dtls_udp_echo.c

最新推荐文章于 2024-08-30 08:36:50 发布
最新推荐文章于 2024-08-30 08:36:50 发布
阅读量3.7k 收藏 1
点赞数
分类专栏: SSL 文章标签: ssl 



/*
* Copyright (C) 2009 - 2011 Robin Seggelmann, seggelmann@fh-muenster.de,
*                           Michael Tuexen, tuexen@fh-muenster.de
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

#ifdef WIN32
#include <winsock2.h>
#include <Ws2tcpip.h>
#define in_port_t u_short
#define ssize_t int
#else
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <pthread.h>
#endif

#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>


#define BUFFER_SIZE          (1<<16)
#define COOKIE_SECRET_LENGTH 16

int verbose = 0;
int veryverbose = 0;
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
int cookie_initialized=0;

char Usage[] =
"Usage: dtls_udp_echo [options] [address]\n"
"Options:\n"
"        -l      message length (Default: 100 Bytes)\n"
"        -p      port (Default: 23232)\n"
"        -n      number of messages to send (Default: 5)\n"
"        -L      local address\n"
"        -v      verbose\n"
"        -V      very verbose\n";

#if WIN32
static HANDLE* mutex_buf = NULL;
#else
static pthread_mutex_t* mutex_buf = NULL;
#endif

static void locking_function(int mode, int n, const char *file, int line) {
     if (mode & CRYPTO_LOCK)
#ifdef WIN32
          WaitForSingleObject(mutex_buf[n], INFINITE);
     else
          ReleaseMutex(mutex_buf[n]);
#else
          pthread_mutex_lock(&mutex_buf[n]);
     else
          pthread_mutex_unlock(&mutex_buf[n]);
#endif
}

static unsigned long id_function(void) {
#ifdef WIN32
     return (unsigned long) GetCurrentThreadId();
#else
     return (unsigned long) pthread_self();
#endif
}

int THREAD_setup() {
     int i;

#ifdef WIN32
     mutex_buf = (HANDLE*) malloc(CRYPTO_num_locks() * sizeof(HANDLE));
#else
     mutex_buf = (pthread_mutex_t*) malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
#endif
     if (!mutex_buf)
          return 0;
     for (i = 0; i < CRYPTO_num_locks(); i++)
#ifdef WIN32
          mutex_buf[i] = CreateMutex(NULL, FALSE, NULL);
#else
          pthread_mutex_init(&mutex_buf[i], NULL);
#endif
     CRYPTO_set_id_callback(id_function);
     CRYPTO_set_locking_callback(locking_function);
     return 1;
}

int THREAD_cleanup() {
     int i;

     if (!mutex_buf)
          return 0;

     CRYPTO_set_id_callback(NULL);
     CRYPTO_set_locking_callback(NULL);
     for (i = 0; i < CRYPTO_num_locks(); i++)
#ifdef WIN32
     CloseHandle(mutex_buf[i]);
#else
     pthread_mutex_destroy(&mutex_buf[i]);
#endif
     free(mutex_buf);
     mutex_buf = NULL;
     return 1;
}

int handle_socket_error() {
     switch (errno) {
          case EINTR:
               /* Interrupted system call.
               * Just ignore.
               */
               printf("Interrupted system call!\n");
               return 1;
          case EBADF:
               /* Invalid socket.
               * Must close connection.
               */
               printf("Invalid socket!\n");
               return 0;
               break;
#ifdef EHOSTDOWN
          case EHOSTDOWN:
               /* Host is down.
               * Just ignore, might be an attacker
               * sending fake ICMP messages.
               */
               printf("Host is down!\n");
               return 1;
#endif
#ifdef ECONNRESET
          case ECONNRESET:
               /* Connection reset by peer.
               * Just ignore, might be an attacker
               * sending fake ICMP messages.
               */
               printf("Connection reset by peer!\n");
               return 1;
#endif
          case ENOMEM:
               /* Out of memory.
               * Must close connection.
               */
               printf("Out of memory!\n");
               return 0;
               break;
          case EACCES:
               /* Permission denied.
               * Just ignore, we might be blocked
               * by some firewall policy. Try again
               * and hope for the best.
               */
               printf("Permission denied!\n");
               return 1;
               break;
          default:
               /* Something unexpected happened */
               printf("Unexpected error! (errno = %d)\n", errno);
               return 0;
               break;
     }
     return 0;
}

int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
     unsigned char *buffer, result[EVP_MAX_MD_SIZE];
     unsigned int length = 0, resultlength;
     union {
          struct sockaddr_storage ss;
          struct sockaddr_in6 s6;
          struct sockaddr_in s4;
     } peer;

     /* Initialize a random secret */
     if (!cookie_initialized)
          {
          if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
               {
               printf("error setting random cookie secret\n");
               return 0;
               }
          cookie_initialized = 1;
          }

     /* Read peer information */
     (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);

