📄 testssl.c
字号:
*socketNo = accept(*socketNo, (struct sockaddr *) &addr, &len);
if (*socketNo < 0)
{ printf("accept failed\n");
exit(1);
}
peer->ipAddr = addr.sin_addr.s_addr;
peer->port = htons((u_short)port);
return SSLNoErr;
}
SSLErr
ConfigureGenericSSLSession(SSLContext *ctx)
{ ERR(SSLInitContext(ctx));
ERR(SSLSetAllocFunc(ctx, SSLAlloc));
ERR(SSLSetFreeFunc(ctx, SSLFree));
ERR(SSLSetReallocFunc(ctx, SSLRealloc));
ERR(SSLSetRandomFunc(ctx, SSLRandom));
ERR(SSLSetTimeFunc(ctx, SSLTime));
ERR(SSLSetConvertTimeFunc(ctx, SSLConvertTime));
ERR(SSLSetReadFunc(ctx, SocketRead));
ERR(SSLSetWriteFunc(ctx, SocketWrite));
ERR(SSLSetAddSessionFunc(ctx, SSLAddSession));
ERR(SSLSetGetSessionFunc(ctx, SSLGetSession));
ERR(SSLSetDeleteSessionFunc(ctx, SSLDeleteSession));
#if BSAFE
ERR(SeedRandom(&gRandomRef));
SSLSetRandomRef(ctx, *(B_ALGORITHM_OBJ*)gRandomRef);
#else
ERR(SeedRandom(&gRandomRef));
SSLSetRandomRef(ctx, gRandomRef);
#endif
return SSLNoErr;
}
static SSLErr
ReadPrivateKey_old(SSLRSAPrivateKey *privKey, SSLContext *ctx)
{ FILE *keyFile;
uint8 keyData[1024];
SSLBuffer key, password;
password.data = (uint8*)KEY_PASSWORD;
password.length = sizeof(KEY_PASSWORD) - 1;
keyFile = fopen("private.key", "rb");
if (keyFile)
{ key.data = keyData;
key.length = fread(keyData, 1, 1024, keyFile);
fclose(keyFile);
if (key.length > 0 && key.length < 1024)
{ SSLDecodePrivateKey(key, password, privKey, ctx);
}
}
return SSLNoErr;
}
static SSLErr
ReadPrivateKey(SSLRSAPrivateKey *privKey, SSLContext *ctx)
{
SSLRSAPublicKey PUBLIC_KEY3;
SSLRSAPrivateKey *PRIVATE_KEY3;
FILE *keyFile;
FILE *file;
char server_key[] = "1024cans.key";
PRIVATE_KEY3 = privKey;
file = fopen(server_key, "rb");
keyFile = file;
if (keyFile)
{
unsigned char b;
//fread(&PUBLIC_KEY3, sizeof(PUBLIC_KEY3), 1, file);
//fread(&PUBLIC_KEY3.bits, sizeof(PUBLIC_KEY3.bits), 1, file);
fread(&b, sizeof(b), 1, file);
PUBLIC_KEY3.bits = b;
fread(&b, sizeof(b), 1, file);
PUBLIC_KEY3.bits = ((PUBLIC_KEY3.bits << 8) + b);
fread(&PUBLIC_KEY3.modulus, sizeof(PUBLIC_KEY3.modulus), 1, file);
fread(&PUBLIC_KEY3.exponent, sizeof(PUBLIC_KEY3.exponent), 1, file);
//fread(&PRIVATE_KEY3, sizeof(PRIVATE_KEY3), 1, file);
fread(&b, sizeof(b), 1, file);
PRIVATE_KEY3->bits = b;
fread(&b, sizeof(b), 1, file);
PRIVATE_KEY3->bits = ((PRIVATE_KEY3->bits << 8) + b);
//fread(&PRIVATE_KEY3.bits, sizeof(PRIVATE_KEY3.bits), 1, file);
fread(PRIVATE_KEY3->modulus, sizeof(PRIVATE_KEY3->modulus), 1, file);
fread(PRIVATE_KEY3->publicExponent, sizeof(PRIVATE_KEY3->publicExponent), 1, file);
fread(PRIVATE_KEY3->exponent, sizeof(PRIVATE_KEY3->exponent), 1, file);
fread(PRIVATE_KEY3->prime[0], sizeof(PRIVATE_KEY3->prime[0]), 1, file);
fread(PRIVATE_KEY3->prime[1], sizeof(PRIVATE_KEY3->prime[1]), 1, file);
fread(PRIVATE_KEY3->primeExponent[0], sizeof(PRIVATE_KEY3->primeExponent[0]), 1, file);
fread(PRIVATE_KEY3->primeExponent[1], sizeof(PRIVATE_KEY3->primeExponent[1]), 1, file);
fread(PRIVATE_KEY3->coefficient, sizeof(PRIVATE_KEY3->coefficient), 1, file);
fread(PRIVATE_KEY3->SJY_key, sizeof(PRIVATE_KEY3->SJY_key), 1, file);
//fread(&PRIVATE_KEY3.keyno, sizeof(PRIVATE_KEY3.keyno), 1, file);
fread(&b, sizeof(b), 1, file);
PRIVATE_KEY3->keyno = b;
fread(&b, sizeof(b), 1, file);
PRIVATE_KEY3->keyno = ((PRIVATE_KEY3->keyno << 8) + b);
fclose(file);
}
else
{
printf("Error open file 1024cans.key\n");
ERR(-1);
}
return SSLNoErr;
}
static SSLErr
AddCertificates_old(SSLContext *ctx)
{ SSLErr err;
FILE *certFile;
SSLBuffer certData, cert;
uint8 *progress;
uint32 length;
/* Format of certificate file is a set of { 24-bit length, followed by a cert },
root cert last */
certFile = fopen("test.crt", "rb");
if (certFile)
{ certData.data = malloc(10240);
certData.length = fread(certData.data, 1, 10240, certFile);
fclose(certFile);
progress = certData.data;
while (progress < certData.data + certData.length)
{ length = *progress++;
length = (length << 8) + *progress++;
length = (length << 8) + *progress++;
cert.data = malloc(length);
cert.length = length;
memcpy(cert.data, progress, length);
progress += cert.length;
if ((err = SSLAddCertificate(ctx, cert, 1, 0)) != 0)
{ free(certData.data);
return err;
}
}
free(certData.data);
cert.data = 0; /* Just check chain validity */
if ((err = SSLAddCertificate(ctx, cert, 0, 1)) != 0)
return err;
}
return SSLNoErr;
}
SSLErr
AddCertificates(SSLContext *ctx)
{ SSLErr err;
FILE *certFile;
SSLBuffer certData, cert;
uint8 *progress;
uint32 length;
char server_der[] = "1024cans.der";
char ca_der[] = "cans.der";
char server_ca_der[] = "1024cans.crt";
/* Format of certificate file is a set of { 24-bit length, followed by a cert },
root cert last */
certFile = fopen(server_ca_der, "rb");
if (certFile == NULL)
{
unsigned char b;
int len;
char buf[10240];
FILE *file1, *file2;
file2 = fopen(server_ca_der, "wb");
file1 = fopen(server_der, "rb");
if (file1)
{
len = fread(buf, 1, sizeof(buf), file1);
fclose(file1);
b = (len>>16)&0xff;
fwrite(&b, 1, 1, file2);
b = (len>>8)&0xff;
fwrite(&b, 1, 1, file2);
b = len&0xff;
fwrite(&b, 1, 1, file2);
fwrite(buf, 1, len, file2);
}
file1 = fopen(ca_der, "rb");
if (file1)
{
len = fread(buf, 1, sizeof(buf), file1);
fclose(file1);
b = (len>>16)&0xff;
fwrite(&b, 1, 1, file2);
b = (len>>8)&0xff;
fwrite(&b, 1, 1, file2);
b = len&0xff;
fwrite(&b, 1, 1, file2);
fwrite(buf, 1, len, file2);
}
if(file2) fclose(file2);
certFile = fopen(server_ca_der, "rb");
}
if (certFile)
{ certData.data = malloc(10240);
certData.length = fread(certData.data, 1, 10240, certFile);
fclose(certFile);
progress = certData.data;
while (progress < certData.data + certData.length)
{ length = *progress++;
length = (length << 8) + *progress++;
length = (length << 8) + *progress++;
cert.data = malloc(length);
cert.length = length;
memcpy(cert.data, progress, length);
progress += cert.length;
// SSL AddCertificate(SSLContext *ctx, SSLBuffer derCert, int parent, int complete)
if ((err = SSLAddCertificate(ctx, cert, 1, 0)) != 0)
{ free(certData.data);
return err;
}
}
free(certData.data);
cert.data = 0; /* Just check chain validity */
if ((err = SSLAddCertificate(ctx, cert, 0, 1)) != 0)
return err;
}
else
{
printf("error open file 1024cans.crt\n");
ERR(-1);
}
return SSLNoErr;
}
/* extern arrays are in verisign.c; sizes are copied by hand from those definitions */
extern unsigned char CLASS1_ROOT_SUBJECT_NAME[];
#define CLASS1_ROOT_SUBJECT_NAME_SIZE 97
extern unsigned char CLASS2_ROOT_SUBJECT_NAME[];
#define CLASS2_ROOT_SUBJECT_NAME_SIZE 97
extern unsigned char CLASS3_ROOT_SUBJECT_NAME[];
#define CLASS3_ROOT_SUBJECT_NAME_SIZE 97
extern unsigned char CLASS4_ROOT_SUBJECT_NAME[];
#define CLASS4_ROOT_SUBJECT_NAME_SIZE 97
static
unsigned char RSA_COMMERCIAL_CA_ROOT_SUBJECT_NAME[] =
{ 0x30, 0x5F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x17, 0x52, 0x53, 0x41, 0x20, 0x44, 0x61,
0x74, 0x61, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2C, 0x20, 0x49, 0x6E, 0x63,
0x2E, 0x31, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x25, 0x53, 0x65, 0x63, 0x75,
0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74,
0x79
};
static
unsigned char SSL_ONE_CA_ROOT[10240];
SSLErr
AddDistinguishedNames(SSLContext *ctx)
{ SSLErr err;
SSLBuffer derDN;
/*
// add our CA's DN
*/
{
FILE *file;
char ca_dn[] = "cans.dn";
file = fopen(ca_dn, "rb");
if (file)
{
derDN.length = fread(SSL_ONE_CA_ROOT, 1, 1024, file);
derDN.data = SSL_ONE_CA_ROOT;
fclose(file);
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
}
else
{
printf("error open file cans.dn\n");
ERR(-1);
}
}
derDN.data = RSA_COMMERCIAL_CA_ROOT_SUBJECT_NAME;
derDN.length = sizeof(RSA_COMMERCIAL_CA_ROOT_SUBJECT_NAME);
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
derDN.data = CLASS1_ROOT_SUBJECT_NAME;
derDN.length = CLASS1_ROOT_SUBJECT_NAME_SIZE;
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
derDN.data = CLASS2_ROOT_SUBJECT_NAME;
derDN.length = CLASS2_ROOT_SUBJECT_NAME_SIZE;
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
derDN.data = CLASS3_ROOT_SUBJECT_NAME;
derDN.length = CLASS3_ROOT_SUBJECT_NAME_SIZE;
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
derDN.data = CLASS4_ROOT_SUBJECT_NAME;
derDN.length = CLASS4_ROOT_SUBJECT_NAME_SIZE;
if (ERR(err = SSLAddDistinguishedName(ctx, derDN)) != 0)
return err;
return SSLNoErr;
}
/* DH primes are in dhprimes.c */
extern unsigned char prime1024[1024/8];
unsigned char generator[1] = { 2 };
SSLErr
AddDHParams(SSLContext *ctx)
{ SSLErr err;
SSLDHParams dhParams;
#if RSAREF
dhParams.primeLen = sizeof(prime1024);
dhParams.generatorLen = sizeof(generator);
dhParams.prime = prime1024;
dhParams.generator = generator;
#elif BSAFE
{ int rsaErr;
A_DH_KEY_AGREE_PARAMS dhKey;
B_ALGORITHM_METHOD *chooser[] = { &AM_DH_KEY_AGREE, 0 };
dhKey.prime.len = sizeof(prime1024);
dhKey.base.len = sizeof(generator);
dhKey.prime.data = prime1024;
dhKey.base.data = generator;
dhKey.exponentBits = 128;
if ((rsaErr = B_CreateAlgorithmObject(&dhParams)) != 0)
return SSLUnknownErr;
if ((rsaErr = B_SetAlgorithmInfo(dhParams, AI_DHKeyAgree, (POINTER)&dhKey)) != 0)
return SSLUnknownErr;
if ((rsaErr = B_KeyAgreeInit(dhParams, (B_KEY_OBJ)NULL_PTR, chooser, NO_SURR)) != 0)
return SSLUnknownErr;
}
#endif
if (ERR(err = SSLSetDHAnonParams(ctx, &dhParams)) != 0)
return err;
return SSLNoErr;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -