LibreSSL TLS C++ Server

Exported from Notepad++
//clear; rm -frv ssl_server; g++-7 -g -fPIC -Wall -ltls ssl_server.cpp -o ssl_server -static-libstdc++ //#################################################################### //openssl req -x509 -newkey rsa:4096 -subj “/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com” -keyout key.pem -out cert.pem -days 365 //openssl x509 -in cert.pem -text -noout //openssl rsa -in key.pem -out key2.pem #Passwort entfernen //#################################################################### //lynx https://github.com/daniloegea/libressl-tls-api-examples //################################################################# //TEST //tcpdump -nnvvXSs 1514 -i eth0 port not 22 and not host 172.17.190.1 and not arp and port 9001 //Im vergleich zu Netcat unverschlüsselte Verbindung //Server: “netcat -l -v 9001” //Client: “telnet 172.17.190.84 9001” // //openssl s_client -connect 172.17.190.84:9001 //gnutls-cli -s 172.17.190.84 -p 9001 //C_C++ Header #include <dirent.h> #include <sys/stat.h> #include <sys/types.h> #include <string> #include <string.h> #include <cstring> #include <algorithm> //Zum Casten von Char Hex Array nach string (bei md5sum) #include <iomanip> #include <iostream> #include <vector> #include <sys/time.h> #include <sstream> #include <fstream> #include <pthread.h> #include <thread> #include <time.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <poll.h> #include <tls.h> using namespace std; int main(int argc, char **argv) { struct tls_config *config = NULL; struct tls *tls = NULL; unsigned int protocols = 0; struct sockaddr_in server, client; int sock = socket(AF_INET, SOCK_STREAM, 0); int opt = 1; int b; struct tls *tls2 = NULL; //ssize_t outlen = 0; char bufs[1000];//, bufc[1000]; int sc; char *msg = “HELLO TLS CLIENT\n”; //char *ciphers = “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384”; //char *ciphers = “ECDHE-ECDSA-AES-256-GCM-SHA512”; //struct pollfd pfd[2]; //gnuTLS Initilaisieren /* if(tls_init() < 0) { printf(“tls_init error\n”); exit(1); } */ int tls_init_status = 666; tls_init_status = tls_init(); cout<<“tls_init_status#”<<tls_init_status<<endl; /* config = tls_config_new(); if(config == NULL) { printf(“tls_config_new error\n”); exit(1); } */ //int tls_config_new_status = 666; config = tls_config_new(); cout<<“config#”<<config<<endl; /* tls = tls_server(); if(tls == NULL) { printf(“tls_server error\n”); exit(1); } */ tls = tls_server(); cout<<“tls_server()#”<<tls<<endl; /* if(tls_config_parse_protocols(&protocols, “secure”) < 0) { printf(“tls_config_parse_protocols error\n”); exit(1); } */ //https://www.freebsd.org/cgi/man.cgi?query=tls_config_set_protocols&sektion=3&apropos=0&manpath=FreeBSD+12.0-RELEASE+and+Ports //secure (or alias default) //compat //legacy //insecure (or alias all) int tls_config_parse_protocols_status = 666; cout<<“protocols#”<<protocols<<endl; tls_config_parse_protocols_status = tls_config_parse_protocols(&protocols, “secure”) ; cout<<“tls_config_parse_protocols_status#”<<tls_config_parse_protocols_status<<endl; //################### //Mögliche Protokoll Einstellungen. https://man.openbsd.org/tls_config_set_protocols.3 //TLS_PROTOCOL_TLSv1_0 //TLS_PROTOCOL_TLSv1_1 //TLS_PROTOCOL_TLSv1_2 int tls_config_set_protocols_status = 666; //tls_config_set_protocols(config, protocols); //tls_config_set_protocols_status = tls_config_set_protocols(config, protocols); tls_config_set_protocols_status = tls_config_set_protocols(config, TLS_PROTOCOL_TLSv1_2); cout<<“tls_config_set_protocols_status#”<<tls_config_set_protocols_status<<endl; /* if(tls_config_set_ciphers(config, ciphers) < 0) { printf(“tls_config_set_ciphers error\n”); exit(1); } */ //########################## //Cipher