OpenSSLPOC/Server.c at master · kline7/OpenSSLPOC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <stdbool.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <resolv.h>
#include "openssl/ssl.h"
#include "openssl/err.h"

#define FAIL    -1

// create the SSL socket and initialize the socket address structure
int OpenListener(int port) {
    int sockfd;
    struct sockaddr_in addr;

    // setup the socket
    sockfd = socket(PF_INET, SOCK_STREAM, 0);
    bzero(&addr, sizeof(addr));

    // set up the socket options
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = INADDR_ANY;

    // bind the socket
    if (bind(sockfd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
        perror("can't bind port");
        abort();
    }

    if (listen(sockfd, 10) != 0) {
        perror("Can't configure listening port");
        abort();
    }

    return sockfd;
}

int isRoot() {
    if (getuid() != 0) {
        return 0;
    }else {
        return 1;
    }
}

SSL_CTX* InitServerCTX(void) {
   const SSL_METHOD *method;
    SSL_CTX *ctx;

    // load & register all cryptos, etc.
    OpenSSL_add_all_algorithms();
    // load all errors messages
    SSL_load_error_strings();
    // load other error strings?
    ERR_load_ERR_strings();
    // create new server-method instance
    method = TLS_server_method();
    // create new context from method
    ctx = SSL_CTX_new(method);
    if (ctx == NULL) {
        ERR_print_errors_fp(stderr);
        abort();
    }
    SSL_CTX_set_ecdh_auto(ctx, 1);
    return ctx;
}

void LoadCertificates(SSL_CTX *ctx, char *certFile, char *keyFile) {
    // set the local certificate from certFile
    if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stderr);
        abort();
    }
    // set the private key from keyFile (may be the same as certFile)
    if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stderr);
        abort();
    }

    // verify private key
    if (!SSL_CTX_check_private_key(ctx)) {
        fprintf(stderr, "Private key does not match the public certificate\n");
        abort();
    }
}

void ShowCerts(SSL *ssl) {
    X509 *cert;
    char *line;

    // get certificates (if available)
    cert = SSL_get_peer_certificate(ssl);

    if (cert != NULL) {
        printf("Server certificates:\n");
        line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
        printf("Subject: %s\n", line);
        free(line);
        line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
        printf("Issuer: %s\n", line);
        free(line);
        X509_free(cert);
    }else {
        printf("No certificates.\n");
    }
}

// serve the connection -- threadable
void Servlet(SSL *ssl) {
    char buff[1024] ={0};
    int sockfd, bytes;
    const char *serverResponse = "OH HI!";

    const char *cpValidMessage = "hello there!";

    if (SSL_accept(ssl) == FAIL) { // do SSL-protocol accept
        ERR_print_errors_fp(stderr);
    }else {
        // get any certificates
        //ShowCerts(ssl);
        // get request
        bytes = SSL_read(ssl, buff, sizeof(buff));
        buff[bytes] = '\0';

        printf("Client msg: \"%s\"\n", buff);

        if (bytes > 0) {
            if (strcmp(cpValidMessage, buff) == 0) {
                // send reply
                SSL_write(ssl, serverResponse, strlen(serverResponse));
            }else {
                SSL_write(ssl, "Inavlid Message", strlen("Invalid Message"));
            }
        }else {
            ERR_print_errors_fp(stderr);
        }
    }
    // get socket connection
    sockfd = SSL_get_fd(ssl);
    // release SSL state
    SSL_free(ssl);
    // close connection
    close(sockfd);
}

int main(int count, char *Argc[]) {
    SSL_CTX *ctx;
    int server;
    char *portnum;

    // only root user have the permission to run the server
    if (!isRoot()) {
        printf("This program must be run as root/sudo user!!");
        exit(0);
    }

    if (count != 2) {
        printf("Usage: %s <portnum>\n", Argc[0]);
        exit(0);
    }

    // initialize the ssl library
    SSL_library_init();

    portnum = Argc[1];
    // initialize SSL
    ctx = InitServerCTX();
    // load certs
    LoadCertificates(ctx, "cacert.pem", "privatekey.pem");
    // create server socket
    server = OpenListener(atoi(portnum));
    while (1) {
        struct sockaddr_in addr;
        socklen_t len = sizeof(addr);
        SSL *ssl;

        // accept conenction
        int client = accept(server, (struct sockaddr*)&addr, &len);
        printf("Connection: %s:%d\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
        // get new SSL state with context
        ssl = SSL_new(ctx);
        // set connection socket to SSL state
        SSL_set_fd(ssl, client);
        // service connection
        Servlet(ssl);
    }
    // close server socket
    close(server);
    // release context
    SSL_CTX_free(ctx);
}