     /* Create buffer with peer's address and port */
     length = 0;
     switch (peer.ss.ss_family) {
          case AF_INET:
               length += sizeof(struct in_addr);
               break;
          case AF_INET6:
               length += sizeof(struct in6_addr);
               break;
          default:
               OPENSSL_assert(0);
               break;
     }
     length += sizeof(in_port_t);
     buffer = (unsigned char*) OPENSSL_malloc(length);

     if (buffer == NULL)
          {
          printf("out of memory\n");
          return 0;
          }

     switch (peer.ss.ss_family) {
          case AF_INET:
               memcpy(buffer,
                      &peer.s4.sin_port,
                      sizeof(in_port_t));
               memcpy(buffer + sizeof(peer.s4.sin_port),
                      &peer.s4.sin_addr,
                      sizeof(struct in_addr));
               break;
          case AF_INET6:
               memcpy(buffer,
                      &peer.s6.sin6_port,
                      sizeof(in_port_t));
               memcpy(buffer + sizeof(in_port_t),
                      &peer.s6.sin6_addr,
                      sizeof(struct in6_addr));
               break;
          default:
               OPENSSL_assert(0);
               break;
     }

     /* Calculate HMAC of buffer using the secret */
     HMAC(EVP_sha1(), (const void*) cookie_secret, COOKIE_SECRET_LENGTH,
          (const unsigned char*) buffer, length, result, &resultlength);
     OPENSSL_free(buffer);

     memcpy(cookie, result, resultlength);
     *cookie_len = resultlength;

     return 1;
}

int verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
     {
     unsigned char *buffer, result[EVP_MAX_MD_SIZE];
     unsigned int length = 0, resultlength;
     union {
          struct sockaddr_storage ss;
          struct sockaddr_in6 s6;
          struct sockaddr_in s4;
     } peer;

     /* If secret isn't initialized yet, the cookie can't be valid */
     if (!cookie_initialized)
          return 0;

     /* Read peer information */
     (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);

     /* Create buffer with peer's address and port */
     length = 0;
     switch (peer.ss.ss_family) {
          case AF_INET:
               length += sizeof(struct in_addr);
               break;
          case AF_INET6:
               length += sizeof(struct in6_addr);
               break;
          default:
               OPENSSL_assert(0);
               break;
     }
     length += sizeof(in_port_t);
     buffer = (unsigned char*) OPENSSL_malloc(length);

     if (buffer == NULL)
          {
          printf("out of memory\n");
          return 0;
          }

     switch (peer.ss.ss_family) {
          case AF_INET:
               memcpy(buffer,
                      &peer.s4.sin_port,
                      sizeof(in_port_t));
               memcpy(buffer + sizeof(in_port_t),
                      &peer.s4.sin_addr,
                      sizeof(struct in_addr));
               break;
          case AF_INET6:
               memcpy(buffer,
                      &peer.s6.sin6_port,
                      sizeof(in_port_t));
               memcpy(buffer + sizeof(in_port_t),
                      &peer.s6.sin6_addr,
                      sizeof(struct in6_addr));
               break;
          default:
               OPENSSL_assert(0);
               break;
     }

     /* Calculate HMAC of buffer using the secret */
     HMAC(EVP_sha1(), (const void*) cookie_secret, COOKIE_SECRET_LENGTH,
          (const unsigned char*) buffer, length, result, &resultlength);
     OPENSSL_free(buffer);

     if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
          return 1;

     return 0;
     }

struct pass_info {
     union {
          struct sockaddr_storage ss;
          struct sockaddr_in6 s6;
          struct sockaddr_in s4;
     } server_addr, client_addr;
     SSL *ssl;
};

int dtls_verify_callback (int ok, X509_STORE_CTX *ctx) {
     /* This function should ask the user
     * if he trusts the received certificate.
     * Here we always trust.
     */
     return 1;
}

#ifdef WIN32
DWORD WINAPI connection_handle(LPVOID *info) {
#else
void* connection_handle(void *info) {
#endif
     ssize_t len;
     char buf[BUFFER_SIZE];
     char addrbuf[INET6_ADDRSTRLEN];
     struct pass_info *pinfo = (struct pass_info*) info;
     SSL *ssl = pinfo->ssl;
     int fd, reading = 0, ret;
     const int on = 1;
     struct timeval timeout;
     int num_timeouts = 0, max_timeouts = 5;

#ifndef WIN32
     pthread_detach(pthread_self());
#endif

     OPENSSL_assert(pinfo->client_addr.ss.ss_family == pinfo->server_addr.ss.ss_family);
     fd = socket(pinfo->client_addr.ss.ss_family, SOCK_DGRAM, 0);
     if (fd < 0) {
          perror("socket");
          goto cleanup;
     }

     setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &on, (socklen_t) sizeof(on));
#ifdef SO_REUSEPORT
     setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (const void*) &on, (socklen_t) sizeof(on));
#endif
     switch (pinfo->client_addr.ss.ss_family) {
          case AF_INET:
               bind(fd, (const struct sockaddr *) &pinfo->server_addr, sizeof(struct sockaddr_in));
               connect(fd, (struct sockaddr *) &pinfo->client_addr, sizeof(struct sockaddr_in));
               break;
          case AF_INET6:
               bind(fd, (const struct sockaddr *) &pinfo->server_addr, sizeof(struct sockaddr_in6));
               connect(fd, (struct sockaddr *) &pinfo->client_addr, sizeof(struct sockaddr_in6));
               break;
          default:
               OPENSSL_assert(0);
               break;
     }

     /* Set new fd and set BIO to connected */
     BIO_set_fd(SSL_get_rbio(ssl), fd, BIO_NOCLOSE);
     BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_CONNECTED, 0, &pinfo->client_addr.ss);

     /* Finish handshake */
     do { ret = SSL_accept(ssl); }
     while (ret == 0);
     if (ret < 0) {
          perror("SSL_accept");
          printf("%s\n", ERR_error_string(ERR_get_error(), buf));
          goto cleanup;
     }

     /* Set and activate timeouts */
     timeout.tv_sec = 5;
     timeout.tv_usec = 0;
     BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

     if (verbose) {
          if (pinfo->client_addr.ss.ss_family == AF_INET) {
               printf ("\nThread %lx: accepted connection from %s:%d\n",
                       id_function(),
                       inet_ntop(AF_INET, &pinfo->client_addr.s4.sin_addr, addrbuf, INET6_ADDRSTRLEN),
                       ntohs(pinfo->client_addr.s4.sin_port));
          } else {
               printf ("\nThread %lx: accepted connection from %s:%d\n",
                       id_function(),
                       inet_ntop(AF_INET6, &pinfo->client_addr.s6.sin6_addr, addrbuf, INET6_ADDRSTRLEN),
                       ntohs(pinfo->client_addr.s6.sin6_port));
          }
     }

     if (veryverbose && SSL_get_peer_certificate(ssl)) {
          printf ("------------------------------------------------------------\n");
          X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)),
                                     1, XN_FLAG_MULTILINE);
          printf("\n\n Cipher: %s", SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
          printf ("\n------------------------------------------------------------\n\n");
     }

     while (!(SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN) && num_timeouts < max_timeouts) {

          reading = 1;
          while (reading) {
               len = SSL_read(ssl, buf, sizeof(buf));

               switch (SSL_get_error(ssl, len)) {
                    case SSL_ERROR_NONE:
                         if (verbose) {
                              printf("Thread %lx: read %d bytes\n", id_function(), (int) len);
                         }
                         reading = 0;
                         break;
                    case SSL_ERROR_WANT_READ:
                         /* Handle socket timeouts */
                         if (BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)) {
                              num_timeouts++;
                              reading = 0;
                         }
                         /* Just try again */
                         break;
                    case SSL_ERROR_ZERO_RETURN:
                         reading = 0;
                         break;
                    case SSL_ERROR_SYSCALL:
                         printf("Socket read error: ");
                         if (!handle_socket_error()) goto cleanup;
                         reading = 0;
                         break;
                    case SSL_ERROR_SSL:
                         printf("SSL read error: ");
                         printf("%s (%d)\n", ERR_error_string(ERR_get_error(), buf), SSL_get_error(ssl, len));
                         goto cleanup;
                         break;
                    default:
                         printf("Unexpected error while reading!\n");
                         goto cleanup;
                         break;
               }
          }

          if (len > 0) {
               len = SSL_write(ssl, buf, len);

               switch (SSL_get_error(ssl, len)) {
                    case SSL_ERROR_NONE:
                         if (verbose) {
                              printf("Thread %lx: wrote %d bytes\n", id_function(), (int) len);
                         }
                         break;
                    case SSL_ERROR_WANT_WRITE:
                         /* Can't write because of a renegotiation, so
                         * we actually have to retry sending this message...
                         */
                         break;
                    case SSL_ERROR_WANT_READ:
                         /* continue with reading */
                         break;
                    case SSL_ERROR_SYSCALL:
                         printf("Socket write error: ");
                         if (!handle_socket_error()) goto cleanup;
                         reading = 0;
                         break;
                    case SSL_ERROR_SSL:
                         printf("SSL write error: ");
                         printf("%s (%d)\n", ERR_error_string(ERR_get_error(), buf), SSL_get_error(ssl, len));
                         goto cleanup;
                         break;
                    default:
                         printf("Unexpected error while writing!\n");
                         goto cleanup;
                         break;
               }
          }
     }

     SSL_shutdown(ssl);

cleanup:
#ifdef WIN32
     closesocket(fd);
#else
     close(fd);
#endif
     free(info);
     SSL_free(ssl);
     ERR_remove_state(0);
     if (verbose)
          printf("Thread %lx: done, connection closed.\n", id_function());
#if WIN32
     ExitThread(0);
#else
     pthread_exit( (void *) NULL );
#endif
}


void start_server(int port, char *local_address) {
     int fd;
     union {
          struct sockaddr_storage ss;
          struct sockaddr_in s4;
          struct sockaddr_in6 s6;
     } server_addr, client_addr;
#if WIN32
     WSADATA wsaData;
     DWORD tid;
#else
     pthread_t tid;
#endif
     SSL_CTX *ctx;
     SSL *ssl;
     BIO *bio;
     struct timeval timeout;
     struct pass_info *info;
     const int on = 1, off = 0;

     memset(&server_addr, 0, sizeof(struct sockaddr_storage));
     if (strlen(local_address) == 0) {
          server_addr.s6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
          server_addr.s6.sin6_len = sizeof(struct sockaddr_in6);
#endif
          server_addr.s6.sin6_addr = in6addr_any;
          server_addr.s6.sin6_port = htons(port);
     } else {
          if (inet_pton(AF_INET, local_address, &server_addr.s4.sin_addr) == 1) {
               server_addr.s4.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
               server_addr.s4.sin_len = sizeof(struct sockaddr_in);
#endif
               server_addr.s4.sin_port = htons(port);
          } else if (inet_pton(AF_INET6, local_address, &server_addr.s6.sin6_addr) == 1) {
               server_addr.s6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
               server_addr.s6.sin6_len = sizeof(struct sockaddr_in6);
#endif
               server_addr.s6.sin6_port = htons(port);
          } else {
               return;
          }
     }

     THREAD_setup();
     OpenSSL_add_ssl_algorithms();
     SSL_load_error_strings();
     ctx = SSL_CTX_new(DTLSv1_server_method());
     /* We accept all ciphers, including NULL.
     * Not recommended beyond testing and debugging
     */
     SSL_CTX_set_cipher_list(ctx, "ALL:NULL:eNULL:aNULL");
     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);

     if (!SSL_CTX_use_certificate_file(ctx, "certs/server-cert.pem", SSL_FILETYPE_PEM))
          printf("\nERROR: no certificate found!");

     if (!SSL_CTX_use_PrivateKey_file(ctx, "certs/server-key.pem", SSL_FILETYPE_PEM))
          printf("\nERROR: no private key found!");

     if (!SSL_CTX_check_private_key (ctx))
          printf("\nERROR: invalid private key!");

     /* Client has to authenticate */
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);

     SSL_CTX_set_read_ahead(ctx, 1);
     SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);
     SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);

#ifdef WIN32
     WSAStartup(MAKEWORD(2, 2), &wsaData);
#endif

     fd = socket(server_addr.ss.ss_family, SOCK_DGRAM, 0);
     if (fd < 0) {
          perror("socket");
          exit(-1);
     }

     setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &on, (socklen_t) sizeof(on));
#ifdef SO_REUSEPORT
     setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (const void*) &on, (socklen_t) sizeof(on));
#endif

     if (server_addr.ss.ss_family == AF_INET) {
          bind(fd, (const struct sockaddr *) &server_addr, sizeof(struct sockaddr_in));
     } else {
          setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&off, sizeof(off));
          bind(fd, (const struct sockaddr *) &server_addr, sizeof(struct sockaddr_in6));
     }
     while (1) {
          memset(&client_addr, 0, sizeof(struct sockaddr_storage));

          /* Create BIO */
          bio = BIO_new_dgram(fd, BIO_NOCLOSE);

          /* Set and activate timeouts */
          timeout.tv_sec = 5;
          timeout.tv_usec = 0;
          BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

          ssl = SSL_new(ctx);

          SSL_set_bio(ssl, bio, bio);
          SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);

          while (DTLSv1_listen(ssl, &client_addr) <= 0);

          info = (struct pass_info*) malloc (sizeof(struct pass_info));
          memcpy(&info->server_addr, &server_addr, sizeof(struct sockaddr_storage));
          memcpy(&info->client_addr, &client_addr, sizeof(struct sockaddr_storage));
          info->ssl = ssl;

#ifdef WIN32
          if (CreateThread(NULL, 0, connection_handle, info, 0, &tid) == NULL) {
               exit(-1);
          }    
#else
          if (pthread_create( &tid, NULL, connection_handle, info) != 0) {
               perror("pthread_create");
               exit(-1);
          }
#endif
     }

     THREAD_cleanup();
#ifdef WIN32
     WSACleanup();
#endif
}

void start_client(char *remote_address, char *local_address, int port, int length, int messagenumber) {
     int fd;
     union {
          struct sockaddr_storage ss;
          struct sockaddr_in s4;
          struct sockaddr_in6 s6;
     } remote_addr, local_addr;
     char buf[BUFFER_SIZE];
     char addrbuf[INET6_ADDRSTRLEN];
     socklen_t len;
     SSL_CTX *ctx;
     SSL *ssl;
     BIO *bio;
     int reading = 0;
     struct timeval timeout;
#if WIN32
     WSADATA wsaData;
#endif

     memset((void *) &remote_addr, 0, sizeof(struct sockaddr_storage));
     memset((void *) &local_addr, 0, sizeof(struct sockaddr_storage));

     if (inet_pton(AF_INET, remote_address, &remote_addr.s4.sin_addr) == 1) {
          remote_addr.s4.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
          remote_addr.s4.sin_len = sizeof(struct sockaddr_in);
#endif
          remote_addr.s4.sin_port = htons(port);
     } else if (inet_pton(AF_INET6, remote_address, &remote_addr.s6.sin6_addr) == 1) {
          remote_addr.s6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
          remote_addr.s6.sin6_len = sizeof(struct sockaddr_in6);
#endif
          remote_addr.s6.sin6_port = htons(port);
     } else {
          return;
     }

#ifdef WIN32
     WSAStartup(MAKEWORD(2, 2), &wsaData);
#endif

     fd = socket(remote_addr.ss.ss_family, SOCK_DGRAM, 0);
     if (fd < 0) {
          perror("socket");
          exit(-1);
     }

     if (strlen(local_address) > 0) {
          if (inet_pton(AF_INET, local_address, &local_addr.s4.sin_addr) == 1) {
               local_addr.s4.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
               local_addr.s4.sin_len = sizeof(struct sockaddr_in);
#endif
               local_addr.s4.sin_port = htons(0);
          } else if (inet_pton(AF_INET6, local_address, &local_addr.s6.sin6_addr) == 1) {
               local_addr.s6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
               local_addr.s6.sin6_len = sizeof(struct sockaddr_in6);
#endif
               local_addr.s6.sin6_port = htons(0);
          } else {
               return;
          }
          OPENSSL_assert(remote_addr.ss.ss_family == local_addr.ss.ss_family);
          if (local_addr.ss.ss_family == AF_INET) {
               bind(fd, (const struct sockaddr *) &local_addr, sizeof(struct sockaddr_in));
          } else {
               bind(fd, (const struct sockaddr *) &local_addr, sizeof(struct sockaddr_in6));
          }
     }

     OpenSSL_add_ssl_algorithms();
     SSL_load_error_strings();
     ctx = SSL_CTX_new(DTLSv1_client_method());
     SSL_CTX_set_cipher_list(ctx, "eNULL:!MD5");

     if (!SSL_CTX_use_certificate_file(ctx, "certs/client-cert.pem", SSL_FILETYPE_PEM))
          printf("\nERROR: no certificate found!");

     if (!SSL_CTX_use_PrivateKey_file(ctx, "certs/client-key.pem", SSL_FILETYPE_PEM))
          printf("\nERROR: no private key found!");

     if (!SSL_CTX_check_private_key (ctx))
          printf("\nERROR: invalid private key!");

     SSL_CTX_set_verify_depth (ctx, 2);
     SSL_CTX_set_read_ahead(ctx, 1);

     ssl = SSL_new(ctx);

     /* Create BIO, connect and set to already connected */
     bio = BIO_new_dgram(fd, BIO_CLOSE);
     if (remote_addr.ss.ss_family == AF_INET) {
          connect(fd, (struct sockaddr *) &remote_addr, sizeof(struct sockaddr_in));
     } else {
          connect(fd, (struct sockaddr *) &remote_addr, sizeof(struct sockaddr_in6));
     }
     BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, &remote_addr.ss);

     SSL_set_bio(ssl, bio, bio);

     if (SSL_connect(ssl) < 0) {
          perror("SSL_connect");
          printf("%s\n", ERR_error_string(ERR_get_error(), buf));
          exit(-1);
     }

     /* Set and activate timeouts */
     timeout.tv_sec = 3;
     timeout.tv_usec = 0;
     BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

     if (verbose) {
          if (remote_addr.ss.ss_family == AF_INET) {
               printf ("\nConnected to %s\n",
                        inet_ntop(AF_INET, &remote_addr.s4.sin_addr, addrbuf, INET6_ADDRSTRLEN));
          } else {
               printf ("\nConnected to %s\n",
                        inet_ntop(AF_INET6, &remote_addr.s6.sin6_addr, addrbuf, INET6_ADDRSTRLEN));
          }
     }

     if (veryverbose && SSL_get_peer_certificate(ssl)) {
          printf ("------------------------------------------------------------\n");
          X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)),
                                1, XN_FLAG_MULTILINE);
          printf("\n\n Cipher: %s", SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
          printf ("\n------------------------------------------------------------\n\n");
     }

     while (!(SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN)) {

          if (messagenumber > 0) {
               len = SSL_write(ssl, buf, length);

               switch (SSL_get_error(ssl, len)) {
                    case SSL_ERROR_NONE:
                         if (verbose) {
                              printf("wrote %d bytes\n", (int) len);
                         }
                         messagenumber--;
                         break;
                    case SSL_ERROR_WANT_WRITE:
                         /* Just try again later */
                         break;
                    case SSL_ERROR_WANT_READ:
                         /* continue with reading */
                         break;
                    case SSL_ERROR_SYSCALL:
                         printf("Socket write error: ");
                         if (!handle_socket_error()) exit(1);
                         reading = 0;
                         break;
                    case SSL_ERROR_SSL:
                         printf("SSL write error: ");
                         printf("%s (%d)\n", ERR_error_string(ERR_get_error(), buf), SSL_get_error(ssl, len));
                         exit(1);
                         break;
                    default:
                         printf("Unexpected error while writing!\n");
                         exit(1);
                         break;
               }

#if 0
               /* Send heartbeat. Requires Heartbeat extension. */
               if (messagenumber == 2)
                    SSL_heartbeat(ssl);
#endif

               /* Shut down if all messages sent */
               if (messagenumber == 0)
                    SSL_shutdown(ssl);
          }

          reading = 1;
          while (reading) {
               len = SSL_read(ssl, buf, sizeof(buf));

               switch (SSL_get_error(ssl, len)) {
                    case SSL_ERROR_NONE:
                         if (verbose) {
                              printf("read %d bytes\n", (int) len);
                         }
                         reading = 0;
                         break;
                    case SSL_ERROR_WANT_READ:
                         /* Stop reading on socket timeout, otherwise try again */
                         if (BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)) {
                              printf("Timeout! No response received.\n");
                              reading = 0;
                         }
                         break;
                    case SSL_ERROR_ZERO_RETURN:
                         reading = 0;
                         break;
                    case SSL_ERROR_SYSCALL:
                         printf("Socket read error: ");
                         if (!handle_socket_error()) exit(1);
                         reading = 0;
                         break;
                    case SSL_ERROR_SSL:
                         printf("SSL read error: ");
                         printf("%s (%d)\n", ERR_error_string(ERR_get_error(), buf), SSL_get_error(ssl, len));
                         exit(1);
                         break;
                    default:
                         printf("Unexpected error while reading!\n");
                         exit(1);
                         break;
               }
          }
     }

#ifdef WIN32
     closesocket(fd);
#else
     close(fd);
#endif
     if (verbose)
          printf("Connection closed.\n");

#ifdef WIN32
     WSACleanup();
#endif
}

int main(int argc, char **argv)
{
     int port = 23232;
     int length = 100;
     int messagenumber = 5;
     char local_addr[INET6_ADDRSTRLEN+1];

     memset(local_addr, 0, INET6_ADDRSTRLEN+1);

     argc--;
     argv++;

     while (argc >= 1) {
          if     (strcmp(*argv, "-l") == 0) {
               if (--argc < 1) goto cmd_err;
               length = atoi(*++argv);
               if (length > BUFFER_SIZE)
                    length = BUFFER_SIZE;
          }
          else if     (strcmp(*argv, "-L") == 0) {
               if (--argc < 1) goto cmd_err;
               strncpy(local_addr, *++argv, INET6_ADDRSTRLEN);
          }
          else if     (strcmp(*argv, "-n") == 0) {
               if (--argc < 1) goto cmd_err;
               messagenumber = atoi(*++argv);
          }
          else if     (strcmp(*argv, "-p") == 0) {
               if (--argc < 1) goto cmd_err;
               port = atoi(*++argv);
          }
          else if     (strcmp(*argv, "-v") == 0) {
               verbose = 1;
          }
          else if     (strcmp(*argv, "-V") == 0) {
               verbose = 1;
               veryverbose = 1;
          }
          else if     (((*argv)[0]) == '-') {
               goto cmd_err;
          }
          else break;

          argc--;
          argv++;
     }

     if (argc > 1) goto cmd_err;

     if (argc == 1)
          start_client(*argv, local_addr, port, length, messagenumber);
     else
          start_server(port, local_addr);

     return 0;

cmd_err:
     fprintf(stderr, "%s\n", Usage);
     return 1;
}


zzhongcy
关注
专栏目录
CAPWAP详解【四】
小青年儿
11-24 3729
2.5.7 CAPWAP传输机制 WTP和AC之间使用标准的UDP客户端/服务器模式来建立通讯。 CAPWAP协议支持UDPUDP-Lite [RFC3828]。 ¢ 在IPv4上,CAPWAP控制和数据通道使用UDP。此时CAPWAP报文中的UDP校验和必须设置为0。AC上的CAPWAP控制报文端口为UDP众所周知端口5246,数据报文端口为UDP众所周知端口5247 ,WT
sdkconfig adkconfig.defaults 的含义
u013550000的博客
11-20 1134
songjiaxiu@songjiaxiu-OptiPlex-3050:~/customer/11-16-qcloud-gitlab/esp-qcloud/examples/mqtt_demo$ ls build CMakeLists.txt main Makefile partitions_qcloud_demo.csv sdkconfig sdkconfig_bk sdkconf...
基于UDPECHO程序
11-29
基于UDPECHO程序,网络程序设计的课程实验,实验指导书。
DTLS--基于UDP的无链接TLS
dyrou的专栏
01-03 1万+
翻出来以前做的笔记,关于实现DTLS需要注意的问题。 TLS结合非可靠连接面对的两个问题: 1.TLS的加密层不允许独立处理某个指定的记录层数据包,例如第N个包没有收到,第N+1个记录包不能解密。 2.TLS握手协议假设在可靠的有序信道上完成,如果某个消息丢失,握手过程将退出。 解决方法: *TLS传输加密层不能独立出来主要有两个方面的限制: 1.加密算法的模式(CBC
强力推荐:OpenSSL DTLS 示例——安全的实时通信利器
gitblog_00901的博客
08-30 513
强力推荐:OpenSSL DTLS 示例——安全的实时通信利器 项目地址:https://gitcode.com/gh_mirrors/dt/DTLS-Examples 在追求数据传输安全和实时性的今天,DTLS(Datagram Transport Layer Security) 已成为不可或缺的技术。对于那些致力于构建安全、高效且兼容多种传输协议的开发者来说,DTLS Examples for...
DTLS-示例:使用OpenSSL通过SCTP和UDP进行DTLS的示例
02-06
DTLS-示例:使用OpenSSL通过SCTP和UDP进行DTLS的示例
网络协议文档阅读笔记-Introduction to DTLS(Datagram Transport Layer Security)
IT1995的博客
06-08 782
在互联网中安全的数据传输是至关重要的。很多敏感数据都通过互联网交互数据如金融交易数据,医药数据,媒体流数据等。SSL/TLS和IPSec就是为了确保互联网中传输数据的安全而创建的。许多网站使用的是SSL/TLS。DTLS也是传输层的的一个安全协议。 What is DTLS DTLS是传输层协议,用于加密传输的数据,是基于UDP的。DTLSTLS很相似,在RFC4347和RFC6347中有定义。 Why DTLS SSL/TLS在TCP协议上的加密协议,TCP他是安全可靠不会丢失数据的..
DTLS 详细介绍
whshahaha的博客
06-04 2935
DTLS(Datagram Transport Layer Security)是一种基于UDP协议的安全传输协议,它提供了与TLS()类似的安全性和数据完整性保护,同时也具有UDP协议的优点,如低延迟和支持多路复用等。DTLS协议是建立在UDP协议之上的,因此它适用于对延迟敏感的应用程序,如VoIP(Voice over IP)和视频流媒体等。与TLS协议不同的是,DTLS协议在传输层对数据进行加密和认证,而TLS协议则是在传输层之上对数据进行加密和认证。
WebRTC音频系统 之audio技术栈简介-1
yinshipin007的博客
04-06 667
标准和源码是研究WebRTC的第一手资料,而标准和源码也是在持续的演进,在编译native源的该时候,可以生成各个模块的测试二进制程序,通过这些二进制程序熟悉各个模块的使用方法,比如APM模块的可执行二进制测试程序是audioproc_f,各个模块的组成见1.4小节,图1-3,测试程序包括了音视频以及网络部分,和native 测试app,其测试程序见下图红色部分:图1-1 MacOS上WebRTC native编译结果。
Ubuntu中安装部署Janus
点点滴滴
05-06 8002
1. 环境 在 Ubuntu 16.4.5 TLS 版本中编译和测试通过。 (CentOS下的部署可以参考《Janus部署总结》一文) 下载最新的源代码需要git,若没有安装git可以使用下面命令进行安装: sudo apt-get install git -y 使用下面命令进行安装lua库: sudo apt-get install liblua5.3-dev 编译运行 Janus Serv...
webrtc.lib(m74) 链接的 obj 文件[应该与编译选项有关,备忘]
IS2120
08-20 4111
01F68076: 0 obj\test\fake_video_codecs\fake_vp8_encoder.obj 01F680A6: 48 obj\test\fake_video_codecs\fake_vp8_decoder.obj 01F680D6: 96 obj\test\fake_video_codecs\fake_encoder.obj 01F...
Qt网络编程:DTLS 服务端和客户端通信(官方Demo)
友善啊,朋友的博客
06-27 827
一、服务端 QUdpSocket serverSocket; QSslConfiguration serverConfiguration;//ssl配置信息 QDtlsClientVerifier cookieSender;//DTLS cookie校验器 QList<std::unique_ptr<QDtls>> knownClientList;//储存连接 1.1、服务端配置 connect(&serverSocket,
opensslBIO系列之4---BIO控制函数介绍
内网安全与OpenSSL专栏
12-23 3873
