  86.     SSL_CTX_set_verify( ctx, SSL_VERIFY_NONE, my_dumb_callback );
    87. 

  87. 

  88.     /* MACRO. Set's CTX options. Not sure. I think this enables bug
    89. 

  89.      * support hacks. */
    90. 

  90.     SSL_CTX_set_options(ctx,SSL_OP_ALL);
    91. 

  91. 

  92.     /* Finally, we're all set so we can set up the session holder */
    93. 

  93.     session = SSL_new( ctx );
    94. 

  94.     if ( session == NULL ) { fprintf( stderr, "no session. :(\n" ); exit(1);}
    95. 

  95.     
    96. 

  96.     /* Make connection s.t. s is the appropriate fd */
    97. 

  97.     s = my_connect( (argc == 2) ? argv[1] : "scspc430.cs.uwaterloo.ca" , 8888 );
    98. 

  98. 

  99.     /* Set up the SSL side of the connection */
    100. 

  100.     SSL_set_fd( session, s );
    101. 

  101.     status = SSL_connect( session );
    102. 

  102.     /* Check the results. */
    103. 

  103.     switch (SSL_get_error(session,status)) {
    104. 

  104. 		case SSL_ERROR_NONE:
    105. 

  105. 		/* Everything worked :-) */
    106. 

  106. 		break;
    107. 

  107. 		case SSL_ERROR_SSL:
    108. 

  108. 		fprintf( stderr, "ssl handshake failure\n" );
    109. 

  109. 		ERR_print_errors_fp(stderr);
    110. 

  110. 		goto byebye;
    111. 

  111. 		break;
    112. 

  112. 

  113. 		/* These are for NON-BLOCKING I/O only! */
    114. 

  114. 		case SSL_ERROR_WANT_READ:
    115. 

  115. 		case SSL_ERROR_WANT_WRITE:
    116. 

  116. 		fprintf( stderr, "want read/write. Use blocking?\n" );
    117. 

  117. 		goto byebye;	break;
    118. 

  118. 		case SSL_ERROR_WANT_CONNECT:
    119. 

  119. 		fprintf( stderr, "want connect. sleep a while, try again." );
    120. 

  120. 		goto byebye;    break;
    121. 

  121. 		
    122. 

  122. 		case SSL_ERROR_SYSCALL:
    123. 

  123. 		perror("SSL_connect");
    124. 

  124. 		goto byebye;    break;
    125. 

  125. 		case SSL_ERROR_WANT_X509_LOOKUP:
    126. 

  126. 		/* not used! */
    127. 

  127. 		fprintf( stderr, "shouldn't be getting this.\n" );
    128. 

  128. 		break;
    129. 

  129. 		case SSL_ERROR_ZERO_RETURN:
    130. 

  130. 		fprintf( stderr, "connection closed.\n" );
    131. 

  131. 		goto byebye;
    132. 

  132.     }
    133. 

  133. 

  134. 	/*Resume session*/
    135. 

  135. 	printf("Resuming session\n");
    136. 

  136. 	
    137. 

  137. 	SSL_SESSION *sess = SSL_get1_session(session);
    138. 

  138. 	SSL_shutdown(session);
    139. 

  139. 	SSL_free(session);
    140. 

  140. 	close(s);
    141. 

  141. 

  142.     s = my_connect( (argc == 2) ? argv[1] : "scspc430.cs.uwaterloo.ca" , 8888 );
    143. 

  143. 	session = SSL_new(ctx);
    144. 

  144. 

  145.     SSL_set_fd( session, s );
    146. 

  146. 

  147. 	SSL_set_session(session, sess);
    148. 

  148. 

  149.     status = SSL_connect( session );
    150. 

  150. 

  151.     switch (SSL_get_error(session,status)) {
    152. 

  152. 		case SSL_ERROR_NONE:
    153. 

  153. 		/* Everything worked :-) */
    154. 

  154. 		break;
    155. 

  155. 		case SSL_ERROR_SSL:
    156. 

  156. 		fprintf( stderr, "ssl handshake failure\n" );
    157. 

  157. 		ERR_print_errors_fp(stderr);
    158. 

  158. 		goto byebye;
    159. 

  159. 		break;
    160. 

  160. 

  161. 		/* These are for NON-BLOCKING I/O only! */
    162. 

  162. 		case SSL_ERROR_WANT_READ:
    163. 

  163. 		case SSL_ERROR_WANT_WRITE:
    164. 

  164. 		fprintf( stderr, "want read/write. Use blocking?\n" );
    165. 

  165. 		goto byebye;	break;
    166. 

  166. 		case SSL_ERROR_WANT_CONNECT:
    167. 

  167. 		fprintf( stderr, "want connect. sleep a while, try again." );
    168. 

  168. 		goto byebye;    break;
    169. 

  169. 		
    170. 

  170. 		case SSL_ERROR_SYSCALL:
    171. 

  171. 		perror("SSL_connect");
    172. 

  172. 		goto byebye;    break;
    173. 

  173. 		case SSL_ERROR_WANT_X509_LOOKUP:
    174. 

  174. 		/* not used! */
    175. 

  175. 		fprintf( stderr, "shouldn't be getting this.\n" );
    176. 

  176. 		break;
    177. 

