public static void Main(string[] args) { //Starting the server that runs the whole program IPAddress addre = IPAddress.Parse("127.0.0.1"); //IPAddress addre = IPAddress.Parse(GetLocalIPAddress()); SSLServer server = new SSLServer(addre, 5300); }
/* * do_server() */ private void do_server(int build_mode, string[] args) { int i = 1; int port = 4433; uint options = axtls.SSL_DISPLAY_CERTS; bool quiet = false; string password = null; string private_key_file = null; /* organise the cert/ca_cert lists */ int cert_size = SSLUtil.MaxCerts(); int ca_cert_size = SSLUtil.MaxCACerts(); string[] cert = new string[cert_size]; string[] ca_cert = new string[ca_cert_size]; int cert_index = 0; int ca_cert_index = 0; while (i < args.Length) { if (args[i] == "-accept") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } port = Int32.Parse(args[++i]); } else if (args[i] == "-quiet") { quiet = true; options &= ~(uint)axtls.SSL_DISPLAY_CERTS; } else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY) { if (args[i] == "-cert") { if (i >= args.Length - 1 || cert_index >= cert_size) { print_server_options(build_mode, args[i]); } cert[cert_index++] = args[++i]; } else if (args[i] == "-key") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } private_key_file = args[++i]; options |= axtls.SSL_NO_DEFAULT_KEY; } else if (args[i] == "-pass") { if (i >= args.Length - 1) { print_server_options(build_mode, args[i]); } password = args[++i]; } else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION) { if (args[i] == "-verify") { options |= axtls.SSL_CLIENT_AUTHENTICATION; } else if (args[i] == "-CAfile") { if (i >= args.Length - 1 || ca_cert_index >= ca_cert_size) { print_server_options(build_mode, args[i]); } ca_cert[ca_cert_index++] = args[++i]; } else if (build_mode == axtls.SSL_BUILD_FULL_MODE) { if (args[i] == "-debug") { options |= axtls.SSL_DISPLAY_BYTES; } else if (args[i] == "-state") { options |= axtls.SSL_DISPLAY_STATES; } else if (args[i] == "-show-rsa") { options |= axtls.SSL_DISPLAY_RSA; } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } } else { print_server_options(build_mode, args[i]); } i++; } /* Create socket for incoming connections */ IPEndPoint ep = new IPEndPoint(IPAddress.Any, port); TcpListener server_sock = new TcpListener(ep); server_sock.Start(); /********************************************************************** * This is where the interesting stuff happens. Up until now we've * just been setting up sockets etc. Now we do the SSL handshake. **********************************************************************/ SSLServer ssl_ctx = new SSLServer( options, axtls.SSL_DEFAULT_SVR_SESS); if (ssl_ctx == null) { Console.Error.WriteLine("Error: Server context is invalid"); Environment.Exit(1); } if (private_key_file != null) { int obj_type = axtls.SSL_OBJ_RSA_KEY; if (private_key_file.EndsWith(".p8")) { obj_type = axtls.SSL_OBJ_PKCS8; } else if (private_key_file.EndsWith(".p12")) { obj_type = axtls.SSL_OBJ_PKCS12; } if (ssl_ctx.ObjLoad(obj_type, private_key_file, password) != axtls.SSL_OK) { Console.Error.WriteLine("Private key '" + private_key_file + "' is undefined."); Environment.Exit(1); } } for (i = 0; i < cert_index; i++) { if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, cert[i], null) != axtls.SSL_OK) { Console.WriteLine("Certificate '" + cert[i] + "' is undefined."); Environment.Exit(1); } } for (i = 0; i < ca_cert_index; i++) { if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, ca_cert[i], null) != axtls.SSL_OK) { Console.WriteLine("Certificate '" + cert[i] + "' is undefined."); Environment.Exit(1); } } byte[] buf = null; int res; for (;;) { if (!quiet) { Console.WriteLine("ACCEPT"); } Socket client_sock = server_sock.AcceptSocket(); SSL ssl = ssl_ctx.Connect(client_sock); /* do the actual SSL handshake */ while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) { /* check when the connection has been established */ if (ssl.HandshakeStatus() == axtls.SSL_OK) { break; } /* could do something else here */ } if (res == axtls.SSL_OK) /* connection established and ok */ { if (!quiet) { display_session_id(ssl); display_cipher(ssl); } /* now read (and display) whatever the client sends us */ for (;;) { /* keep reading until we get something interesting */ while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) { /* could do something else here */ } if (res < axtls.SSL_OK) { if (!quiet) { Console.WriteLine("CONNECTION CLOSED"); } break; } /* convert to string */ char[] str = new char[res]; for (i = 0; i < res; i++) { str[i] = (char)buf[i]; } Console.Write(str); } } else if (!quiet) { SSLUtil.DisplayError(res); } /* client was disconnected or the handshake failed. */ ssl.Dispose(); client_sock.Close(); } /* ssl_ctx.Dispose(); */ }
void RunTestInner(bool cmdClient, object obj, Stream peer) { /* * Create the SSL engine, and configure it as specified * in the configuration object (with the default * configuration as fallback). */ SSLEngine eng; byte[][] chain = null; IPrivateKey skey = null; string certType = GetCertType(obj, !cmdClient); switch (certType) { case "RSA": chain = chainRSA; skey = skeyRSA; break; case "EC": chain = chainEC; skey = skeyEC; break; case "none": break; default: throw new Exception("Unknown certType: " + certType); } if (cmdClient) { IServerPolicy spol = new SSLServerPolicyBasic( chain, skey, KeyUsage.EncryptAndSign); SSLServer ss = new SSLServer(peer, spol); ss.SessionCache = new SSLSessionCacheLRU(20); eng = ss; } else { SSLClient sc = new SSLClient(peer); sc.ServerCertValidator = SSLClient.InsecureCertValidator; eng = sc; } eng.NormalizeIOError = true; eng.AutoFlush = false; /* * Minimum version. */ string svmin; if (JSON.TryGetString(obj, "versionMin", out svmin)) { eng.VersionMin = SSL.GetVersionByName(svmin); } else { eng.VersionMin = versionMin; } /* * Maximum version. */ string svmax; if (JSON.TryGetString(obj, "versionMax", out svmax)) { eng.VersionMax = SSL.GetVersionByName(svmax); } else { eng.VersionMax = versionMax; } /* * Supported cipher suites. */ string[] sccs; if (JSON.TryGetStringArray(obj, "cipherSuites", out sccs)) { eng.SupportedCipherSuites = GetSuitesByName(sccs); } else { eng.SupportedCipherSuites = cipherSuites; } /* * Supported hash-and-sign algorithms. */ string[] shss; if (JSON.TryGetStringArray(obj, "hashAndSigns", out shss)) { eng.SupportedHashAndSign = GetHashAndSignsByName(shss); } else { eng.SupportedHashAndSign = hashAndSigns; } /* * Supported elliptic curves. */ string[] secc; if (JSON.TryGetStringArray(obj, "curves", out secc)) { eng.SupportedCurves = GetCurvesByName(secc); } else { eng.SupportedCurves = curves; } /* * What to do when there is no close_notify. */ bool ncn; if (JSON.TryGetBool(obj, "noCloseNotify", out ncn)) { eng.NoCloseNotify = ncn; } else { eng.NoCloseNotify = noCloseNotify; } /* * Quirks. */ IDictionary <string, object> qm; if (JSON.TryGetObjectMap(obj, "quirks", out qm)) { SSLQuirks q = new SSLQuirks(); foreach (string name in qm.Keys) { q[name] = JSON.GetString(qm, name); } eng.Quirks = q; } bool askClose; JSON.TryGetBool(obj, "askClose", out askClose); bool renegotiate, renegotiateAccepted; renegotiate = JSON.TryGetBool(obj, "renegotiate", out renegotiateAccepted); bool