Einstllungen. https://www.gnutls.org/manual/html_node/Supported-ciphersuites.html oder vom Client aus “gnutls-cli -V –list” //char *ciphers = “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384”; //char *ciphers = “ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA”; string cipher_suite = “ECDHE-RSA-AES256-GCM-SHA384”; char *ciphers = (char *) cipher_suite.c_str(); //Aktuell höchster Versclüsselungsgrad (01/2019 v3.6) int tls_config_set_ciphers_status = 666; tls_config_set_ciphers_status = tls_config_set_ciphers(config, ciphers); cout<<“#tls_config_set_ciphers_status#”<<tls_config_set_ciphers_status<<endl; /* if(tls_config_set_key_file(config, “key2.pem”) < 0) { printf(“tls_config_set_key_file error\n”); exit(1); } */ //########################## //Key File //openssl req -x509 -newkey rsa:4096 -subj “/C=DE/ST=B-W/L=ROT/O=Bit-Devil Inc./OU=Org/CN=www.bit-devil.com” -keyout key.pem -out cert.pem -days 365 //openssl rsa -in key.pem -out key2.pem #Passwort entfernen int tls_config_set_key_file_status = 666; tls_config_set_key_file_status = tls_config_set_key_file(config, “key2.pem”); cout<<“tls_config_set_key_file_status#”<<tls_config_set_key_file_status<<endl; /* if(tls_config_set_cert_file(config, “cert.pem”) < 0) { printf(“tls_config_set_cert_file error\n”); exit(1); } */ //openssl x509 -in cert.pem -text -noout int tls_config_set_cert_file_status = 666; tls_config_set_cert_file_status = tls_config_set_cert_file(config, “cert.pem”); cout<<“tls_config_set_cert_file_status#”<<tls_config_set_cert_file_status<<endl; /* if(tls_configure(tls, config) < 0) { printf(“tls_configure error: %s\n”, tls_error(tls)); exit(1); } */ int tls_configure_status = 666; tls_configure_status = tls_configure(tls, config); cout<<“tls_configure_status#”<<tls_configure_status<<endl; //Socket API bzero(&server, sizeof(server)); //server.sin_addr.s_addr = inet_addr(“127.0.0.1”); server.sin_addr.s_addr = inet_addr(“172.17.190.84”); //server.sin_port = htons(443); server.sin_port = htons(9001); server.sin_family = AF_INET; setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &opt, 4); b = bind(sock, (struct sockaddr *) &server, sizeof(server)); /* if(b < 0) { printf(“erro bind\n”); exit(1); } */ if (b == -1){cout<<“SOCKET ERROR”<<endl;} listen(sock, 10); socklen_t client_size = sizeof(client); sc = accept(sock, (struct sockaddr *) &client, &client_size); /* if(tls_accept_socket(tls, &tls2, sc) < 0) { printf(“tls_accept_socket error\n”); exit(1); } */ int tls_accept_socket_status = 666; tls_accept_socket_status = tls_accept_socket(tls, &tls2, sc); cout<<“tls_accept_socket_status”<<tls_accept_socket_status<<endl; //Nachricht an Client zurücksenden. Ähnlcih der Socket API write() Funktion tls_write(tls2, msg, strlen(msg)); //Nachricht Empfangen. Aufbrau wie Socket API bool ende = true; int bytes; while(ende) { bytes = tls_read(tls2, bufs, 1000); cout<<“bytes#”<<bytes<<endl; cout<<“bufs#”<<bufs<<“#”<<endl; bzero (bufs, sizeof(bufs)); if (bytes == 0) { tls_close(tls); ende = false; //cout<<“Last Block in redis#”<<response<<endl; } if (bytes < 1000) { tls_close(tls); ende = false; //cout<<“Last Block in redis#”<<response<<endl; } if (bytes == -1) { tls_close(tls); ende = false; //cout<<“Last Block in redis#”<<response<<endl; } if (bufs == “ENDE”) { tls_close(tls); ende = false; } } /* pfd[0].fd = 0; pfd[0].events = POLLIN; pfd[1].fd = sc; pfd[1].events = POLLIN; while(bufc[0] != ‘:’ && bufc[1] != ‘q’) { poll(pfd, 2, -1); bzero(bufs, 1000); bzero(bufc, 1000); if(pfd[0].revents & POLLIN) { int q = read(0, bufc, 1000); tls_write(tls2, bufc, q); } if(pfd[1].revents & POLLIN) { if((outlen = tls_read(tls2, bufs, 1000)) <= 0) break; printf(“Message (%lu): %s\n”, outlen, bufs); } } */ tls_close(tls); tls_free(tls); tls_config_free(config); return 0; }

Post Revisions: