arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-12 01:53:07 +03:00
Code Activity

Initial 1.0.0

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/axTLS@2 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2006-07-01 00:39:15 +00:00
commit fa18d60b98
183 changed files with 48114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
samples/Config.in Normal file
View File

@ -0,0 +1,56 @@
#
# For a description of the syntax of this configuration file,
# see scripts/config/Kconfig-language.txt
#
menu "Samples"
config CONFIG_SAMPLES
bool "Create Samples"
default y
help
axTLS contains various sample code.
Select Y here if you want to build the various samples.
config CONFIG_C_SAMPLES
bool "axssl - C version"
default y
depends on CONFIG_SAMPLES
help
Build the "C" version of axssl. The features enabled are very
dependent on the build mode ('full' mode will give all features).
config CONFIG_CSHARP_SAMPLES
bool "axssl - C# version"
default y
depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS
help
Build the "C#" version of axssl. The features enabled are very
dependent on the build mode ('full' mode will give all features).
config CONFIG_VBNET_SAMPLES
bool "axssl - VB.NET version"
default y
depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS
help
Build the "VB.NET" version of axssl. The features enabled are very
dependent on the build mode ('full' mode will give all features).
config CONFIG_JAVA_SAMPLES
bool "axssl - Java version"
default y
depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS
help
Build the "Java" version of axssl. The features enabled are very
dependent on the build mode ('full' mode will give all features).
config CONFIG_PERL_SAMPLES
bool "axssl - Perl version"
default y
depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS
help
Build the "Perl" version of axssl. The features enabled are very
dependent on the build mode ('full' mode will give all features).
endmenu

46
samples/Makefile Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
all:
include ../config/.config
include ../config/makefile.conf
all:
ifdef CONFIG_C_SAMPLES
$(MAKE) -C c
endif
ifdef CONFIG_CSHARP_SAMPLES
$(MAKE) -C csharp
endif
ifdef CONFIG_VBNET_SAMPLES
$(MAKE) -C vbnet
endif
ifdef CONFIG_JAVA_SAMPLES
$(MAKE) -C java
endif
ifdef CONFIG_PERL_SAMPLES
$(MAKE) -C perl
endif
clean::
$(MAKE) -C c clean
$(MAKE) -C csharp clean
$(MAKE) -C vbnet clean
$(MAKE) -C java clean
$(MAKE) -C perl clean

67
samples/c/Makefile Normal file
View File

@ -0,0 +1,67 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
all : sample
include ../../config/.config
include ../../config/makefile.conf
ifndef CONFIG_PLATFORM_WIN32
ifdef CONFIG_PLATFORM_CYGWIN
TARGET=../../axssl.exe
else
TARGET=../../axssl
endif # cygwin
LIBS=../../libaxtls.a
CFLAGS += -I../../ssl -I../../config
else
TARGET=../../axssl.exe
LIBS=../../axtls.lib
CFLAGS += /I"..\..\ssl" /I"..\..\config"
endif
ifndef CONFIG_C_SAMPLES
sample:
else
sample : $(TARGET)
OBJ= axssl.o
include ../../config/makefile.post
ifndef CONFIG_PLATFORM_WIN32
$(TARGET): $(OBJ) $(LIBS)
$(LD) $(LDFLAGS) -o $@ $^
ifndef CONFIG_DEBUG
ifndef CONFIG_PLATFORM_SOLARIS
strip --remove-section=.comment $(TARGET)
endif # SOLARIS
endif # CONFIG_DEBUG
else # Win32
$(TARGET): $(OBJ) $(LIBS)
$(LD) $(LDFLAGS) ..\..\config\axtls.res /out:$@ $^
endif
endif # CONFIG_C_SAMPLES
clean::
-@rm -f ../../axssl*

862
samples/c/axssl.c Normal file
View File

@ -0,0 +1,862 @@
/*
* Copyright(C) 2006
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file axssl.c
*
* Demonstrate the use of the axTLS library in C with a set of
* command-line parameters similar to openssl. In fact, openssl clients
* should be able to communicate with axTLS servers and visa-versa.
*
* This code has various bits enabled depending on the configuration. To enable
* the most interesting version, compile with the 'full mode' enabled.
*
* To see what options you have, run the following:
* > axssl s_server -?
* > axssl s_client -?
*
* The axtls shared library must be in the same directory or be found
* by the OS.
*/
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "ssl.h"
/* define standard input */
#ifndef STDIN_FILENO
#define STDIN_FILENO 0
#endif
static void do_server(int argc, char *argv[]);
static void print_options(char *option);
static void print_server_options(char *option);
static void do_client(int argc, char *argv[]);
static void print_client_options(char *option);
static void display_cipher(SSL *ssl);
static void display_session_id(SSL *ssl);
/**
* Main entry point. Doesn't do much except works out whether we are a client
* or a server.
*/
int main(int argc, char *argv[])
{
#ifdef WIN32
WSADATA wsaData;
WORD wVersionRequested = MAKEWORD(2, 2);
WSAStartup(wVersionRequested, &wsaData);
#elif !defined(SOLARIS)
signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
#endif
if (argc < 2 || (
strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
{
print_options(argc > 1 ? argv[1] : "");
}
strcmp(argv[1], "s_server") ?
do_client(argc, argv) : do_server(argc, argv);
return 0;
}
/**
* Implement the SSL server logic.
*/
static void do_server(int argc, char *argv[])
{
int i = 2;
uint16_t port = 4433;
uint32_t options = SSL_DISPLAY_CERTS;
int client_fd;
SSLCTX *ssl_ctx;
int server_fd, client_len, res = 0;
#ifndef CONFIG_SSL_SKELETON_MODE
char *private_key_file = NULL;
const char *password = NULL;
char **cert;
int cert_index = 0;
int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
#endif
#ifdef WIN32
char yes = 1;
#else
int yes = 1;
#endif
struct sockaddr_in serv_addr;
struct sockaddr_in client_addr;
int quiet = 0;
#ifdef CONFIG_SSL_CERT_VERIFICATION
int ca_cert_index = 0;
int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
#endif
fd_set read_set;
#ifndef CONFIG_SSL_SKELETON_MODE
cert = (char **)calloc(1, sizeof(char *)*cert_size);
#endif
while (i < argc)
{
if (strcmp(argv[i], "-accept") == 0)
{
if (i >= argc-1)
{
print_server_options(argv[i]);
}
port = atoi(argv[++i]);
}
#ifndef CONFIG_SSL_SKELETON_MODE
else if (strcmp(argv[i], "-cert") == 0)
{
if (i >= argc-1 || cert_index >= cert_size)
{
print_server_options(argv[i]);
}
cert[cert_index++] = argv[++i];
}
else if (strcmp(argv[i], "-key") == 0)
{
if (i >= argc-1)
{
print_server_options(argv[i]);
}
private_key_file = argv[++i];
options |= SSL_NO_DEFAULT_KEY;
}
else if (strcmp(argv[i], "-pass") == 0)
{
if (i >= argc-1)
{
print_server_options(argv[i]);
}
password = argv[++i];
}
#endif
else if (strcmp(argv[i], "-quiet") == 0)
{
quiet = 1;
options &= ~SSL_DISPLAY_CERTS;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION
else if (strcmp(argv[i], "-verify") == 0)
{
options |= SSL_CLIENT_AUTHENTICATION;
}
else if (strcmp(argv[i], "-CAfile") == 0)
{
if (i >= argc-1 || ca_cert_index >= ca_cert_size)
{
print_server_options(argv[i]);
}
ca_cert[ca_cert_index++] = argv[++i];
}
#endif
#ifdef CONFIG_SSL_FULL_MODE
else if (strcmp(argv[i], "-debug") == 0)
{
options |= SSL_DISPLAY_BYTES;
}
else if (strcmp(argv[i], "-state") == 0)
{
options |= SSL_DISPLAY_STATES;
}
else if (strcmp(argv[i], "-show-rsa") == 0)
{
options |= SSL_DISPLAY_RSA;
}
#endif
else /* don't know what this is */
{
print_server_options(argv[i]);
}
i++;
}
/* Create socket for incoming connections */
if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket");
return;
}
setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
/* Construct local address structure */
memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
serv_addr.sin_family = AF_INET; /* Internet address family */
serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
serv_addr.sin_port = htons(port); /* Local port */
/* Bind to the local address */
if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
{
perror("bind");
exit(1);
}
if (listen(server_fd, 5) < 0)
{
perror("listen");
exit(1);
}
client_len = sizeof(client_addr);
/*************************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
*************************************************************************/
if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
{
fprintf(stderr, "Error: Server context is invalid\n");
exit(1);
}
#ifndef CONFIG_SSL_SKELETON_MODE
if (private_key_file)
{
int obj_type = SSL_OBJ_RSA_KEY;
/* auto-detect the key type from the file extension */
if (strstr(private_key_file, ".p8"))
obj_type = SSL_OBJ_PKCS8;
else if (strstr(private_key_file, ".p12"))
obj_type = SSL_OBJ_PKCS12;
if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
{
fprintf(stderr, "Error: Private key '%s' is undefined.\n",
private_key_file);
exit(1);
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
{
printf("Certificate '%s' is undefined.\n", cert[i]);
exit(1);
}
}
#endif
#ifdef CONFIG_SSL_CERT_VERIFICATION
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
{
printf("Certificate '%s' is undefined.\n", ca_cert[i]);
exit(1);
}
}
free(ca_cert);
#endif
#ifndef CONFIG_SSL_SKELETON_MODE
free(cert);
#endif
for (;;)
{
SSL *ssl;
int reconnected = 0;
if (!quiet)
{
printf("ACCEPT\n");
TTY_FLUSH();
}
if ((client_fd = accept(server_fd,
(struct sockaddr *)&client_addr, &client_len)) < 0)
{
res = 1;
break;
}
ssl = ssl_server_new(ssl_ctx, client_fd);
/* now read (and display) whatever the client sends us */
for (;;)
{
/* allow parallel reading of client and standard input */
FD_ZERO(&read_set);
FD_SET(client_fd, &read_set);
#ifndef WIN32
/* win32 doesn't like mixing up stdin and sockets */
if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
{
FD_SET(STDIN_FILENO, &read_set);
}
if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
{
uint8_t buf[1024];
/* read standard input? */
if (FD_ISSET(STDIN_FILENO, &read_set))
{
if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
{
res = SSL_ERROR_CONN_LOST;
}
else
{
/* small hack to check renegotiation */
if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
{
res = ssl_renegotiate(ssl);
}
else /* write our ramblings to the client */
{
res = ssl_write(ssl, buf, strlen((char *)buf)+1);
}
}
}
else /* a socket read */
#endif
{
/* keep reading until we get something interesting */
uint8_t *read_buf;
if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
{
/* are we in the middle of doing a handshake? */
if (ssl_handshake_status(ssl) != SSL_OK)
{
reconnected = 0;
}
else if (!reconnected)
{
/* we are connected/reconnected */
if (!quiet)
{
display_session_id(ssl);
display_cipher(ssl);
}
reconnected = 1;
}
}
if (res > 0) /* display our interesting output */
{
printf("%s", read_buf);
TTY_FLUSH();
}
else if (res < 0 && !quiet)
{
ssl_display_error(res);
}
}
#ifndef WIN32
}
#endif
if (res < SSL_OK)
{
if (!quiet)
{
printf("CONNECTION CLOSED\n");
TTY_FLUSH();
}
break;
}
}
/* client was disconnected or the handshake failed. */
ssl_free(ssl);
SOCKET_CLOSE(client_fd);
}
ssl_ctx_free(ssl_ctx);
}
/**
* Implement the SSL client logic.
*/
static void do_client(int argc, char *argv[])
{
#ifdef CONFIG_SSL_ENABLE_CLIENT
int res, i = 2;
uint16_t port = 4433;
uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
int client_fd;
char *private_key_file = NULL;
struct sockaddr_in client_addr;
struct hostent *hostent;
int reconnect = 0;
uint32_t sin_addr;
SSLCTX *ssl_ctx;
SSL *ssl = NULL;
int quiet = 0;
int cert_index = 0, ca_cert_index = 0;
int cert_size, ca_cert_size;
char **ca_cert, **cert;
uint8_t session_id[SSL_SESSION_ID_SIZE];
fd_set read_set;
const char *password = NULL;
FD_ZERO(&read_set);
sin_addr = inet_addr("127.0.0.1");
cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
cert = (char **)calloc(1, sizeof(char *)*cert_size);
