File: pssl.c

package info (click to toggle)
gatling 0.13-6
  • links: PTS
  • area: main
  • in suites: sid, stretch
  • size: 1,196 kB
  • ctags: 1,115
  • sloc: ansic: 23,805; makefile: 143; sh: 71; perl: 30
file content (94 lines) | stat: -rw-r--r-- 3,100 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/poll.h>
#include <netdb.h>
#include <fcntl.h>
#include <mbedtls/havege.h>
#include <mbedtls/net.h>
#include <mbedtls/ssl.h>
#include "mmap.h"

static int library_inited;

const char* ssl_server_cert="server.pem";
const char* ssl_client_crl="clientcrl.pem";
const char* ssl_client_ca="clientca.pem";
const char* ssl_ciphers="DEFAULT";
const char* ssl_client_cert="clientcert.pem";

static mbedtls_ssl_config tls_config;
static mbedtls_pk_context tls_pk;
static mbedtls_x509_crt tls_srvcert;
static mbedtls_havege_state tls_hs;

int my_ciphersuites[] =
{
    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
    MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
    0
};

static int my_net_recv( void *ctx, unsigned char *buf, size_t len ) {
  int sock=(int)(uintptr_t)ctx;
  return mbedtls_net_recv(&sock,buf,len);
};

static int my_net_send( void *ctx, const unsigned char *buf, size_t len ) {
  int sock=(int)(uintptr_t)ctx;
  return mbedtls_net_send(&sock,buf,len);
};


int init_serverside_tls(mbedtls_ssl_context* ssl, int sock) {
  if (!library_inited) {
    mbedtls_havege_init(&tls_hs);
    mbedtls_x509_crt_init(&tls_srvcert);
    mbedtls_pk_init(&tls_pk);
    mbedtls_ssl_config_init(&tls_config);

    /* Load certificate and private key */
    if (mbedtls_x509_crt_parse_file(&tls_srvcert, ssl_server_cert) ||
        mbedtls_pk_parse_keyfile(&tls_pk, ssl_server_cert, NULL) ||
        !mbedtls_pk_can_do(&tls_pk, MBEDTLS_PK_RSA)) {

      mbedtls_pk_free(&tls_pk);
      mbedtls_x509_crt_free(&tls_srvcert);
      return -1;
    }

    /* Setup common TLS config */
    mbedtls_ssl_config_defaults(&tls_config,
      MBEDTLS_SSL_IS_SERVER,
      MBEDTLS_SSL_TRANSPORT_STREAM,
      MBEDTLS_SSL_PRESET_DEFAULT);
    mbedtls_ssl_conf_rng(&tls_config, mbedtls_havege_random, &tls_hs);
    mbedtls_ssl_conf_ciphersuites(&tls_config, my_ciphersuites);
    mbedtls_ssl_conf_ca_chain(&tls_config, tls_srvcert.next, NULL);
    mbedtls_ssl_conf_own_cert(&tls_config, &tls_srvcert, &tls_pk);
    mbedtls_ssl_conf_dh_param(&tls_config, "CD95C1B9959B0A135B9D306D53A87518E8ED3EA8CBE6E3A338D9DD3167889FC809FE1AD59B38C98D1A8FCE47E46DF5FB56B8EA3B03B2132C249A99209F62A1AD63511BD08A60655B0463B6F1BB79BEC9D17C71BD269C6B50CF0EDDAAB83290B4C697A7F641FBD21EE0E7B57C698AFEED8DA3AB800525E6887215A61CA62DC437", "04");

    library_inited=1;
  }

  /** Initialize new SSL context */
  mbedtls_ssl_init(ssl);
  if (mbedtls_ssl_setup(ssl, &tls_config))
    return -1;

  mbedtls_ssl_set_bio(ssl, (void*)(uintptr_t) sock, my_net_send, my_net_recv, NULL);
  return 0;
}