2020-03-11 21:01:54 +00:00
|
|
|
//////////////////////////////////////////////////
|
|
|
|
// Bakalarska praca //
|
|
|
|
// Meno studenta: Tomas Lukac //
|
|
|
|
// Veduci BP: prof. Ing. Milos Drutarovsky CSc. //
|
|
|
|
// Skola: KEMT FEI TUKE //
|
2020-03-12 16:22:08 +00:00
|
|
|
// Datum poslednej upravy: 12.3.2020 //
|
2020-03-11 21:01:54 +00:00
|
|
|
//////////////////////////////////////////////////
|
|
|
|
|
|
|
|
#include "../kniznica/kryptografia.h"
|
|
|
|
#include "../kniznica/komunikacia.h"
|
|
|
|
|
|
|
|
#include <wolfssl/ssl.h>
|
|
|
|
|
2020-03-13 09:25:19 +00:00
|
|
|
#define RSA_VELKOST 2048
|
2020-03-11 21:01:54 +00:00
|
|
|
#define ECC_VELKOST 32
|
|
|
|
#define RSA_EXPONENT 65537
|
|
|
|
|
|
|
|
int main(int argc, char** argv)
|
|
|
|
{
|
|
|
|
int generovanie_certifikatu = 0;
|
|
|
|
int nacitanie_zo_suboru = 0;
|
2020-03-12 16:22:08 +00:00
|
|
|
int uvedeny_subor = 0;
|
2020-03-11 21:01:54 +00:00
|
|
|
int ip = 0;
|
|
|
|
int port = 0;
|
|
|
|
|
|
|
|
#if defined (_WIN32)
|
|
|
|
WSADATA d;
|
|
|
|
if(WSAStartup(MAKEWORD(2,2), &d))
|
|
|
|
{
|
|
|
|
printf("Nastala chyba pri inicializacii winsocketu\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
int cislo_soketu = 0;
|
|
|
|
int cislo_portu = 0;
|
2020-03-12 16:22:08 +00:00
|
|
|
char* ip_adresa = NULL;
|
|
|
|
char* subor = NULL;
|
|
|
|
const char *subor_certifikat = NULL;
|
2020-03-11 21:01:54 +00:00
|
|
|
const char *subor_kluc = NULL;
|
|
|
|
WOLFSSL *ssl; WOLFSSL_CTX *ctx;
|
|
|
|
|
|
|
|
if((ctx = nastavit_ctx_klient()) == NULL)
|
|
|
|
{
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
//skontroluje ci nebol zadany prepinac "-g" pre moznost generovanie certifikatu,
|
|
|
|
//ak ano pozrie aky typ certifikatu (v CLI argument hned za nim) bol zvoleny
|
|
|
|
for(int i = 0; i < argc; i++)
|
|
|
|
{
|
2020-03-12 16:22:08 +00:00
|
|
|
if( (!strcmp(argv[i], "-s")) )
|
|
|
|
{
|
|
|
|
uvedeny_subor = 1;
|
|
|
|
if((argv[i+1] == NULL) )
|
|
|
|
{
|
|
|
|
printf("Nezadali ste cestu ku suboru\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
subor = argv[i+1];
|
|
|
|
}
|
|
|
|
}
|
2020-03-11 21:01:54 +00:00
|
|
|
if( (!strcmp(argv[i], "-ip")) )
|
|
|
|
{
|
|
|
|
port = 1;
|
|
|
|
if((argv[i+1] == NULL) )
|
|
|
|
{
|
|
|
|
printf("Nezadali ste ip adresu\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ip_adresa = argv[i+1];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if( (!strcmp(argv[i], "-port")) )
|
|
|
|
{
|
|
|
|
ip = 1;
|
|
|
|
if((argv[i+1] == NULL) )
|
|
|
|
{
|
|
|
|
printf("Nezadali ste cislo portu\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
cislo_portu = atoi(argv[i+1]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if( (!strcmp(argv[i], "-n")) )
|
|
|
|
{
|
|
|
|
nacitanie_zo_suboru = 1;
|
|
|
|
if(generovanie_certifikatu)
|
|
|
|
{
|
|
|
|
fprintf(stderr, "Nie je mozne zvolit obidve metody nacitania certifikatov naraz\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if((argv[i+1] == NULL) || (i == argc-1))
|
|
|
|
{
|
|
|
|
printf("Nezadali ste typ certifikatu ktory chcete nacitat zo suboru\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else if(!strcmp(argv[i+1], "rsa"))
|
|
|
|
{
|
|
|
|
wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL);
|
2020-03-13 09:25:19 +00:00
|
|
|
subor_certifikat = "../certifikaty/klient_rsa.pem";
|
|
|
|
subor_kluc = "../certifikaty/klient_rsa.key";
|
2020-03-11 21:01:54 +00:00
|
|
|
if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1;
|
2020-03-13 09:25:19 +00:00
|
|
|
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
|
2020-03-11 21:01:54 +00:00
|
|
|
}
|
|
|
|
else if(!strcmp(argv[i+1], "ecc"))
|
|
|
|
{
|
|
|
|
wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL);
|
2020-03-13 09:25:19 +00:00
|
|
|
subor_certifikat = "../certifikaty/klient_ecc.pem";
|
|
|
|
subor_kluc = "../certifikaty/klient_ecc.key";
|
2020-03-11 21:01:54 +00:00
|
|
|
if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1;
|
2020-03-13 09:25:19 +00:00
|
|
|