while (i < argc)
{
if (strcmp(argv[i], "-connect") == 0)
{
char *host, *ptr;
if (i >= argc-1)
{
print_client_options(argv[i]);
}
host = argv[++i];
if ((ptr = strchr(host, ':')) == NULL)
{
print_client_options(argv[i]);
}
*ptr++ = 0;
port = atoi(ptr);
hostent = gethostbyname(host);
if (hostent == NULL)
{
print_client_options(argv[i]);
}
sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
}
else if (strcmp(argv[i], "-cert") == 0)
{
if (i >= argc-1 || cert_index >= cert_size)
{
print_client_options(argv[i]);
}
cert[cert_index++] = argv[++i];
}
else if (strcmp(argv[i], "-key") == 0)
{
if (i >= argc-1)
{
print_client_options(argv[i]);
}
private_key_file = argv[++i];
options |= SSL_NO_DEFAULT_KEY;
}
else if (strcmp(argv[i], "-CAfile") == 0)
{
if (i >= argc-1 || ca_cert_index >= ca_cert_size)
{
print_client_options(argv[i]);
}
ca_cert[ca_cert_index++] = argv[++i];
}
else if (strcmp(argv[i], "-verify") == 0)
{
options &= ~SSL_SERVER_VERIFY_LATER;
}
else if (strcmp(argv[i], "-reconnect") == 0)
{
reconnect = 4;
}
else if (strcmp(argv[i], "-quiet") == 0)
{
quiet = 1;
options &= ~SSL_DISPLAY_CERTS;
}
else if (strcmp(argv[i], "-pass") == 0)
{
if (i >= argc-1)
{
print_client_options(argv[i]);
}
password = argv[++i];
}
#ifdef CONFIG_SSL_FULL_MODE
else if (strcmp(argv[i], "-debug") == 0)
{
options |= SSL_DISPLAY_BYTES;
}
else if (strcmp(argv[i], "-state") == 0)
{
options |= SSL_DISPLAY_STATES;
}
else if (strcmp(argv[i], "-show-rsa") == 0)
{
options |= SSL_DISPLAY_RSA;
}
#endif
else /* don't know what this is */
{
print_client_options(argv[i]);
}
i++;
}
client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
memset(&client_addr, 0, sizeof(client_addr));
client_addr.sin_family = AF_INET;
client_addr.sin_port = htons(port);
client_addr.sin_addr.s_addr = sin_addr;
if (connect(client_fd, (struct sockaddr *)&client_addr,
sizeof(client_addr)) < 0)
{
perror("connect");
exit(1);
}
if (!quiet)
{
printf("CONNECTED\n");
TTY_FLUSH();
}
/*************************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
*************************************************************************/
if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
{
fprintf(stderr, "Error: Client context is invalid\n");
exit(1);
}
if (private_key_file)
{
int obj_type = SSL_OBJ_RSA_KEY;
/* auto-detect the key type from the file extension */
if (strstr(private_key_file, ".p8"))
obj_type = SSL_OBJ_PKCS8;
else if (strstr(private_key_file, ".p12"))
obj_type = SSL_OBJ_PKCS12;
if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
{
fprintf(stderr, "Error: Private key '%s' is undefined.\n",
private_key_file);
exit(1);
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
{
printf("Certificate '%s' is undefined.\n", cert[i]);
exit(1);
}
}
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
{
printf("Certificate '%s' is undefined.\n", ca_cert[i]);
exit(1);
}
}
free(cert);
free(ca_cert);
/* Try session resumption? */
if (reconnect)
{
while (reconnect--)
{
ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
if (!quiet)
{
ssl_display_error(res);
}
ssl_free(ssl);
exit(1);
}
display_session_id(ssl);
memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
if (reconnect)
{
ssl_free(ssl);
SOCKET_CLOSE(client_fd);
client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
connect(client_fd, (struct sockaddr *)&client_addr,
sizeof(client_addr));
}
}
}
else
{
ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
}
/* check the return status */
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
if (!quiet)
{
ssl_display_error(res);
}
exit(1);
}
if (!quiet)
{
const char *common_name = ssl_get_cert_dn(ssl,
SSL_X509_CERT_COMMON_NAME);
if (common_name)
{
printf("Common Name:\t\t%s\n", common_name);
}
display_session_id(ssl);
display_cipher(ssl);
}
for (;;)
{
uint8_t buf[1024];
res = SSL_OK;
/* allow parallel reading of server and standard input */
FD_SET(client_fd, &read_set);
#ifndef WIN32
/* win32 doesn't like mixing up stdin and sockets */
FD_SET(STDIN_FILENO, &read_set);
if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
{
/* read standard input? */
if (FD_ISSET(STDIN_FILENO, &read_set))
#endif
{
if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
{
/* bomb out of here */
ssl_free(ssl);
break;
}
else
{
/* small hack to check renegotiation */
if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
{
res = ssl_renegotiate(ssl);
}
else
{
res = ssl_write(ssl, buf, strlen((char *)buf)+1);
}
}
}
#ifndef WIN32
else /* a socket read */
{
uint8_t *read_buf;
res = ssl_read(ssl, &read_buf);
if (res > 0) /* display our interesting output */
{
printf("%s", read_buf);
TTY_FLUSH();
}
}
}
#endif
if (res < 0)
{
if (!quiet)
{
ssl_display_error(res);
}
break; /* get outta here */
}
}
ssl_ctx_free(ssl_ctx);
SOCKET_CLOSE(client_fd);
#else
print_client_options(argv[1]);
#endif
}
/**
* We've had some sort of command-line error. Print out the basic options.
*/
static void print_options(char *option)
{
printf("axssl: Error: '%s' is an invalid command.\n", option);
printf("usage: axssl [s_server|s_client] [args ...]\n");
exit(1);
}
/**
* We've had some sort of command-line error. Print out the server options.
*/
static void print_server_options(char *option)
{
#ifndef CONFIG_SSL_SKELETON_MODE
int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
#endif
#ifdef CONFIG_SSL_CERT_VERIFICATION
int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
#endif
printf("unknown option %s\n", option);
printf("usage: s_server [args ...]\n");
printf(" -accept arg\t- port to accept on (default is 4433)\n");
#ifndef CONFIG_SSL_SKELETON_MODE
printf(" -cert arg\t- certificate file to add (in addition to default)"
" to chain -\n"
"\t\t Can repeat up to %d times\n", cert_size);
printf(" -key arg\t- Private key file to use\n");
printf(" -pass\t\t- private key file pass phrase source\n");
#endif
printf(" -quiet\t\t- No server output\n");
#ifdef CONFIG_SSL_CERT_VERIFICATION
printf(" -verify\t- turn on peer certificate verification\n");
printf(" -CAfile arg\t- Certificate authority\n");
printf("\t\t Can repeat up to %d times\n", ca_cert_size);
#endif
#ifdef CONFIG_SSL_FULL_MODE
printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n");
printf(" -show-rsa\t- Show RSA state\n");
#endif
exit(1);
}
/**
* We've had some sort of command-line error. Print out the client options.
*/
static void print_client_options(char *option)
{
#ifdef CONFIG_SSL_ENABLE_CLIENT
int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
#endif
printf("unknown option %s\n", option);
#ifdef CONFIG_SSL_ENABLE_CLIENT
printf("usage: s_client [args ...]\n");
printf(" -connect host:port - who to connect to (default "
"is localhost:4433)\n");
printf(" -verify\t- turn on peer certificate verification\n");
printf(" -cert arg\t- certificate file to use\n");
printf("\t\t Can repeat up to %d times\n", cert_size);
printf(" -key arg\t- Private key file to use\n");
printf(" -CAfile arg\t- Certificate authority\n");
printf("\t\t Can repeat up to %d times\n", ca_cert_size);
printf(" -quiet\t\t- No client output\n");
printf(" -reconnect\t- Drop and re-make the connection "
"with the same Session-ID\n");
printf(" -pass\t\t- private key file pass phrase source\n");
#ifdef CONFIG_SSL_FULL_MODE
printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n");
printf(" -show-rsa\t- Show RSA state\n");
#endif
#else
printf("Change configuration to allow this feature\n");
#endif
exit(1);
}
/**
* Display what cipher we are using
*/
static void display_cipher(SSL *ssl)
{
printf("CIPHER is ");
switch (ssl_get_cipher_id(ssl))
{
case SSL_AES128_SHA:
printf("AES128-SHA");
break;
case SSL_AES256_SHA:
printf("AES256-SHA");
break;
case SSL_RC4_128_SHA:
printf("RC4-SHA");
break;
case SSL_RC4_128_MD5:
printf("RC4-MD5");
break;
default:
printf("Unknown - %d", ssl_get_cipher_id(ssl));
break;
}
printf("\n");
TTY_FLUSH();
}
/**
* Display what session id we have.
*/
static void display_session_id(SSL *ssl)
{
int i;
const uint8_t *session_id = ssl_get_session_id(ssl);
printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
{
printf("%02x", session_id[i]);
}
printf("\n-----END SSL SESSION PARAMETERS-----\n");
TTY_FLUSH();
}

36
samples/csharp/Makefile Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
include ../../config/makefile.dotnet.conf
all : sample
TARGET=../../axssl.csharp.exe
sample : $(TARGET)
$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs
ifdef GO_DOT_NET
csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
else # use mono to build
mcs -out:$@ $^
endif # ARCH
clean::
-@rm -f $(TARGET)

744
samples/csharp/axssl.cs Normal file
View File

@ -0,0 +1,744 @@
/*
* Copyright(C) 2006
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* axssl.cs
*
* Demonstrate the use of the axTLS library in C# with a set of
* command-line parameters similar to openssl. In fact, openssl clients
* should be able to communicate with axTLS servers and visa-versa.
*
* This code has various bits enabled depending on the configuration. To enable
* the most interesting version, compile with the 'full mode' enabled.
*
* To see what options you have, run the following:
* > axssl.csharp.exe s_server -?
* > axssl.csharp.exe s_client -?
*
* The axtls shared library must be in the same directory or be found
* by the OS.
*/
using System;
using System.Net;
using System.Net.Sockets;
using axTLS;
public class axssl
{
/*
* Main()
*/
public static void Main(string[] args)
{
axssl runner = new axssl();
if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
{
runner.print_options(args.Length > 0 ? args[0] : "");
}
int build_mode = SSLUtil.BuildMode();
if (args[0] == "s_server")
{
runner.do_server(build_mode, args);
}
else
{
runner.do_client(build_mode, args);
}
}
/*
* do_server()
*/
private void do_server(int build_mode, string[] args)
{
int i = 1;
int port = 4433;
uint options = axtls.SSL_DISPLAY_CERTS;
bool quiet = false;
string password = null;
string private_key_file = null;
/* organise the cert/ca_cert lists */
int cert_size = SSLUtil.MaxCerts();
int ca_cert_size = SSLUtil.MaxCACerts();
string[] cert = new string[cert_size];
string[] ca_cert = new string[ca_cert_size];
int cert_index = 0;
int ca_cert_index = 0;
while (i < args.Length)
{
if (args[i] == "-accept")
{
if (i >= args.Length-1)
{
print_server_options(build_mode, args[i]);
}
port = Int32.Parse(args[++i]);
}
else if (args[i] == "-quiet")
{
quiet = true;
options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
}
else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
{
if (args[i] == "-cert")
{
if (i >= args.Length-1 || cert_index >= cert_size)
{
print_server_options(build_mode, args[i]);
}
cert[cert_index++] = args[++i];
}
else if (args[i] == "-key")
{
if (i >= args.Length-1)
{
print_server_options(build_mode, args[i]);
}
private_key_file = args[++i];
options |= axtls.SSL_NO_DEFAULT_KEY;
}
else if (args[i] == "-pass")
{
if (i >= args.Length-1)
{
print_server_options(build_mode, args[i]);
}
password = args[++i];
}
else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
{
if (args[i] == "-verify")
{
options |= axtls.SSL_CLIENT_AUTHENTICATION;
}
else if (args[i] == "-CAfile")
{
if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
{
print_server_options(build_mode, args[i]);
}
ca_cert[ca_cert_index++] = args[++i];
}
else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
{
if (args[i] == "-debug")
{
options |= axtls.SSL_DISPLAY_BYTES;
}
else if (args[i] == "-state")
{
options |= axtls.SSL_DISPLAY_STATES;
}
else if (args[i] == "-show-rsa")
{
options |= axtls.SSL_DISPLAY_RSA;
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
i++;
}
/* Create socket for incoming connections */
IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
TcpListener server_sock = new TcpListener(ep);
server_sock.Start();
/**********************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
**********************************************************************/
SSLServer ssl_ctx = new SSLServer(
options, axtls.SSL_DEFAULT_SVR_SESS);
if (ssl_ctx == null)
{
Console.Error.WriteLine("Error: Server context is invalid");
Environment.Exit(1);
}
if (private_key_file != null)
{
int obj_type = axtls.SSL_OBJ_RSA_KEY;
if (private_key_file.EndsWith(".p8"))
obj_type = axtls.SSL_OBJ_PKCS8;
else if (private_key_file.EndsWith(".p12"))
obj_type = axtls.SSL_OBJ_PKCS12;
if (ssl_ctx.ObjLoad(obj_type,
private_key_file, password) != axtls.SSL_OK)
{
Console.Error.WriteLine("Private key '" + private_key_file +
"' is undefined.");
Environment.Exit(1);
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT,
cert[i], null) != axtls.SSL_OK)
{
Console.WriteLine("Certificate '" + cert[i] +
"' is undefined.");
Environment.Exit(1);
}
}
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT,
ca_cert[i], null) != axtls.SSL_OK)
{
Console.WriteLine("Certificate '" + cert[i] +
"' is undefined.");
Environment.Exit(1);
}
}
byte[] buf = null;
int res;
for (;;)
{
if (!quiet)
{
Console.WriteLine("ACCEPT");
}
Socket client_sock = server_sock.AcceptSocket();
SSL ssl = ssl_ctx.Connect(client_sock);
/* do the actual SSL handshake */
while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
{
/* check when the connection has been established */
if (ssl.HandshakeStatus() == axtls.SSL_OK)
break;
/* could do something else here */
}
if (res == axtls.SSL_OK) /* connection established and ok */
{
if (!quiet)
{
display_session_id(ssl);
display_cipher(ssl);
}
/* now read (and display) whatever the client sends us */
for (;;)
{
/* keep reading until we get something interesting */
while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
{
/* could do something else here */
}
if (res < axtls.SSL_OK)
{
if (!quiet)
{
Console.WriteLine("CONNECTION CLOSED");
}
break;
}
/* convert to string */
char[] str = new char[res];
for (i = 0; i < res; i++)
{
str[i] = (char)buf[i];
}
Console.Write(str);
}
}
else if (!quiet)
{
SSLUtil.DisplayError(res);
}
/* client was disconnected or the handshake failed. */
ssl.Dispose();
client_sock.Close();
}
/* ssl_ctx.Dispose(); */
}
/*
* do_client()
*/
private void do_client(int build_mode, string[] args)
{
if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
{
print_client_options(build_mode, args[1]);
}
int i = 1, res;
int port = 4433;
bool quiet = false;
string password = null;
int reconnect = 0;
string private_key_file = null;
string hostname = "127.0.0.1";
/* organise the cert/ca_cert lists */
int cert_index = 0;
int ca_cert_index = 0;
int cert_size = SSLUtil.MaxCerts();
int ca_cert_size = SSLUtil.MaxCACerts();
string[] cert = new string[cert_size];
string[] ca_cert = new string[ca_cert_size];
uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
byte[] session_id = null;
while (i < args.Length)
{
if (args[i] == "-connect")
{
string host_port;
if (i >= args.Length-1)
{
print_client_options(build_mode, args[i]);
}
host_port = args[++i];
int index_colon;
if ((index_colon = host_port.IndexOf(':')) < 0)
print_client_options(build_mode, args[i]);
hostname = new string(host_port.ToCharArray(),
0, index_colon);
port = Int32.Parse(new String(host_port.ToCharArray(),
index_colon+1, host_port.Length-index_colon-1));
}
else if (args[i] == "-cert")
{
if (i >= args.Length-1 || cert_index >= cert_size)
{
print_client_options(build_mode, args[i]);
}
cert[cert_index++] = args[++i];
}
else if (args[i] == "-key")
{
if (i >= args.Length-1)
{
print_client_options(build_mode, args[i]);
}
private_key_file = args[++i];
options |= axtls.SSL_NO_DEFAULT_KEY;
}
else if (args[i] == "-CAfile")
{
if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
{
print_client_options(build_mode, args[i]);
}
ca_cert[ca_cert_index++] = args[++i];
}
else if (args[i] == "-verify")
{
options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
}
else if (args[i] == "-reconnect")
{
reconnect = 4;
}
else if (args[i] == "-quiet")
{
quiet = true;
options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
}
else if (args[i] == "-pass")
{
if (i >= args.Length-1)
{
print_client_options(build_mode, args[i]);
}
password = args[++i];
}
else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
{
if (args[i] == "-debug")
{
options |= axtls.SSL_DISPLAY_BYTES;
}
else if (args[i] == "-state")
{
options |= axtls.SSL_DISPLAY_STATES;
}
else if (args[i] == "-show-rsa")
{
options |= axtls.SSL_DISPLAY_RSA;
}
else
print_client_options(build_mode, args[i]);
}
else /* don't know what this is */
print_client_options(build_mode, args[i]);
i++;
}
// IPHostEntry hostInfo = Dns.Resolve(hostname);
IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
IPAddress[] addresses = hostInfo.AddressList;
IPEndPoint ep = new IPEndPoint(addresses[0], port);
Socket client_sock = new Socket(AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.Tcp);
client_sock.Connect(ep);
if (!client_sock.Connected)
{
Console.WriteLine("could not connect");
Environment.Exit(1);
}
if (!quiet)
{
Console.WriteLine("CONNECTED");
}
/**********************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
**********************************************************************/
SSLClient ssl_ctx = new SSLClient(options,
axtls.SSL_DEFAULT_CLNT_SESS);
if (ssl_ctx == null)
{
Console.Error.WriteLine("Error: Client context is invalid");
Environment.Exit(1);
}
if (private_key_file != null)
{
int obj_type = axtls.SSL_OBJ_RSA_KEY;
if (private_key_file.EndsWith(".p8"))
obj_type = axtls.SSL_OBJ_PKCS8;
else if (private_key_file.EndsWith(".p12"))
obj_type = axtls.SSL_OBJ_PKCS12;
if (ssl_ctx.ObjLoad(obj_type,
private_key_file, password) != axtls.SSL_OK)
{
Console.Error.WriteLine("Private key '" + private_key_file +
"' is undefined.");
Environment.Exit(1);
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT,
cert[i], null) != axtls.SSL_OK)
{
Console.WriteLine("Certificate '" + cert[i] +
"' is undefined.");
Environment.Exit(1);
}
}
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT,
ca_cert[i], null) != axtls.SSL_OK)
{
Console.WriteLine("Certificate '" + cert[i] +
"' is undefined.");
Environment.Exit(1);
}
}
SSL ssl = new SSL(new IntPtr(0)); /* keep compiler happy */
/* Try session resumption? */
if (reconnect > 0)
{
while (reconnect-- > 0)
{
ssl = ssl_ctx.Connect(client_sock, session_id);
if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
{
if (!quiet)
{
SSLUtil.DisplayError(res);
}
ssl.Dispose();
Environment.Exit(1);
}
display_session_id(ssl);
session_id = ssl.GetSessionId();
if (reconnect > 0)
{
ssl.Dispose();
client_sock.Close();
/* and reconnect */
client_sock = new Socket(AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.Tcp);
client_sock.Connect(ep);
}
}
}
else
{
ssl = ssl_ctx.Connect(client_sock, null);
}
/* check the return status */
if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
{
if (!quiet)
{
SSLUtil.DisplayError(res);
}
Environment.Exit(1);
}
if (!quiet)
{
string common_name =
ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
if (common_name != null)
{
Console.WriteLine("Common Name:\t\t" + common_name);
}
display_session_id(ssl);
display_cipher(ssl);
}
for (;;)
{
string user_input = Console.ReadLine();
if (user_input == null)
break;
byte[] buf = new byte[user_input.Length+2];
buf[buf.Length-2] = (byte)'\n'; /* add the carriage return */
buf[buf.Length-1] = 0; /* null terminate */
for (i = 0; i < buf.Length-2; i++)
{
buf[i] = (byte)user_input[i];
}
if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
{
if (!quiet)
{
SSLUtil.DisplayError(res);
}
break;
}
}
ssl_ctx.Dispose();
}
/**
* We've had some sort of command-line error. Print out the basic options.
*/
private void print_options(string option)
{
Console.WriteLine("axssl: Error: '" + option +
"' is an invalid command.");
Console.WriteLine("usage: axssl.cs.exe [s_server|s_client] [args ...]");
Environment.Exit(1);
}
/**
* We've had some sort of command-line error. Print out the server options.
*/
private void print_server_options(int build_mode, string option)
{
int cert_size = SSLUtil.MaxCerts();
int ca_cert_size = SSLUtil.MaxCACerts();
Console.WriteLine("unknown option " + option);
Console.WriteLine("usage: s_server [args ...]");
Console.WriteLine(" -accept arg\t- port to accept on (default " +
"is 4433)");
Console.WriteLine(" -quiet\t\t- No server output");
if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
{
Console.WriteLine(" -cert arg\t- certificate file to add (in " +
"addition to default) to chain -");
Console.WriteLine("\t\t Can repeat up to " + cert_size + " times");
Console.WriteLine(" -key arg\t- Private key file to use");
Console.WriteLine(" -pass\t\t- private key file pass phrase source");
}
if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
{
Console.WriteLine(" -verify\t- turn on peer certificate " +
"verification");
Console.WriteLine(" -CAfile arg\t- Certificate authority.");
Console.WriteLine("\t\t Can repeat up to " +
ca_cert_size + "times");
}
if (build_mode == axtls.SSL_BUILD_FULL_MODE)
{
Console.WriteLine(" -debug\t\t- Print more output");
Console.WriteLine(" -state\t\t- Show state messages");
Console.WriteLine(" -show-rsa\t- Show RSA state");
}
Environment.Exit(1);
}
/**
* We've had some sort of command-line error. Print out the client options.
*/
private void print_client_options(int build_mode, string option)
{
int cert_size = SSLUtil.MaxCerts();
int ca_cert_size = SSLUtil.MaxCACerts();
Console.WriteLine("unknown option " + option);
if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
{
Console.WriteLine("usage: s_client [args ...]");
Console.WriteLine(" -connect host:port - who to connect to " +
"(default is localhost:4433)");
Console.WriteLine(" -verify\t- turn on peer certificate " +
"verification");
Console.WriteLine(" -cert arg\t- certificate file to use");
Console.WriteLine("\t\t Can repeat up to %d times", cert_size);
Console.WriteLine(" -key arg\t- Private key file to use");
Console.WriteLine(" -CAfile arg\t- Certificate authority.");
Console.WriteLine("\t\t Can repeat up to " + ca_cert_size +
" times");
Console.WriteLine(" -quiet\t\t- No client output");
Console.WriteLine(" -pass\t\t- private key file pass " +
"phrase source");
Console.WriteLine(" -reconnect\t- Drop and re-make the " +
"connection with the same Session-ID");
if (build_mode == axtls.SSL_BUILD_FULL_MODE)
{
Console.WriteLine(" -debug\t\t- Print more output");
Console.WriteLine(" -state\t\t- Show state messages");
Console.WriteLine(" -show-rsa\t- Show RSA state");
}
}
else
{
Console.WriteLine("Change configuration to allow this feature");
}
Environment.Exit(1);
}
/**
* Display what cipher we are using
*/
private void display_cipher(SSL ssl)
{
Console.Write("CIPHER is ");
switch (ssl.GetCipherId())
{
case axtls.SSL_AES128_SHA:
Console.WriteLine("AES128-SHA");
break;
case axtls.SSL_AES256_SHA:
Console.WriteLine("AES256-SHA");
break;
case axtls.SSL_RC4_128_SHA:
Console.WriteLine("RC4-SHA");
break;
case axtls.SSL_RC4_128_MD5:
Console.WriteLine("RC4-MD5");
break;
default:
Console.WriteLine("Unknown - " + ssl.GetCipherId());
break;
}
}
/**
* Display what session id we have.
*/
private void display_session_id(SSL ssl)
{
byte[] session_id = ssl.GetSessionId();
Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
foreach (byte b in session_id)
{
Console.Write("{0:x02}", b);
}
Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
}
}

