diff --git a/certifikaty/params.txt b/certifikaty/params.txt deleted file mode 100644 index a76e47d..0000000 --- a/certifikaty/params.txt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- diff --git a/certifikaty/vygenerovany_certifikat.pem b/certifikaty/vygenerovany_certifikat.pem index 1ddbef5..3fb17e2 100644 --- a/certifikaty/vygenerovany_certifikat.pem +++ b/certifikaty/vygenerovany_certifikat.pem @@ -1,16 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICcTCCAdqgAwIBAgIQCOhPCtiT+OzqOZ9/zm15UDANBgkqhkiG9w0BAQsFADBz +MIIC9TCCAl6gAwIBAgIQC2pwGj3EsKY5/Wt5EhoJ/DANBgkqhkiG9w0BAQsFADBz MQswCQYDVQQGEwJTSzEKMAgGA1UECAwBLTEPMA0GA1UEBwwGS29zaWNlMREwDwYD VQQKDAhBdXRvcml0YTESMBAGA1UEAwwJbG9jYWwuZGV2MSAwHgYJKoZIhvcNAQkB -FhFhdXRvcml0YUB0dWtlLmNvbTAiGA8yMDIwMDMxMTE0NTY0MloYDzIwMjUwMzEx -MTQ1NjQyWjB3MQswCQYDVQQGEwJTUjEKMAgGA1UECAwBLTEPMA0GA1UEBwwGS29z -aWNlMQowCAYDVQQKDAEtMQowCAYDVQQLDAEtMRIwEAYDVQQDDAlTZXJ2ZXIuc2sx -HzAdBgkqhkiG9w0BCQEWEHNlcnZlckBzZXJ2ZXIuc2swgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBAN9gCoWWm5DDSo/7cSTbzhfbWsInC1kqj+5JKUy264iFbCnu -lcmD4w6EfClH5RYnqg+dHxuft2yEo0SvAMRyFpPs+J30m3m6TyLSAtTkoqYARFA3 -UcMm1mGFPHfeJIWnJXSFMVEixrY8xy2PoHjBiB90MqcsEJBNRgeGiLDsJFmVAgMB -AAEwDQYJKoZIhvcNAQELBQADgYEAYKUghhJs93klzeFlJVArHPpUyuYcIAsre6B9 -5opSgCyhztxUoRYp/ti+QnnyCPK6EuYzwFRY6KRAsBM2w1bSaK3qmtMQmoANK/n1 -tD6FravK9ufb760hsB659iiKJrKFqZcQD34f0rjhIImBscK4KKMp8wmesBUxVidG -HsHDRKM= +FhFhdXRvcml0YUB0dWtlLmNvbTAiGA8yMDIwMDMxMjA5MTY1MloYDzIwMjUwMzEy +MDkxNjUyWjB3MQswCQYDVQQGEwJTUjEKMAgGA1UECAwBLTEPMA0GA1UEBwwGS29z +aWNlMQowCAYDVQQKDAEtMQowCAYDVQQLDAEtMRIwEAYDVQQDDAlsb2NhbC5kZXYx +HzAdBgkqhkiG9w0BCQEWEGtsaWVudEBrbGllbnQuc2swggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDwDx1IjmJ7IzU+cgvzaBJJpEygza6drlQXiCr2hHbG ++PY4Ix+x6BorMrpjjIPxybMG8H1kixRSyiS6URFlJX+HdEgilH6jbqhmdpt8mAz4 +MgaD6L2+QimiKAQ1l50sqyE9bpEWstXpvjUi7kbh53qMdK1hGrH1fo7KUhsXAYcO +n00G3DXYOAwuKlHddFk4xpdlorvWinRjJ68Mnn7+nHO8gk5hdfG8QPkVGO+PEsw+ +vrFzR92V7YQ+cB24MfxK3hZLbs0K0FyRWJBQ282ckM8nkScw6bmnekKhYMVAyU3h +WUoe2T1BCDKSiVUaU7m3YEPkpugkTuHPndJBHjxnUZ1lAgMBAAEwDQYJKoZIhvcN +AQELBQADgYEAKdlP2IZv7houMO3D66vtxa4bOH+cGOhWmAXXq8RRSEhV6FM6IfeR +rkGcfm8LBXgIM1DQWZcR1BssPNZPm+P4QwVA08NrQDwSP9d3qQw+dFpJpGSoZXCi +NrmYgRCqDQkMWxXQO1rjufAYXlYnH0xH8Ro43t90zc9j8GQhd0jd49o= -----END CERTIFICATE----- diff --git a/certifikaty/vygenerovany_kluc.key b/certifikaty/vygenerovany_kluc.key index 939f984..8bf6b97 100644 --- a/certifikaty/vygenerovany_kluc.key +++ b/certifikaty/vygenerovany_kluc.key @@ -1,15 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDfYAqFlpuQw0qP+3Ek284X21rCJwtZKo/uSSlMtuuIhWwp7pXJ -g+MOhHwpR+UWJ6oPnR8bn7dshKNErwDEchaT7Pid9Jt5uk8i0gLU5KKmAERQN1HD -JtZhhTx33iSFpyV0hTFRIsa2PMctj6B4wYgfdDKnLBCQTUYHhoiw7CRZlQIDAQAB -AoGAEal1zjAapFS2D6eSv8FBLN87Wvh8hqQdeyVIm/LRsaV/vYVfzW4oH6TSRBmr -GjhFfim5r4o5K14wd6o7uLde+VTy/eJhS0xNtHDyfrAsg0Eb3EleS/D6SrX81err -vCXxC9DScOsCxuI0KIzzWdy9pB4yAfpN1S7SZ/BcOJwm3mECQQD79TbvsVO3buce -I5V31SkvYA7ZhGj9e5hHosoENzxW/DLK2rJTkfJ5gA19Toiyy3Y+aEFOeJ/EZuje -aIE8WKNhAkEA4vVwHZhCUGelWtfzN6K2bPxYITOhCE4eDAKbSsRl8g9sRzrjuFoW -5VwCj3yAz5Axe5tRI18kzI6Si89l6H6WtQJBAKAKFicSH/b3/t3qBFrljw+EmGoZ -7QZ1pzh5cpBS9YTbFPg9CeCDZ909NVROug23pxfk6PaLMBB0vZ3oC47lToECQQDO -z4ZNgXwUFo4n/JZFgUCoiT2pa4l2rvBUU1+8vsCC1aj+M1xklbs9Xx16MKKUAToF -/57tE3rN57EEM4YSWJ/tAkEAh1FG42L+UNVEXc88S6419iDpCkFzdu6Fl+tghASc -Re0kEW6wMYtV9HKPCnHWymklB6YbaaeEUomOe5d1Bw8O4A== +MIIEowIBAAKCAQEA8A8dSI5ieyM1PnIL82gSSaRMoM2una5UF4gq9oR2xvj2OCMf +segaKzK6Y4yD8cmzBvB9ZIsUUsokulERZSV/h3RIIpR+o26oZnabfJgM+DIGg+i9 +vkIpoigENZedLKshPW6RFrLV6b41Iu5G4ed6jHStYRqx9X6OylIbFwGHDp9NBtw1 +2DgMLipR3XRZOMaXZaK71op0YyevDJ5+/pxzvIJOYXXxvED5FRjvjxLMPr6xc0fd +le2EPnAduDH8St4WS27NCtBckViQUNvNnJDPJ5EnMOm5p3pCoWDFQMlN4VlKHtk9 +QQgykolVGlO5t2BD5KboJE7hz53SQR48Z1GdZQIDAQABAoIBAGfjCpevMrQ6WNzk +ywIzzBI9fYHrcQFBA5hJb9pOGf7il99UZ+98U/LU2a+iDCmzUXwT0BgWTh3D6CAP +XDlLAIUUj/ETFTjR9yOceY5yWM6CC6rDKnXvOQg5TBULP1Qo3NIyiqxpiURF8cXj +mx5BKBonli6bOF9WvSGWZa3Plex/slnOTdf6wh1cLVY8PI2HVEVIXb+WgT3HEZVX +Mqo5NczyYuw8upvfKMorSa9xc9Hvc6oIUwV/L5OcS+HDZl7QS6fcF3++kE4EChft +8+9O50JRqruh+tcJ7f1KdVFM8U8G8ihGHEOT2FRrcD7krCtElpYUMqts3zv/TFTc +8+YLZOMCgYEA/lTaJ7ISq7jXIyblR5O/jfnM3rUJ0Bm7HWnb9i4UU/GM7jgbgtLw +JzsvIMjy3QsBIc435TdF3+sa40QYwisUxF8jegPJZXM0MA3SbA1tkadVUpbTUVyY +8uCC4MfPnsXUwFbjPppBNWAODC+6oI36I66SqxRZvAhA5m7yZG22AacCgYEA8aJK +s8eJI6yKcuhjVEwPhNLVYW9AwUbcwh8ZdTXKRftUMHTRAkdZeFIZG2DTW3JfJRf9 +eGMcquA+dHqKcWdopNU4gXb/hvS56gIgwYd1LRItK9fVrOWaNNkzw23rlXtm69Kw +1//DJjE+GApW/3t8ihxtnpKTvjwISrxdmVB4UhMCgYBrGbRcbwKpycbfCKwYvkE2 +OnFpf3dIaO2A72kvfCwXRWsBjiMXrlhvTN8FwVl0eAPcBolHP0VvjAPgnHaInbe7 +Eg1QfnO7Aw6BBfEMi4MOiRbHFriaVJIcBStYGQx3Yfu7m1tKq462OWLxAtBmeCNU +D1m4LXO0WQ1rfGEapZC1lQKBgQCpbZOVxYaqhfQ6KCpl1ENZbgACpuCv5UEruGTA +Y+wl79mTdIWNZHweuuox4U2yJFsEhnLLdCuIwV3pjHcAl3KviXZqiQcZGQY3SDCx +ooqOBN25jUidSA09m0MJeEyk7vc2yfAINKUgZYzVjIJ995dWvCI8+ygvTqa9yKCU +vPDxEwKBgA1H9HjatmUaXvCUqB79jevWIfWvupOocjp8yF5ygA0pSfzmrIrf/TWQ +kxvxdWT2N3veIddr8jULX8e/i9hqJnKEqh2zGXL2M53ZFDdsZOeaBSk8RKAiJhVV +a1ddeAkVJ/m4D4unA0hEM4st55fPVdmb3hGi3eM/HG723XxjL/nF -----END RSA PRIVATE KEY----- diff --git a/kniznica/komunikacia.c b/kniznica/komunikacia.c index ba8c479..3c365af 100644 --- a/kniznica/komunikacia.c +++ b/kniznica/komunikacia.c @@ -52,6 +52,7 @@ int poslat_subor(WOLFSSL* ssl, WOLFSSL_CTX* ctx, char* cesta) //generovanie a poslanie kontrolneho suctu serveru pre kontrolu byte* hash; hash = generovat_hash(cesta); + for(int i = 0; i < VELKOST_HASHU; i++) hash[i] = (char)hash[i]; wolfSSL_write(ssl, hash, VELKOST_HASHU); if(uspech <= 0) { @@ -62,7 +63,7 @@ int poslat_subor(WOLFSSL* ssl, WOLFSSL_CTX* ctx, char* cesta) //posielanie jednotlivych bajtov for(int i = 0; i < velkost + 1; ++i) { - wolfSSL_write(ssl, pole_uk, velkost); + uspech = wolfSSL_write(ssl, pole_uk, velkost); if(uspech <= 0) { fprintf(stderr, "Nastala chyba pri posielani suboru.\n"); @@ -84,14 +85,19 @@ int prijat_subor(WOLFSSL* ssl, WOLFSSL_CTX* ctx) uspech = wolfSSL_read(ssl, cesta, VELKOST_CESTY); if(uspech <= 0) { - fprintf(stderr, "Nastala chyba pri prijati velkosti suboru\n"); + fprintf(stderr, "Nastala chyba pri prijati dat o subore\n"); return -1; } printf("Prebieha prijimanie suboru %s\n", cesta); //ziskanie informacie od klienta o velkosti odoslaneho suboru char velkost_suboru[32]; - wolfSSL_read(ssl, velkost_suboru, VELKOST_SUBOR); + uspech = wolfSSL_read(ssl, velkost_suboru, VELKOST_SUBOR); + if(uspech <= 0) + { + fprintf(stderr, "Nastala chyba pri prijati velkosti suboru\n"); + return -1; + } long velkost = atol(velkost_suboru); if(velkost < 1) { @@ -120,7 +126,7 @@ int prijat_subor(WOLFSSL* ssl, WOLFSSL_CTX* ctx) uspech = wolfSSL_read(ssl, pole_uk, velkost); if(uspech <= 0) { - fprintf(stderr, "Nastala chyba pri prijimani suboru\n"); + fprintf(stderr, "Nastala chyba pri prijati suboru\n"); return -1; } pole_uk += 1; @@ -130,7 +136,8 @@ int prijat_subor(WOLFSSL* ssl, WOLFSSL_CTX* ctx) //kontrola ci sa prijaty a vypocitany kontrolny sucet suboru zhoduju byte* vypocitany_hash; vypocitany_hash = generovat_hash(cesta); - if(!strcmp(prijaty_hash, (char*)vypocitany_hash)) + for(int i = 0; i < VELKOST_HASHU; i++) vypocitany_hash[i] = (char)vypocitany_hash[i]; + if(!strcmp(prijaty_hash, vypocitany_hash)) { printf("Subor prisiel v poriadku.\n"); } diff --git a/kniznica/kryptografia.c b/kniznica/kryptografia.c index a4fcce1..8415ea1 100644 --- a/kniznica/kryptografia.c +++ b/kniznica/kryptografia.c @@ -14,7 +14,6 @@ WOLFSSL_CTX* nastavit_ctx_klient() wolfSSL_Init(); method = wolfTLSv1_2_client_method(); WOLFSSL_CTX *ctx = wolfSSL_CTX_new(method); - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (ctx == NULL) { printf("Nepodarilo sa inicializovat WOLFSSL_CTX\n"); @@ -29,7 +28,6 @@ WOLFSSL_CTX* nastavit_ctx_server() wolfSSL_Init(); method = wolfTLSv1_2_server_method(); WOLFSSL_CTX *ctx = wolfSSL_CTX_new(method); - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (ctx == NULL) { @@ -268,7 +266,6 @@ int generovat_ecc_certifikat(int pocet_bitov, ecc_curve_id kluc_krivka, int algo certifikat.isCA = 