askRenegotiate, askRenegotiateAccepted; askRenegotiate = JSON.TryGetBool(obj, "askRenegotiate", out askRenegotiateAccepted); bool reconnectSelf = false, reconnectPeer = false; string rcs; if (JSON.TryGetString(obj, "reconnect", out rcs)) { switch (rcs) { case "self": reconnectSelf = true; break; case "peer": reconnectPeer = true; break; default: throw new Exception("Unknown 'reconnect' type: " + rcs); } } bool forgetSelf = false, forgetPeer = false; string fgs; if (JSON.TryGetString(obj, "forget", out fgs)) { switch (fgs) { case "self": forgetSelf = true; break; case "peer": forgetPeer = true; break; default: throw new Exception("Unknown 'forget' type: " + fgs); } } if (askClose) { SendCommand(eng, 'C'); if (eng.ReadByte() != -1) { throw new Exception("Peer did not close"); } } else if (renegotiate) { SendMessageNormal(eng, 10); if (eng.Renegotiate()) { if (!renegotiateAccepted) { throw new Exception("Renegotiation" + " should have been rejected"); } } else { if (renegotiateAccepted) { throw new Exception("Renegotiation" + " should have been accepted"); } } SendMessageNormal(eng, 9); } else if (askRenegotiate) { SendMessageNormal(eng, 10); long rc = eng.HandshakeCount; SendCommand(eng, 'G'); string s = ReadLine(eng); switch (s) { case "DENIED": if (askRenegotiateAccepted) { throw new Exception("Renegotiation" + " should have been accepted"); } break; case "OK": if (!askRenegotiateAccepted) { throw new Exception("Renegotiation" + " should have been rejected"); } long nrc = eng.HandshakeCount; if (nrc != rc + 1) { throw new Exception(string.Format( "Wrong handshake count" + " (old={0}, new={1})", rc, nrc)); } break; default: throw new Exception(string.Format( "Unexpected answer string '{0}'", s)); } SendMessageNormal(eng, 8); } else if (reconnectSelf || reconnectPeer) { SendMessageNormal(eng, 50); SendMessageNormal(eng, 100); if (forgetPeer) { SendCommand(eng, 'U'); string s = ReadLine(eng); if (s != "DONE") { throw new Exception(string.Format( "Unexpected answer '{0}'", s)); } } eng.CloseSub = false; if (reconnectPeer) { SendCommand(eng, 'T'); if (eng.ReadByte() != -1) { throw new Exception( "Peer did not close"); } } else { SendCommand(eng, 'R'); string s = ReadLine(eng); if (s != "OK") { throw new Exception(string.Format( "Unexpected answer '{0}'", s)); } eng.Close(); } SSLEngine eng2; if (cmdClient) { IServerPolicy spol = new SSLServerPolicyBasic( chain, skey, KeyUsage.EncryptAndSign); SSLServer ss = new SSLServer(peer, spol); if (forgetSelf) { ss.SessionCache = new SSLSessionCacheLRU(20); } else { ss.SessionCache = ((SSLServer)eng).SessionCache; } eng2 = ss; } else { SSLSessionParameters sp; if (forgetSelf) { sp = null; } else { sp = eng.SessionParameters; } SSLClient sc = new SSLClient(peer, sp); sc.ServerCertValidator = SSLClient.InsecureCertValidator; eng2 = sc; } eng2.NormalizeIOError = eng.NormalizeIOError; eng2.AutoFlush = eng.AutoFlush; eng2.VersionMin = eng.VersionMin; eng2.VersionMax = eng.VersionMax; eng2.SupportedCipherSuites = eng.SupportedCipherSuites; eng2.SupportedHashAndSign = eng.SupportedHashAndSign; eng2.SupportedCurves = eng.SupportedCurves; eng2.NoCloseNotify = eng.NoCloseNotify; eng2.Quirks = eng.Quirks; eng = eng2; SendMessageNormal(eng, 60); SendMessageNormal(eng, 90); if (forgetSelf || forgetPeer) { if (eng.IsResume) { throw new Exception( "Session was resumed"); } } else { if (!eng.IsResume) { throw new Exception( "Session was not resumed"); } } } else { for (int i = 0; i <= 38; i++) { int len; if (i <= 20) { len = i; } else { len = 20 + (1 << (i - 20)); } SendMessageNormal(eng, len); } } eng.Close(); }