39
samples/java/Makefile Normal file
View File

@ -0,0 +1,39 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
include ../../config/makefile.java.conf
all : sample
JAR=../../axtls.jar
CLASSES=../../bindings/java/classes
sample : $(JAR)
$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
jar mcvf manifest.mf $@ -C $(CLASSES) .
JAVA_FILES= axssl.java
JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
$(CLASSES)/%.class : %.java
javac -d $(CLASSES) -classpath $(CLASSES) $^
clean::
-@rm -f $(TARGET)

760
samples/java/axssl.java Normal file
View File

@ -0,0 +1,760 @@
/*
* Copyright(C) 2006
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* axssl.java
*
* Demonstrate the use of the axTLS library in Java with a set of
* command-line parameters similar to openssl. In fact, openssl clients
* should be able to communicate with axTLS servers and visa-versa. *
* This code has various bits enabled depending on the configuration. To enable
* the most interesting version, compile with the 'full mode' enabled.
*
* To see what options you have, run the following:
* > java -jar axtls.jar s_server -?
* > java -jar axtls.jar s_client -?
*
* The axtls/axtlsj shared libraries must be in the same directory or be found
* by the OS.
*/
import java.io.*;
import java.util.*;
import java.net.*;
import axTLSj.*;
public class axssl
{
/*
* Main()
*/
public static void main(String[] args)
{
axssl runner = new axssl();
try
{
if (args.length < 1 ||
(!args[0].equals("s_server") &&
!args[0].equals("s_client")))
{
runner.print_options(args.length > 0 ? args[0] : "");
}
int build_mode = SSLUtil.buildMode();
if (args[0].equals("s_server"))
{
runner.do_server(build_mode, args);
}
else
{
runner.do_client(build_mode, args);
}
}
catch (Exception e)
{
System.out.println(e);
}
}
/*
* do_server()
*/
private void do_server(int build_mode, String[] args)
throws Exception
{
int i = 1;
int port = 4433;
int options = axtlsj.SSL_DISPLAY_CERTS;
boolean quiet = false;
String password = null;
String private_key_file = null;
/* organise the cert/ca_cert lists */
int cert_size = SSLUtil.maxCerts();
int ca_cert_size = SSLUtil.maxCACerts();
String[] cert = new String[cert_size];
String[] ca_cert = new String[ca_cert_size];
int cert_index = 0;
int ca_cert_index = 0;
while (i < args.length)
{
if (args[i].equals("-accept"))
{
if (i >= args.length-1)
{
print_server_options(build_mode, args[i]);
}
port = Integer.parseInt(args[++i]);
}
else if (args[i].equals("-quiet"))
{
quiet = true;
options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
}
else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
{
if (args[i].equals("-cert"))
{
if (i >= args.length-1 || cert_index >= cert_size)
{
print_server_options(build_mode, args[i]);
}
cert[cert_index++] = args[++i];
}
else if (args[i].equals("-key"))
{
if (i >= args.length-1)
{
print_server_options(build_mode, args[i]);
}
private_key_file = args[++i];
options |= axtlsj.SSL_NO_DEFAULT_KEY;
}
else if (args[i].equals("-pass"))
{
if (i >= args.length-1)
{
print_server_options(build_mode, args[i]);
}
password = args[++i];
}
else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
{
if (args[i].equals("-verify"))
{
options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
}
else if (args[i].equals("-CAfile"))
{
if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
{
print_server_options(build_mode, args[i]);
}
ca_cert[ca_cert_index++] = args[++i];
}
else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
{
if (args[i].equals("-debug"))
{
options |= axtlsj.SSL_DISPLAY_BYTES;
}
else if (args[i].equals("-state"))
{
options |= axtlsj.SSL_DISPLAY_STATES;
}
else if (args[i].equals("-show-rsa"))
{
options |= axtlsj.SSL_DISPLAY_RSA;
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
}
else
print_server_options(build_mode, args[i]);
i++;
}
/* Create socket for incoming connections */
ServerSocket server_sock = new ServerSocket(port);
/**********************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
**********************************************************************/
SSLServer ssl_ctx = new SSLServer(options,
axtlsj.SSL_DEFAULT_SVR_SESS);
if (ssl_ctx == null)
{
throw new Exception("Error: Server context is invalid");
}
if (private_key_file != null)
{
int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
if (private_key_file.endsWith(".p8"))
obj_type = axtlsj.SSL_OBJ_PKCS8;
else if (private_key_file.endsWith(".p12"))
obj_type = axtlsj.SSL_OBJ_PKCS12;
if (ssl_ctx.objLoad(obj_type,
private_key_file, password) != axtlsj.SSL_OK)
{
throw new Exception("Error: Private key '" + private_key_file +
"' is undefined.");
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
cert[i], null) != axtlsj.SSL_OK)
{
throw new Exception("Certificate '" + cert[i] +
"' is undefined.");
}
}
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
ca_cert[i], null) != axtlsj.SSL_OK)
{
throw new Exception("Certificate '" + ca_cert[i] +
"' is undefined.");
}
}
int res;
SSLReadHolder rh = new SSLReadHolder();
for (;;)
{
if (!quiet)
{
System.out.println("ACCEPT");
}
Socket client_sock = server_sock.accept();
SSL ssl = ssl_ctx.connect(client_sock);
while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
{
/* check when the connection has been established */
if (ssl.handshakeStatus() == axtlsj.SSL_OK)
break;
/* could do something else here */
}
if (res == axtlsj.SSL_OK) /* connection established and ok */
{
if (!quiet)
{
display_session_id(ssl);
display_cipher(ssl);
}
/* now read (and display) whatever the client sends us */
for (;;)
{
/* keep reading until we get something interesting */
while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
{
/* could do something else here */
}
if (res < axtlsj.SSL_OK)
{
if (!quiet)
{
System.out.println("CONNECTION CLOSED");
}
break;
}
/* convert to String */
byte[] buf = rh.getData();
char[] str = new char[res];
for (i = 0; i < res; i++)
{
str[i] = (char)buf[i];
}
System.out.print(str);
}
}
else if (!quiet)
{
SSLUtil.displayError(res);
}
/* client was disconnected or the handshake failed. */
ssl.dispose();
client_sock.close();
}
/* ssl_ctx.dispose(); */
}
/*
* do_client()
*/
private void do_client(int build_mode, String[] args)
throws Exception
{
if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
{
print_client_options(build_mode, args[1]);
}
int i = 1, res;
int port = 4433;
boolean quiet = false;
String password = null;
int reconnect = 0;
String private_key_file = null;
String hostname = "127.0.0.1";
/* organise the cert/ca_cert lists */
int cert_index = 0;
int ca_cert_index = 0;
int cert_size = SSLUtil.maxCerts();
int ca_cert_size = SSLUtil.maxCACerts();
String[] cert = new String[cert_size];
String[] ca_cert = new String[ca_cert_size];
int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
byte[] session_id = null;
while (i < args.length)
{
if (args[i].equals("-connect"))
{
String host_port;
if (i >= args.length-1)
{
print_client_options(build_mode, args[i]);
}
host_port = args[++i];
int index_colon;
if ((index_colon = host_port.indexOf(':')) < 0)
print_client_options(build_mode, args[i]);
hostname = new String(host_port.toCharArray(),
0, index_colon);
port = Integer.parseInt(new String(host_port.toCharArray(),
index_colon+1, host_port.length()-index_colon-1));
}
else if (args[i].equals("-cert"))
{
if (i >= args.length-1 || cert_index >= cert_size)
{
print_client_options(build_mode, args[i]);
}
cert[cert_index++] = args[++i];
}
else if (args[i].equals("-CAfile"))
{
if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
{
print_client_options(build_mode, args[i]);
}
ca_cert[ca_cert_index++] = args[++i];
}
else if (args[i].equals("-key"))
{
if (i >= args.length-1)
{
print_client_options(build_mode, args[i]);
}
private_key_file = args[++i];
options |= axtlsj.SSL_NO_DEFAULT_KEY;
}
else if (args[i].equals("-verify"))
{
options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
}
else if (args[i].equals("-reconnect"))
{
reconnect = 4;
}
else if (args[i].equals("-quiet"))
{
quiet = true;
options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
}
else if (args[i].equals("-pass"))
{
if (i >= args.length-1)
{
print_server_options(build_mode, args[i]);
}
password = args[++i];
}
else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
{
if (args[i].equals("-debug"))
{
options |= axtlsj.SSL_DISPLAY_BYTES;
}
else if (args[i].equals("-state"))
{
options |= axtlsj.SSL_DISPLAY_STATES;
}
else if (args[i].equals("-show-rsa"))
{
options |= axtlsj.SSL_DISPLAY_RSA;
}
else
print_client_options(build_mode, args[i]);
}
else /* don't know what this is */
print_client_options(build_mode, args[i]);
i++;
}
Socket client_sock = new Socket(hostname, port);
if (!client_sock.isConnected())
{
System.out.println("could not connect");
throw new Exception();
}
if (!quiet)
{
System.out.println("CONNECTED");
}
/**********************************************************************
* This is where the interesting stuff happens. Up until now we've
* just been setting up sockets etc. Now we do the SSL handshake.
**********************************************************************/
SSLClient ssl_ctx = new SSLClient(options,
axtlsj.SSL_DEFAULT_CLNT_SESS);
if (ssl_ctx == null)
{
throw new Exception("Error: Client context is invalid");
}
if (private_key_file != null)
{
int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
if (private_key_file.endsWith(".p8"))
obj_type = axtlsj.SSL_OBJ_PKCS8;
else if (private_key_file.endsWith(".p12"))
obj_type = axtlsj.SSL_OBJ_PKCS12;
if (ssl_ctx.objLoad(obj_type,
private_key_file, password) != axtlsj.SSL_OK)
{
throw new Exception("Error: Private key '" + private_key_file +
"' is undefined.");
}
}
for (i = 0; i < cert_index; i++)
{
if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
cert[i], null) != axtlsj.SSL_OK)
{
throw new Exception("Certificate '" + cert[i] +
"' is undefined.");
}
}
for (i = 0; i < ca_cert_index; i++)
{
if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
ca_cert[i], null) != axtlsj.SSL_OK)
{
throw new Exception("Certificate '" + ca_cert[i] +
"' is undefined.");
}
}
SSL ssl = null;
/* Try session resumption? */
if (reconnect > 0)
{
while (reconnect-- > 0)
{
ssl = ssl_ctx.connect(client_sock, session_id);
if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
{
if (!quiet)
{
SSLUtil.displayError(res);
}
ssl.dispose();
throw new Exception();
}
display_session_id(ssl);
session_id = ssl.getSessionId();
if (reconnect > 0)
{
ssl.dispose();
client_sock.close();
/* and reconnect */
client_sock = new Socket(hostname, port);
}
}
}
else
{
ssl = ssl_ctx.connect(client_sock, null);
}
/* check the return status */
if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
{
if (!quiet)
{
SSLUtil.displayError(res);
}
throw new Exception();
}
if (!quiet)
{
String common_name =
ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
if (common_name != null)
{
System.out.println("Common Name:\t\t" + common_name);
}
display_session_id(ssl);
display_cipher(ssl);
}
BufferedReader in = new BufferedReader(
new InputStreamReader(System.in));
for (;;)
{
String user_input = in.readLine();
if (user_input == null)
break;
byte[] buf = new byte[user_input.length()+2];
buf[buf.length-2] = (byte)'\n'; /* add the carriage return */
buf[buf.length-1] = 0; /* null terminate */
for (i = 0; i < buf.length-2; i++)
{
buf[i] = (byte)user_input.charAt(i);
}
if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
{
if (!quiet)
{
SSLUtil.displayError(res);
}
break;
}
}
ssl_ctx.dispose();
}
/**
* We've had some sort of command-line error. Print out the basic options.
*/
private void print_options(String option)
{
System.out.println("axssl: Error: '" + option +
"' is an invalid command.");
System.out.println("usage: axtlsj.jar [s_server|s_client] " +
"[args ...]");
System.exit(1);
}
/**
* We've had some sort of command-line error. Print out the server options.
*/
private void print_server_options(int build_mode, String option)
{
int cert_size = SSLUtil.maxCerts();
int ca_cert_size = SSLUtil.maxCACerts();
System.out.println("unknown option " + option);
System.out.println("usage: s_server [args ...]");
System.out.println(" -accept arg\t- port to accept on (default " +
"is 4433)");
System.out.println(" -quiet\t\t- No server output");
if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
{
System.out.println(" -cert arg\t- certificate file to add (in " +
"addition to default) to chain -");
System.out.println("\t\t Can repeat up to " + cert_size + " times");
System.out.println(" -key arg\t- Private key file to use");
System.out.println(" -pass\t\t- private key file pass phrase source");
}
if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
{
System.out.println(" -verify\t- turn on peer certificate " +
"verification");
System.out.println(" -CAfile arg\t- Certificate authority. ");
System.out.println("\t\t Can repeat up to " +
ca_cert_size + " times");
}
if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
{
System.out.println(" -debug\t\t- Print more output");
System.out.println(" -state\t\t- Show state messages");
System.out.println(" -show-rsa\t- Show RSA state");
}
System.exit(1);
}
/**
* We've had some sort of command-line error. Print out the client options.
*/
private void print_client_options(int build_mode, String option)
{
int cert_size = SSLUtil.maxCerts();
int ca_cert_size = SSLUtil.maxCACerts();
System.out.println("unknown option " + option);
if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
{
System.out.println("usage: s_client [args ...]");
System.out.println(" -connect host:port - who to connect to " +
"(default is localhost:4433)");
System.out.println(" -verify\t- turn on peer certificate " +
"verification");
System.out.println(" -cert arg\t- certificate file to use");
System.out.println(" -key arg\t- Private key file to use");
System.out.println("\t\t Can repeat up to " + cert_size +
" times");
System.out.println(" -CAfile arg\t- Certificate authority.");
System.out.println("\t\t Can repeat up to " + ca_cert_size +
" times");
System.out.println(" -quiet\t\t- No client output");
System.out.println(" -pass\t\t- private key file pass " +
"phrase source");
System.out.println(" -reconnect\t- Drop and re-make the " +
"connection with the same Session-ID");
if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
{
System.out.println(" -debug\t\t- Print more output");
System.out.println(" -state\t\t- Show state messages");
System.out.println(" -show-rsa\t- Show RSA state");
}
}
else
{
System.out.println("Change configuration to allow this feature");
}
System.exit(1);
}
/**
* Display what cipher we are using
*/
private void display_cipher(SSL ssl)
{
System.out.print("CIPHER is ");
byte ciph_id = ssl.getCipherId();
if (ciph_id == axtlsj.SSL_AES128_SHA)
{
System.out.println("AES128-SHA");
}
else if (ciph_id == axtlsj.SSL_AES256_SHA)
{
System.out.println("AES256-SHA");
}
else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
{
System.out.println("RC4-SHA");
}
else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
{
System.out.println("RC4-MD5");
}
else
{
System.out.println("Unknown - " + ssl.getCipherId());
}
}
public char toHexChar(int i)
{
if ((0 <= i) && (i <= 9 ))
return (char)('0' + i);
else
return (char)('a' + (i-10));
}
public void bytesToHex(byte[] data)
{
StringBuffer buf = new StringBuffer();
for (int i = 0; i < data.length; i++ )
{
buf.append(toHexChar((data[i]>>>4)&0x0F));
buf.append(toHexChar(data[i]&0x0F));
}
System.out.println(buf);
}
/**
* Display what session id we have.
*/
private void display_session_id(SSL ssl)
{
byte[] session_id = ssl.getSessionId();
int i;
System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
bytesToHex(session_id);
System.out.println("-----END SSL SESSION PARAMETERS-----");
}
}

1
samples/java/manifest.mf Normal file
View File

@ -0,0 +1 @@
Main-Class: axssl

31
samples/perl/Makefile Normal file
View File

@ -0,0 +1,31 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
all: samples
TARGET=../../axssl.pl
samples: $(TARGET)
$(TARGET): axssl.pl
@cd ../../; ln -sf samples/perl/axssl.pl axssl.pl
clean::
-@rm -f $(TARGET)

633
samples/perl/axssl.pl Executable file
View File

@ -0,0 +1,633 @@
#!/usr/bin/perl -w
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
# axssl.pl
#
# Demonstrate the use of the axTLS library in Perl with a set of
# command-line parameters similar to openssl. In fact, openssl clients
# should be able to communicate with axTLS servers and visa-versa.
#
# This code has various bits enabled depending on the configuration. To enable
# the most interesting version, compile with the 'full mode' enabled.
#
# To see what options you have, run the following:
# > [perl] axssl s_server -?
# > [perl] axssl s_client -?
#
# The axtls/axtlsp shared libraries must be in the same directory or be found
# by the OS. axtlsp.pm must be in this directory or be in @INC.
#
# Under Win32, ActivePerl was used (see
# http://www.activestate.com/Products/ActivePerl/?mp=1)
#
use axtlsp;
use IO::Socket;
# To get access to Win32 file descriptor stuff
my $is_win32 = 0;
if ($^O eq "MSWin32")
{
eval("use Win32API::File 0.08 qw( :ALL )");
$is_win32 = 1;
}
use strict;
#
# Win32 has some problems with socket handles
#
sub get_native_sock
{
my ($sock) = @_;
return $is_win32 ? FdGetOsFHandle($sock) : $sock;
}
#
# Main entry point. Doesn't do much except works out whether we are a client
# or a server.
#
print_options($#ARGV > -1 ? $ARGV[0] : "")
if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
# Cygwin/Win32 issue - flush our output continuously
select STDOUT;
local $|=1;
my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
#
# Implement the SSL server logic.
#
sub do_server
{
my ($build_mode) = @_;
my $i = 1;
my $port = 4433;
my $options = $axtlsp::SSL_DISPLAY_CERTS;
my $quiet = 0;
my $password = undef;
my $private_key_file = undef;
my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
my $ca_cert_size = axtlsp::ssl_get_config(
$axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
my @cert;
my @ca_cert;
while ($i <= $#ARGV)
{
if ($ARGV[$i] eq "-accept")
{
print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
$port = $ARGV[++$i];
}
elsif ($ARGV[$i] eq "-quiet")
{
$quiet = 1;
$options &= ~$axtlsp::SSL_DISPLAY_CERTS;
}
elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
{
if ($ARGV[$i] eq "-cert")
{
print_server_options($build_mode, $ARGV[$i])
if $i >= $#ARGV || $#cert >= $cert_size-1;
push @cert, $ARGV[++$i];
}
elsif ($ARGV[$i] eq "-key")
{
print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
$private_key_file = $ARGV[++$i];
$options |= $axtlsp::SSL_NO_DEFAULT_KEY;
}
elsif ($ARGV[$i] eq "-pass")
{
print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
$password = $ARGV[++$i];
}
elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
{
if ($ARGV[$i] eq "-verify")
{
$options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
}
elsif ($ARGV[$i] eq "-CAfile")
{
print_server_options($build_mode, $ARGV[$i])
if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
push @ca_cert, $ARGV[++$i];
}
elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
{
if ($ARGV[$i] eq "-debug")
{
$options |= $axtlsp::SSL_DISPLAY_BYTES;
}
elsif ($ARGV[$i] eq "-state")
{
$options |= $axtlsp::SSL_DISPLAY_STATES;
}
elsif ($ARGV[$i] eq "-show-rsa")
{
$options |= $axtlsp::SSL_DISPLAY_RSA;
}
else
{
print_server_options($build_mode, $ARGV[$i]);
}
}
else
{
print_server_options($build_mode, $ARGV[$i]);
}
}
else
{
print_server_options($build_mode, $ARGV[$i]);
}
}
else
{
print_server_options($build_mode, $ARGV[$i]);
}
$i++;
}
# Create socket for incoming connections
my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
LocalPort => $port,
Listen => 1,
Reuse => 1) or die $!;
###########################################################################
# This is where the interesting stuff happens. Up until now we've
# just been setting up sockets etc. Now we do the SSL handshake.
###########################################################################
my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
die "Error: Server context is invalid" if not defined $ssl_ctx;
if (defined $private_key_file)
{
my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
$obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
$obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
die "Private key '$private_key_file' is undefined." if
axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
$private_key_file, $password);
}
foreach (@cert)
{
die "Certificate '$_' is undefined."
if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
$_, undef) != $axtlsp::SSL_OK;
}
foreach (@ca_cert)
{
die "Certificate '$_' is undefined."
if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
$_, undef) != $axtlsp::SSL_OK;
}
for (;;)
{
printf("ACCEPT\n") if not $quiet;
my $client_sock = $server_sock->accept;
my $native_sock = get_native_sock($client_sock->fileno);
# This doesn't work in Win32 - need to get file descriptor from socket.
my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
# do the actual SSL handshake
my $res;
my $buf;
while (1)
{
($res, $buf) = axtlsp::ssl_read($ssl, undef);
last if $res != $axtlsp::SSL_OK;
# check when the connection has been established
last if axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK;
# could do something else here
}
if ($res == $axtlsp::SSL_OK) # connection established and ok
{
if (!$quiet)
{
display_session_id($ssl);
display_cipher($ssl);
}
# now read (and display) whatever the client sends us
for (;;)
{
# keep reading until we get something interesting
while (1)
{
($res, $buf) = axtlsp::ssl_read($ssl, undef);
last if $res != $axtlsp::SSL_OK;
# could do something else here
}
if ($res < $axtlsp::SSL_OK)
{
printf("CONNECTION CLOSED\n") if not $quiet;
last;
}
printf($$buf);
}
}
elsif (!$quiet)
{
axtlsp::ssl_display_error($res);
}
# client was disconnected or the handshake failed.
axtlsp::ssl_free($ssl);
$client_sock->close;
}
axtlsp::ssl_ctx_free($ssl_ctx);
}
#
# Implement the SSL client logic.
#
sub do_client
{
my ($build_mode) = @_;
my $i = 1;
my $port = 4433;
my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
my $private_key_file = undef;
my $reconnect = 0;
my $quiet = 0;
my $password = undef;
my @session_id;
my $host = "127.0.0.1";
my @cert;
my @ca_cert;
my $cert_size = axtlsp::ssl_get_config(
$axtlsp::SSL_MAX_CERT_CFG_OFFSET);
my $ca_cert_size = axtlsp::ssl_get_config(
$axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
while ($i <= $#ARGV)
{
if ($ARGV[$i] eq "-connect")
{
print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
($host, $port) = split(':', $ARGV[++$i]);
}
elsif ($ARGV[$i] eq "-cert")
{
print_client_options($build_mode, $ARGV[$i])
if $i >= $#ARGV || $#cert >= $cert_size-1;
push @cert, $ARGV[++$i];
}
elsif ($ARGV[$i] eq "-key")
{
print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
$private_key_file = $ARGV[++$i];
$options |= $axtlsp::SSL_NO_DEFAULT_KEY;
}
elsif ($ARGV[$i] eq "-CAfile")
{
print_client_options($build_mode, $ARGV[$i])
if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
push @ca_cert, $ARGV[++$i];
}
elsif ($ARGV[$i] eq "-verify")
{
$options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
}
elsif ($ARGV[$i] eq "-reconnect")
{
$reconnect = 4;
}
elsif ($ARGV[$i] eq "-quiet")
{
$quiet = 1;
$options &= ~$axtlsp::SSL_DISPLAY_CERTS;
}
elsif ($ARGV[$i] eq "-pass")
{
print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
$password = $ARGV[++$i];
}
elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
{
if ($ARGV[$i] eq "-debug")
{
$options |= $axtlsp::SSL_DISPLAY_BYTES;
}
elsif ($ARGV[$i] eq "-state")
{
$options |= $axtlsp::SSL_DISPLAY_STATES;
}
elsif ($ARGV[$i] eq "-show-rsa")
{
$options |= $axtlsp::SSL_DISPLAY_RSA;
}
else # don't know what this is
{
print_client_options($build_mode, $ARGV[$i]);
}
}
else # don't know what this is
{
print_client_options($build_mode, $ARGV[$i]);
}
$i++;
}
my $client_sock = new IO::Socket::INET (
PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
|| die ("no socket: $!");
my $ssl;
my $res;
my $native_sock = get_native_sock($client_sock->fileno);
printf("CONNECTED\n") if not $quiet;
###########################################################################
# This is where the interesting stuff happens. Up until now we've
# just been setting up sockets etc. Now we do the SSL handshake.
###########################################################################
my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
die "Error: Client context is invalid" if not defined $ssl_ctx;
if (defined $private_key_file)
{
my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
$obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
$obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
die "Private key '$private_key_file' is undefined." if
axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
$private_key_file, $password);
}
foreach (@cert)
{
die "Certificate '$_' is undefined."
if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
$_, undef) != $axtlsp::SSL_OK;
}
foreach (@ca_cert)
{
die "Certificate '$_' is undefined."
if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
$_, undef) != $axtlsp::SSL_OK;
}
# Try session resumption?
if ($reconnect)
{
my $session_id = undef;
while ($reconnect--)
{
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
$res = axtlsp::ssl_handshake_status($ssl);
if ($res != $axtlsp::SSL_OK)
{
if (!$quiet)
{
axtlsp::ssl_display_error($res);
}
axtlsp::ssl_free($ssl);
exit 1;
}
display_session_id($ssl);
$session_id = axtlsp::ssl_get_session_id($ssl);
if ($reconnect)
{
axtlsp::ssl_free($ssl);
$client_sock->close;
$client_sock = new IO::Socket::INET (
PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
|| die ("no socket: $!");
}
}
}
else
{
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
}
# check the return status
$res = axtlsp::ssl_handshake_status($ssl);
if ($res != $axtlsp::SSL_OK)
{
if (!$quiet)
{
axtlsp::ssl_display_error($res);
}
exit 1;
}
if (!$quiet)
{
my $common_name = axtlsp::ssl_get_cert_dn($ssl,
$axtlsp::SSL_X509_CERT_COMMON_NAME);
printf("Common Name:\t\t%s\n", $common_name) if defined $common_name;
display_session_id($ssl);
display_cipher($ssl);
}
while (<STDIN>)
{
my $cstring = pack("a*x", $_); # add null terminator
$res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
if ($res < $axtlsp::SSL_OK)
{
axtlsp::ssl_display_error($res) if not $quiet;
last;
}
}
axtlsp::ssl_ctx_free($ssl_ctx);
$client_sock->close;
}
#
# We've had some sort of command-line error. Print out the basic options.
#
sub print_options
{
my ($option) = @_;
printf("axssl: Error: '%s' is an invalid command.\n", $option);
printf("usage: axssl [s_server|s_client] [args ...]\n");
exit 1;
}
#
# We've had some sort of command-line error. Print out the server options.
#
sub print_server_options
{
my ($build_mode, $option) = @_;
my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
my $ca_cert_size = axtlsp::ssl_get_config(
$axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
printf("unknown option %s\n", $option);
printf("usage: s_server [args ...]\n");
printf(" -accept arg\t- port to accept on (default is 4433)\n");
printf(" -quiet\t\t- No server output\n");
if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
{
printf(" -cert arg\t- certificate file to add (in addition to default)".
" to chain -\n".
"\t\t default DER format. Can repeat up to %d times\n", $cert_size);
printf(" -key arg\t- Private key file to use - default DER format\n");
printf(" -pass\t\t- private key file pass phrase source\n");
}
if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
{
printf(" -verify\t- turn on peer certificate verification\n");
printf(" -CAfile arg\t- Certificate authority - default DER format\n");
printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
}
if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
{
printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n");
printf(" -show-rsa\t- Show RSA state\n");
}
exit 1;
}
#
# We've had some sort of command-line error. Print out the client options.
#
sub print_client_options
{
my ($build_mode, $option) = @_;
my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
my $ca_cert_size = axtlsp::ssl_get_config(
$axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
printf("unknown option %s\n", $option);
if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
{
printf("usage: s_client [args ...]\n");
printf(" -connect host:port - who to connect to (default ".
"is localhost:4433)\n");
printf(" -verify\t- turn on peer certificate verification\n");
printf(" -cert arg\t- certificate file to use - default DER format\n");
printf(" -key arg\t- Private key file to use - default DER format\n");
printf("\t\t Can repeat up to %d times\n", $cert_size);
printf(" -CAfile arg\t- Certificate authority - default DER format\n");
printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
printf(" -quiet\t\t- No client output\n");
printf(" -pass\t\t- private key file pass phrase source\n");
printf(" -reconnect\t- Drop and re-make the connection ".
"with the same Session-ID\n");
if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
{
printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n");
printf(" -show-rsa\t- Show RSA state\n");
}
}
else
{
printf("Change configuration to allow this feature\n");
}
exit 1;
}
#
# Display what cipher we are using
#
sub display_cipher
{
my ($ssl) = @_;
printf("CIPHER is ");
my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
if ($cipher_id == $axtlsp::SSL_AES128_SHA)
{
printf("AES128-SHA");
}
elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
{
printf("AES256-SHA");
}
elsif ($axtlsp::SSL_RC4_128_SHA)
{
printf("RC4-SHA");
}
elsif ($axtlsp::SSL_RC4_128_MD5)
{
printf("RC4-MD5");
}
else
{
printf("Unknown - %d", $cipher_id);
}
printf("\n");
}
#
# Display what session id we have.
#
sub display_session_id
{
my ($ssl) = @_;
my $session_id = axtlsp::ssl_get_session_id($ssl);
printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
printf(unpack("H*", $$session_id));
printf("\n-----END SSL SESSION PARAMETERS-----\n");
}