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
|
2020-03-11 21:01:54 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
printf("Zadali ste nespravny typ certifikatu\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if( (!strcmp(argv[i], "-g")) )
|
|
|
|
{
|
|
|
|
generovanie_certifikatu = 1;
|
|
|
|
if((argv[i+1] == NULL) || (i == argc-1))
|
|
|
|
{
|
|
|
|
printf("Nezadali ste typ certifikatu ktory chcete vygenerovat\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else if(!strcmp(argv[i+1], "rsa"))
|
|
|
|
{
|
|
|
|
wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL);
|
2020-03-13 09:25:19 +00:00
|
|
|
if(generovat_rsa_certifikat(RSA_VELKOST, RSA_EXPONENT, CTC_SHA256wRSA, "SR", "Kosice", "local.dev", "klient@klient.sk") == -1) return -1;
|
2020-03-12 16:22:08 +00:00
|
|
|
subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem";
|
|
|
|
subor_kluc = "../certifikaty/vygenerovany_kluc.key";
|
|
|
|
if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1;
|
2020-03-13 09:25:19 +00:00
|
|
|
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
|
2020-03-11 21:01:54 +00:00
|
|
|
}
|
|
|
|
else if(!strcmp(argv[i+1], "ecc"))
|
|
|
|
{
|
|
|
|
wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL);
|
2020-03-13 09:25:19 +00:00
|
|
|
if(generovat_ecc_certifikat(ECC_VELKOST, ECC_SECP256R1, CTC_SHAwECDSA, "SR", "Kosice", "local.dev", "klient@klient.sk") == -1) return -1;
|
2020-03-12 16:22:08 +00:00
|
|
|
subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem";
|
|
|
|
subor_kluc = "../certifikaty/vygenerovany_kluc.key";
|
|
|
|
if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1;
|
2020-03-13 09:25:19 +00:00
|
|
|
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
|
|
|
|
|
2020-03-11 21:01:54 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
printf("Zadali ste nespravny typ certifikatu\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!ip)
|
|
|
|
{
|
|
|
|
printf("Nebola zadana ip adresa servera\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else if(!port)
|
|
|
|
{
|
|
|
|
printf("Nebol urceny port\n");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-03-12 16:22:08 +00:00
|
|
|
else if(!generovanie_certifikatu && !nacitanie_zo_suboru)
|
2020-03-11 21:01:54 +00:00
|
|
|
{
|
|
|
|
fprintf(stderr, "Nebola zvolena metoda nacitania certifikatov\n");
|
|
|
|
printf("Zadajde prepinac -g (generovanie), alebo -n (nacitanie_zo_suboru) s parametrom rsa alebo ecc\n");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-03-12 16:22:08 +00:00
|
|
|
else if(!uvedeny_subor)
|
|
|
|
{
|
|
|
|
fprintf(stderr, "Nebola uvedena cesta ku suboru na odoslanie\n");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-03-11 21:01:54 +00:00
|
|
|
//umoznuje vybrat sifry ktore sa budu nachadzat v sifrovacom subore
|
|
|
|
//nastav_sifry(ctx, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
|
|
|
|
|
|
|
cislo_soketu = pripojit_na_server(ip_adresa, cislo_portu, 10);
|
|
|
|
|
|
|
|
if(!cislo_soketu) return -1;
|
2020-03-13 09:25:19 +00:00
|
|
|
|
2020-03-11 21:01:54 +00:00
|
|
|
ssl = wolfSSL_new(ctx);
|
|
|
|
wolfSSL_set_fd(ssl, cislo_soketu);
|
|
|
|
int uspech = wolfSSL_connect(ssl);
|
2020-03-13 09:25:19 +00:00
|
|
|
|
2020-03-11 21:01:54 +00:00
|
|
|
if(uspech != SSL_SUCCESS)
|
|
|
|
{
|
2020-03-13 09:25:19 +00:00
|
|
|
char* popis_chyby = calloc(100, sizeof(char));
|
|
|
|
int chyba = wolfSSL_get_error(ssl, 0);
|
|
|
|
wolfSSL_ERR_error_string(chyba, popis_chyby);
|
|
|
|
fprintf(stderr, "Nastala chyba v spojeni.\nCislo chyby: %d\nDovod chyby: %s\n", chyba, popis_chyby);
|
2020-03-11 21:01:54 +00:00
|
|
|
printf("Skontrolujte certifikaty.\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
zobraz_sifru(ssl);
|
|
|
|
zobraz_certifikat(ssl);
|
2020-03-12 16:22:08 +00:00
|
|
|
if(poslat_subor(ssl, ctx, subor) == -1) return -1;
|
2020-03-11 21:01:54 +00:00
|
|
|
ukoncit_spojenie(ssl, ctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
#if defined (_WIN32)
|
|
|
|
WSACleanup();
|
|
|
|
#endif
|
|
|
|
return 0;
|
|
|
|
}
|