BIO控制函数介绍    ---根据openssl doc/crypto/bio/bio_ctrl.pod翻译和自己的理解写成        (作者:DragonKing Mail:wzhah@263.net 发布于:http://gdwzh.126.com  openssl专业论坛)    BIO控制函数有许多,并且不同的BIO类型还有不同的控制函数,这里只简单介绍一些通用的BIO控制函数,至于
Socket API和BIO
rhinosinlove的博客
06-07 208
以下是我学习网络编程的一些笔记。 Socket API 任何现代应用程序,如要访问互联网,必须通过Socket API. Socket这个单词的意思是“插座”,曾经被译为“插口”,现在一般翻译为“套接字”。程序员通常会把socket简写为sock. Socket API最初是在BSD Unix上出现的,后面Linux系统也实现了一套相同的API. Windows系统的实现则是Windows Sockets API (简称WSA). Windows对Socket API的实现并不正统。要严肃地学习网络编程,最
DTLS协议中client/server的认证过程和密钥协商过程
热门推荐
pengkunlun_hit的博客
08-10 1万+
DTLS协议是基于UDP的安全协议,与基于TCP的SSL/TLS协议安全机制类似,并复用了SSL/TLS协议70%的代码。 本文章首先介绍了DTLS的特点和协议层次,然后具体介绍了DTLS在client和server建立连接过程的具体交互步骤、每个报文段的内容和作用。 通过完整地阅读DTLS代码,本文深入分析了DTLS的安全机制,并为TLS协议的握手过程分析提供了参考。
SSL 服务器与客户端样本代码
白袍小将的博客
08-14 2789
本文为了方便进行SSL编程参考而整理,SSL编程调用的大多数流程就如如下样本代码,通过本样本代码可以比较快的测试SSL相关API。
SSL/TLS/DTLS对比
Leon
01-11 1万+
SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(TransportLayer Security,TLS & Datagram Transport Layer Security,DTLS)是为网络通信提供安全及数据完整性的一种安全协议。DTLSTLSSSL在传输层对网络连接进行加密,DTLSUDP传输协议之上,而TLS则在TCP传输协议之上。 各协议
DTLS协议学习记录
yuxiang1014的专栏
09-13 996
DTLS基于UDP协议 1.DTLS握手协议 2.DTLS时序图: 2.1.实际上在握手之前还需要做很多事情,其中之一就是交换SDP信息,也就是媒体协商(需要通过信令进行连接),其中也包含交换了ICE的password和username 2.2.经过1之后就找到对方的Candidate了,也就是相互知道了对方 的ip和端口使用的协议是什么。下面就是在数据传输之前首先发送STUN request 把password与username带给流媒体服务器,流媒体服务器将用户名密码取出来与第一阶段中的
TLSv1.2及Https协议示例
$好记性还是要多记录$
09-24 3026
编译 SSL/TLS client server examples using openssl ## Build $ mkdir build $ cd build $ cmake .. $ make $ cp -rf ../certs ./ 测试运行 ### Server side $ ./server Certificate Verify Success Client Hello Wor...
使用python仿真dtls协议
最新发布
09-11
Python中并没有内置的DTLS (Datagram Transport Layer Security) 仿真库,因为DTLS是一种基于TLS(Transport Layer Security)的应用层协议,用于保护UDP数据传输的安全,而Python标准库并不直接支持这种低级别的协议实现。不过,你可以通过第三方库如PyNaCl(纯Python实现的加密库,包括了对DTLS的支持)或者是像`pyzmq`这样的库结合其他安全组件来实现DTLS模拟。 如果你需要编写DTLS通信程序,通常的做法是: 1. **安装必要的库**:首先,你需要安装`cryptography`、`PyNaCl`等用于处理SSL/TLS的库。 ```bash pip install cryptography PyNaCl pyzmq ``` 2. **理解基本原理**:DTLS涉及封装、解封装数据包,以及证书管理和密钥交换。了解DTLS的基本流程对于编程至关重要。 3. **实现套接字**:使用`zmq`库创建DTLS支持的socket,例如`zmq.DTLS Dealer`或`zmq.DTLS Router`。 4. **设置连接**:配置DTLS选项,比如证书、密码等,并建立DTLS连接。 5. **数据交换**:通过套接字发送和接收加密的UDP数据包。 ```python import zmq from Cryptodome.PublicKey import ECC # 创建DTLS context context = zmq.Context() socket = context.socket(zmq.DTLS_ROUTER) # 加载证书 cert = EccKey.from_pem(open('your_certificate.pem').read()) socket.curve_publickey = cert.public_key().export_string() # 设置端口和服务器地址 server_address = 'tcp://localhost:your_port' socket.setsockopt(zmq.IDENTITY, b"client_id") socket.bind(server_address) while True: # 接收来自服务器的数据 message = socket.recv_multipart() # 解密并处理消息 decrypted_data = decrypt(message) process(decrypted_data) # 发送响应 encrypted_response = encrypt(response_data) socket.send_multipart(encrypted_response) ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值