36
samples/vbnet/Makefile Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright(C) 2006
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
include ../../config/makefile.dotnet.conf
# only build on Win32 platforms
ifdef GO_DOT_NET
all : sample
TARGET=../../axssl.vbnet.exe
sample : $(TARGET)
$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
endif # ARCH
clean::
-@rm -f $(TARGET)

682
samples/vbnet/axssl.vb Normal file
View File

@ -0,0 +1,682 @@
'
' Copyright(C) 2006
'
' This program is free software you can redistribute it and/or modify
' it under the terms of the GNU General Public License as published by
' the Free Software Foundation either version 2.1 of the License, or
' (at your option) any later version.
'
' This program is distributed in the hope that it will be useful,
' but WITHOUT ANY WARRANTY without even the implied warranty of
' MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
' GNU Lesser General Public License for more details.
'
' You should have received a copy of the GNU General Public License
' along with this program if not, write to the Free Software
' Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
'
'
' @file axssl.vb
'
' Demonstrate the use of the axTLS library in VB.NET with a set of
' command-line parameters similar to openssl. In fact, openssl clients
' should be able to communicate with axTLS servers and visa-versa.
'
' This code has various bits enabled depending on the configuration. To enable
' the most interesting version, compile with the 'full mode' enabled.
'
' To see what options you have, run the following:
' > axssl.vbnet.exe s_server -?
' > axssl.vbnet.exe s_client -?
'
' The axtls shared library must be in the same directory or be found
' by the OS.
'
Imports System
Imports System.Net
Imports System.Net.Sockets
Imports Microsoft.VisualBasic
Imports axTLSvb
Public Class axssl
'
' do_server()
'
Public Sub do_server(ByVal build_mode As Integer, _
ByVal args() As String)
Dim i As Integer = 1
Dim port As Integer = 4433
Dim options As Integer = axtls.SSL_DISPLAY_CERTS
Dim quiet As Boolean = False
Dim password As String = Nothing
Dim private_key_file As String = Nothing
' organise the cert/ca_cert lists
Dim cert_size As Integer = SSLUtil.MaxCerts()
Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
Dim cert(cert_size) As String
Dim ca_cert(ca_cert_size) As String
Dim cert_index As Integer = 0
Dim ca_cert_index As Integer = 0
While i < args.Length
If args(i) = "-accept" Then
If i >= args.Length-1
print_server_options(build_mode, args(i))
End If
i += 1
port = Int32.Parse(args(i))
ElseIf args(i) = "-quiet"
quiet = True
options = options And Not axtls.SSL_DISPLAY_CERTS
ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
If args(i) = "-cert"
If i >= args.Length-1 Or cert_index >= cert_size
print_server_options(build_mode, args(i))
End If
i += 1
cert(cert_index) = args(i)
cert_index += 1
ElseIf args(i) = "-key"
If i >= args.Length-1
print_server_options(build_mode, args(i))
End If
i += 1
private_key_file = args(i)
options = options Or axtls.SSL_NO_DEFAULT_KEY
ElseIf args(i) = "-pass"
If i >= args.Length-1
print_server_options(build_mode, args(i))
End If
i += 1
password = args(i)
ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
If args(i) = "-verify" Then
options = options Or axtls.SSL_CLIENT_AUTHENTICATION
ElseIf args(i) = "-CAfile"
If i >= args.Length-1 Or ca_cert_index >= ca_cert_size Then
print_server_options(build_mode, args(i))
End If
i += 1
ca_cert(ca_cert_index) = args(i)
ca_cert_index += 1
ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
If args(i) = "-debug" Then
options = options Or axtls.SSL_DISPLAY_BYTES
ElseIf args(i) = "-state"
options = options Or axtls.SSL_DISPLAY_STATES
ElseIf args(i) = "-show-rsa"
options = options Or axtls.SSL_DISPLAY_RSA
Else
print_server_options(build_mode, args(i))
End If
Else
print_server_options(build_mode, args(i))
End If
Else
print_server_options(build_mode, args(i))
End If
End If
i += 1
End While
' Create socket for incoming connections
Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
Dim server_sock As TcpListener = New TcpListener(ep)
server_sock.Start()
'*********************************************************************
' This is where the interesting stuff happens. Up until now we've
' just been setting up sockets etc. Now we do the SSL handshake.
'*********************************************************************/
Dim ssl_ctx As SSLServer = New SSLServer(options, _
axtls.SSL_DEFAULT_SVR_SESS)
If ssl_ctx Is Nothing Then
Console.Error.WriteLine("Error: Server context is invalid")
Environment.Exit(1)
End If
If private_key_file <> Nothing Then
Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
If private_key_file.EndsWith(".p8") Then
obj_type = axtls.SSL_OBJ_PKCS8
Else If (private_key_file.EndsWith(".p12"))
obj_type = axtls.SSL_OBJ_PKCS12
End If
If ssl_ctx.ObjLoad(obj_type, private_key_file, _
password) <> axtls.SSL_OK Then
Console.Error.WriteLine("Error: Private key '" & _
private_key_file & "' is undefined.")
Environment.Exit(1)
End If
End If
For i = 0 To cert_index-1
If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
cert(i), Nothing) <> axtls.SSL_OK Then
Console.WriteLine("Certificate '" & cert(i) & _
"' is undefined.")
Environment.Exit(1)
End If
Next
For i = 0 To ca_cert_index-1
If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
ca_cert(i), Nothing) <> axtls.SSL_OK Then
Console.WriteLine("Certificate '" & ca_cert(i) & _
"' is undefined.")
Environment.Exit(1)
End If
Next
Dim buf As Byte() = Nothing
Dim res As Integer
Dim ssl As SSL
While 1
If Not quiet Then
Console.WriteLine("ACCEPT")
End If
Dim client_sock As Socket = server_sock.AcceptSocket()
ssl = ssl_ctx.Connect(client_sock)
' do the actual SSL handshake
While 1
res = ssl_ctx.Read(ssl, buf)
If res <> axtls.SSL_OK Then
Exit While
End If
' check when the connection has been established
If ssl.HandshakeStatus() = axtls.SSL_OK
Exit While
End If
' could do something else here
End While
If res = axtls.SSL_OK Then ' connection established and ok
If Not quiet
display_session_id(ssl)
display_cipher(ssl)
End If
' now read (and display) whatever the client sends us
While 1
' keep reading until we get something interesting
While 1
res = ssl_ctx.Read(ssl, buf)
If res <> axtls.SSL_OK Then
Exit While
End If
' could do something else here
End While
If res < axtls.SSL_OK
If Not quiet
Console.WriteLine("CONNECTION CLOSED")
End If
Exit While
End If
' convert to String
Dim str(res) As Char
For i = 0 To res-1
str(i) = Chr(buf(i))
Next
Console.Write(str)
End While
ElseIf Not quiet
SSLUtil.DisplayError(res)
End If
' client was disconnected or the handshake failed. */
ssl.Dispose()
client_sock.Close()
End While
ssl_ctx.Dispose()
End Sub
'
' do_client()
'
Public Sub do_client(ByVal build_mode As Integer, _
ByVal args() As String)
If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
print_client_options(build_mode, args(1))
End If
Dim i As Integer = 1
Dim res As Integer
Dim port As Integer = 4433
Dim quiet As Boolean = False
Dim password As String = Nothing
Dim reconnect As Integer = 0
Dim private_key_file As String = Nothing
Dim hostname As String = "127.0.0.1"
' organise the cert/ca_cert lists
Dim ssl As SSL = Nothing
Dim cert_size As Integer = SSLUtil.MaxCerts()
Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
Dim cert(cert_size) As String
Dim ca_cert(ca_cert_size) As String
Dim cert_index As Integer = 0
Dim ca_cert_index As Integer = 0
Dim options As Integer = _
axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
Dim session_id As Byte() = Nothing
While i < args.Length
If args(i) = "-connect" Then
Dim host_port As String
If i >= args.Length-1
print_client_options(build_mode, args(i))
End If
i += 1
host_port = args(i)
Dim index_colon As Integer = host_port.IndexOf(":"C)
If index_colon < 0 Then
print_client_options(build_mode, args(i))
End If
hostname = New String(host_port.ToCharArray(), _
0, index_colon)
port = Int32.Parse(New String(host_port.ToCharArray(), _
index_colon+1, host_port.Length-index_colon-1))
ElseIf args(i) = "-cert"
If i >= args.Length-1 Or cert_index >= cert_size Then
print_client_options(build_mode, args(i))
End If
i += 1
cert(cert_index) = args(i)
cert_index += 1
ElseIf args(i) = "-key"
If i >= args.Length-1
print_client_options(build_mode, args(i))
End If
i += 1
private_key_file = args(i)
options = options Or axtls.SSL_NO_DEFAULT_KEY
ElseIf args(i) = "-CAfile"
If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
print_client_options(build_mode, args(i))
End If
i += 1
ca_cert(ca_cert_index) = args(i)
ca_cert_index += 1
ElseIf args(i) = "-verify"
options = options And Not axtls.SSL_SERVER_VERIFY_LATER
ElseIf args(i) = "-reconnect"
reconnect = 4
ElseIf args(i) = "-quiet"
quiet = True
options = options And Not axtls.SSL_DISPLAY_CERTS
ElseIf args(i) = "-pass"