  177. 		case SSL_ERROR_ZERO_RETURN:
    178. 

  178. 		fprintf( stderr, "connection closed.\n" );
    179. 

  179. 		goto byebye;
    180. 

  180.     }
    181. 

  181. 

  182. byebye:
    183. 

  183. 

  184.     /* close everything down */
    185. 

  185.     SSL_shutdown(session);
    186. 

  186.     close(s);
    187. 

  187.     
    188. 

  188.     SSL_free( session ); session = NULL;
    189. 

  189.     SSL_CTX_free(ctx);
    190. 

  190.     return 0;
    191. 

  191. }
    192. 

  192. 

  193. /* returns a socket connected to host on port port */
    194. 

  194. int my_connect( char *hostname, int port ) {
    195. 

  195.     struct hostent *remote_host;
    196. 

  196.     char local_hostname[256];
    197. 

  197.     struct sockaddr_in address;
    198. 

  198.     int s;
    199. 

  199.     
    200. 

  200.     /* Get a socket to work with.  This socket will be in the Internet domain, and */
    201. 

  201.     /* will be a stream socket. */
    202. 

  202.     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
    203. 

  203. 		perror( "connect: cannot create socket" );
    204. 

  204. 		exit(1);
    205. 

  205.     }
    206. 

  206. 

  207.     /* If hostname is NULL or of zero length, look up the local hostname */
    208. 

  208.     if ((hostname==NULL)||(hostname[0]=='\0'))
    209. 

  209.     {
    210. 

  210. 	/* Get the local hostname */
    211. 

  211. 	if (gethostname(local_hostname, sizeof(local_hostname))==-1)
    212. 

  212. 	{
    213. 

  213. 	    perror("connect");
    214. 

  214. 	    exit(1);
    215. 

  215. 	}
    216. 

  216. 

  217. 	/* Look up the remote host (local host) to get its network number */
    218. 

  218. 	if ((remote_host=gethostbyname(local_hostname)) == NULL)
    219. 

  219. 	{
    220. 

  220. 	    perror("connect");
    221. 

  221. 	    exit(1);
    222. 

  222. 	}
    223. 

  223.     }
    224. 

  224.     else
    225. 

  225. 	/* Look up the remote host to get its network number. */
    226. 

  226. 	if ((remote_host=gethostbyname(hostname)) == NULL)
    227. 

  227. 	{
    228. 

  228. 	    perror("connect");
    229. 

  229. 	    exit(1);
    230. 

  230. 	}
    231. 

  231. 

  232.     /* Initialize the address varaible, which specifies where
    233. 

  233.        connect() should attempt to connect. */
    234. 

  234.     bcopy(remote_host->h_addr, &address.sin_addr, remote_host->h_length);
    235. 

  235.     address.sin_family = AF_INET;
    236. 

  236.     address.sin_port = htons(port);
    237. 

  237. 

  238.     if (!(connect(s, (struct sockaddr *)(&address), sizeof(address)) >= 0))
    239. 

  239.     {
    240. 

  240. 	perror("connect");
    241. 

  241. 	exit(1);
    242. 

  242.     }
    243. 

  243. 

  244.     /* Set the socket to non-blocking mode */
    245. 

  245.     /* fcntl(s, F_SETFL, O_NONBLOCK); */
    246. 

  246. 

  247.     return(s);
    248. 

  248. }
    249. 

  249. 

  250. void apps_ssl_info_callback( SSL *s, int where, int ret )
    251. 

  251. {
    252. 

  252.     char *str;
    253. 

  253.     int w;
    254. 

  254.     
    255. 

  255.     w=where& ~SSL_ST_MASK;
    256. 

  256.     
    257. 

  257.     if (w & SSL_ST_CONNECT) str="SSL_connect";
    258. 

  258.     else if (w & SSL_ST_ACCEPT) str="SSL_accept";
    259. 

  259.     else str="undefined";
    260. 

  260.     
    261. 

  261.     if (where & SSL_CB_LOOP)
    262. 

  262.     {
    263. 

  263. 	fprintf(stderr,"%s: %s\n",str,SSL_state_string_long(s));
    264. 

  264.     }
    265. 

  265.     else if (where & SSL_CB_ALERT)
    266. 

  266.     {
    267. 

  267. 	str=(where & SSL_CB_READ)?"read":"write";
    268. 

  268. 	fprintf(stderr,"SSL3 alert %s:%s:%s\n",
    269. 

  269. 		   str,
    270. 

  270. 		   SSL_alert_type_string_long(ret),
    271. 

  271. 		   SSL_alert_desc_string_long(ret));
    272. 

  272.     }
    273. 

  273.     else if (where & SSL_CB_EXIT)
    274. 

  274.     {
    275. 

  275. 	if (ret == 0)
    276. 

  276. 	    fprintf(stderr,"%s:failed in %s\n",
    277. 

  277. 		       str,SSL_state_string_long(s));
    278. 

  278. 	else if (ret < 0)
    279. 

  279. 	{
    280. 

  280. 	    fprintf(stderr,"%s:error in %s\n",
    281. 

  281. 		       str,SSL_state_string_long(s));
    282. 

  282. 	}
    283. 

  283.     }
    284. 

  284. }
    285. 

  285.