If i >= args.Length-1
print_client_options(build_mode, args(i))
End If
i += 1
password = args(i)
ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
If args(i) = "-debug" Then
options = options Or axtls.SSL_DISPLAY_BYTES
ElseIf args(i) = "-state"
options = options Or axtls.SSL_DISPLAY_STATES
ElseIf args(i) = "-show-rsa"
options = options Or axtls.SSL_DISPLAY_RSA
Else
print_client_options(build_mode, args(i))
End If
Else ' don't know what this is
print_client_options(build_mode, args(i))
End If
i += 1
End While
'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
Dim addresses As IPAddress() = hostInfo.AddressList
Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port)
Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
SocketType.Stream, ProtocolType.Tcp)
client_sock.Connect(ep)
If Not client_sock.Connected Then
Console.WriteLine("could not connect")
Environment.Exit(1)
End If
If Not quiet Then
Console.WriteLine("CONNECTED")
End If
'*********************************************************************
' This is where the interesting stuff happens. Up until now we've
' just been setting up sockets etc. Now we do the SSL handshake.
'*********************************************************************/
Dim ssl_ctx As SSLClient = New SSLClient(options, _
axtls.SSL_DEFAULT_CLNT_SESS)
If ssl_ctx Is Nothing Then
Console.Error.WriteLine("Error: Client context is invalid")
Environment.Exit(1)
End If
If private_key_file <> Nothing Then
Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
If private_key_file.EndsWith(".p8") Then
obj_type = axtls.SSL_OBJ_PKCS8
Else If (private_key_file.EndsWith(".p12"))
obj_type = axtls.SSL_OBJ_PKCS12
End If
If ssl_ctx.ObjLoad(obj_type, private_key_file, _
password) <> axtls.SSL_OK Then
Console.Error.WriteLine("Error: Private key '" & _
private_key_file & "' is undefined.")
Environment.Exit(1)
End If
End If
For i = 0 To cert_index-1
If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
cert(i), Nothing) <> axtls.SSL_OK Then
Console.WriteLine("Certificate '" & cert(i) & _
"' is undefined.")
Environment.Exit(1)
End If
Next
For i = 0 To ca_cert_index-1
If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
ca_cert(i), Nothing) <> axtls.SSL_OK Then
Console.WriteLine("Certificate '" & ca_cert(i) & _
"' is undefined.")
Environment.Exit(1)
End If
Next
' Try session resumption?
If reconnect > 0 Then
While reconnect > 0
reconnect -= 1
ssl = ssl_ctx.Connect(client_sock, session_id)
res = ssl.HandshakeStatus()
If res <> axtls.SSL_OK Then
If Not quiet Then
SSLUtil.DisplayError(res)
End If
ssl.Dispose()
Environment.Exit(1)
End If
display_session_id(ssl)
session_id = ssl.GetSessionId()
If reconnect > 0 Then
ssl.Dispose()
client_sock.Close()
' and reconnect
client_sock = New Socket(AddressFamily.InterNetwork, _
SocketType.Stream, ProtocolType.Tcp)
client_sock.Connect(ep)
End If
End While
Else
ssl = ssl_ctx.Connect(client_sock, Nothing)
End If
' check the return status
res = ssl.HandshakeStatus()
If res <> axtls.SSL_OK Then
If Not quiet Then
SSLUtil.DisplayError(res)
End If
Environment.Exit(1)
End If
If Not quiet Then
Dim common_name As String = _
ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
If common_name <> Nothing
Console.WriteLine("Common Name:" & _
ControlChars.Tab & ControlChars.Tab & common_name)
End If
display_session_id(ssl)
display_cipher(ssl)
End If
While (1)
Dim user_input As String = Console.ReadLine()
If user_input = Nothing Then
Exit While
End If
Dim buf(user_input.Length+1) As Byte
buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
buf(buf.Length-1) = 0 ' null terminate
For i = 0 To user_input.Length-1
buf(i) = Asc(user_input.Chars(i))
Next
res = ssl_ctx.Write(ssl, buf, buf.Length)
If res < axtls.SSL_OK Then
If Not quiet Then
SSLUtil.DisplayError(res)
End If
Exit While
End If
End While
ssl_ctx.Dispose()
End Sub
'
' Display what cipher we are using
'
Private Sub display_cipher(ByVal ssl As SSL)
Console.Write("CIPHER is ")
Select ssl.GetCipherId()
Case axtls.SSL_AES128_SHA
Console.WriteLine("AES128-SHA")
Case axtls.SSL_AES256_SHA
Console.WriteLine("AES256-SHA")
Case axtls.SSL_RC4_128_SHA
Console.WriteLine("RC4-SHA")
Case axtls.SSL_RC4_128_MD5
Console.WriteLine("RC4-MD5")
Case Else
Console.WriteLine("Unknown - " & ssl.GetCipherId())
End Select
End Sub
'
' Display what session id we have.
'
Private Sub display_session_id(ByVal ssl As SSL)
Dim session_id As Byte() = ssl.GetSessionId()
Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
Dim b As Byte
For Each b In session_id
Console.Write("{0:x02}", b)
Next
Console.WriteLine()
Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
End Sub
'
' We've had some sort of command-line error. Print out the basic options.
'
Public Sub print_options(ByVal options As String)
Console.WriteLine("axssl: Error: '" & options & _
"' is an invalid command.")
Console.WriteLine("usage: axssl.vb.exe [s_server|s_client] [args ...]")
Environment.Exit(1)
End Sub
'
' We've had some sort of command-line error. Print out the server options.
'
Private Sub print_server_options(ByVal build_mode As Integer, _
ByVal options As String)
Dim cert_size As Integer = SSLUtil.MaxCerts()
Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
Console.WriteLine("unknown option " & options)
Console.WriteLine("usage: s_server [args ...]")
Console.WriteLine(" -accept arg" & ControlChars.Tab & _
"- port to accept on (default is 4433)")
Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
"- No server output")
If build_mode >= axtls.SSL_BUILD_SERVER_ONLY
Console.WriteLine(" -cert arg" & ControlChars.Tab & _
"- certificate file to add (in addition to default) to chain -")
Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
" Can repeat up to " & cert_size & " times")
Console.WriteLine(" -key arg" & ControlChars.Tab & _
"- Private key file to use")
Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
"- private key file pass phrase source")
End If
If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
Console.WriteLine(" -verify" & ControlChars.Tab & _
"- turn on peer certificate verification")
Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
"- Certificate authority")
Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
" Can repeat up to " & ca_cert_size & " times")
End If
If build_mode = axtls.SSL_BUILD_FULL_MODE
Console.WriteLine(" -debug" & _
ControlChars.Tab & ControlChars.Tab & _
"- Print more output")
Console.WriteLine(" -state" & _
ControlChars.Tab & ControlChars.Tab & _
"- Show state messages")
Console.WriteLine(" -show-rsa" & _
ControlChars.Tab & "- Show RSA state")
End If
Environment.Exit(1)
End Sub
'
' We've had some sort of command-line error. Print out the client options.
'
Private Sub print_client_options(ByVal build_mode As Integer, _
ByVal options As String)
Dim cert_size As Integer = SSLUtil.MaxCerts()
Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
Console.WriteLine("unknown option " & options)
If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
Console.WriteLine("usage: s_client [args ...]")
Console.WriteLine(" -connect host:port - who to connect to " & _
"(default is localhost:4433)")
Console.WriteLine(" -verify" & ControlChars.Tab & _
"- turn on peer certificate verification")
Console.WriteLine(" -cert arg" & ControlChars.Tab & _
"- certificate file to use")
Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
" Can repeat up to " & cert_size & " times")
Console.WriteLine(" -key arg" & ControlChars.Tab & _
"- Private key file to use")
Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
"- Certificate authority")
Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
" Can repeat up to " & ca_cert_size & " times")
Console.WriteLine(" -quiet" & _
ControlChars.Tab & ControlChars.Tab & "- No client output")
Console.WriteLine(" -pass" & ControlChars.Tab & _
ControlChars.Tab & _
"- private key file pass phrase source")
Console.WriteLine(" -reconnect" & ControlChars.Tab & _
"- Drop and re-make the " & _
"connection with the same Session-ID")
If build_mode = axtls.SSL_BUILD_FULL_MODE Then
Console.WriteLine(" -debug" & _
ControlChars.Tab & ControlChars.Tab & _
"- Print more output")
Console.WriteLine(" -state" & _
ControlChars.Tab & ControlChars.Tab & _
"- Show state messages")
Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
"- Show RSA state")
End If
Else
Console.WriteLine("Change configuration to allow this feature")
End If
Environment.Exit(1)
End Sub
End Class
Public Module MyMain
Function Main(ByVal args() As String) As Integer
Dim runner As axssl = New axssl()
If args.Length < 1
runner.print_options("")
ElseIf args(0) <> "s_server" And args(0) <> "s_client"
runner.print_options(args(0))
End If
Dim build_mode As Integer = SSLUtil.BuildMode()
If args(0) = "s_server" Then
runner.do_server(build_mode, args)
Else
runner.do_client(build_mode, args)
End If
End Function
End Module