0; certifikat.sigType = algoritmus; certifikat.daysValid = 1825; - uspech = wc_SetIssuer(&certifikat, "../certifikaty/autorita_ecc.pem"); if(uspech != 0) { diff --git a/rs232_kanal/Makefile b/rs232_kanal/Makefile index 034dc95..d34c2fe 100644 --- a/rs232_kanal/Makefile +++ b/rs232_kanal/Makefile @@ -10,32 +10,32 @@ CC = gcc #prepinace pre prekladac -CFLAGS = -Wall -Wcpp -fPIC -DREPLICATION_ENABLED -DJOURNALING_ENABLED -I./../wolfssl_hlavickove_subory/ +CFLAGS = -Wcpp -I./../wolfssl_hlavickove_subory/ LIB32 = -L. -lwolfssl -lws2_32 -Os LIB64 = -L. -lwolfssl -lws2_32 -m64 all: klient server klient: klient.o kryptografia.o komunikacia.o rs232.o - $(CC) $(CFLAGS) -o klient klient.o kryptografia.o komunikacia.o rs232.o $(LIB64) + $(CC) $(CFLAGS) -o klient klient.o kryptografia.o komunikacia.o rs232.o $(LIB32) server: server.o kryptografia.o komunikacia.o rs232.o - $(CC) $(CFLAGS) -o server server.o kryptografia.o komunikacia.o rs232.o $(LIB64) + $(CC) $(CFLAGS) -o server server.o kryptografia.o komunikacia.o rs232.o $(LIB32) klient.o: klient.c - $(CC) -c klient.c $(LIB64) + $(CC) -c klient.c $(LIB32) server.o: server.c - $(CC) -c server.c $(LIB64) + $(CC) -c server.c $(LIB32) kryptografia.o: ../kniznica/kryptografia.c ../kniznica/kryptografia.h - $(CC) -c ../kniznica/kryptografia.c $(LIB64) + $(CC) -c ../kniznica/kryptografia.c $(LIB32) komunikacia.o: ../kniznica/komunikacia.c ../kniznica/komunikacia.h - $(CC) -c ../kniznica/komunikacia.c $(LIB64) + $(CC) -c ../kniznica/komunikacia.c $(LIB32) rs232.o: ../kniznica/rs232.c ../kniznica/rs232.h - $(CC) -c ../kniznica/rs232.c $(LIB64) + $(CC) -c ../kniznica/rs232.c $(LIB32) .PHONY: clean diff --git a/rs232_kanal/api-ms-win-crt-runtime-l1-1-0.dll b/rs232_kanal/api-ms-win-crt-runtime-l1-1-0.dll deleted file mode 100644 index 3c9dc39..0000000 Binary files a/rs232_kanal/api-ms-win-crt-runtime-l1-1-0.dll and /dev/null differ diff --git a/rs232_kanal/api-ms-win-crt-runtime-l1-1-0_64.dll b/rs232_kanal/api-ms-win-crt-runtime-l1-1-0_64.dll deleted file mode 100644 index ff1c19a..0000000 Binary files a/rs232_kanal/api-ms-win-crt-runtime-l1-1-0_64.dll and /dev/null differ diff --git a/rs232_kanal/klient.c b/rs232_kanal/klient.c index 86988cc..20c5b68 100644 --- a/rs232_kanal/klient.c +++ b/rs232_kanal/klient.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include @@ -63,7 +62,7 @@ int main(int argc, char const *argv[]) int uspech = 0; if(wolfSSL_connect(ssl) != SSL_SUCCESS) { - printf("Nepodarilo sa pripojit\n"); + printf("Nepodarilo sa pripojit%d\n", uspech); return -1; } diff --git a/tcpip_kanal/Makefile b/tcpip_kanal/Makefile index 5de30e6..1894452 100644 --- a/tcpip_kanal/Makefile +++ b/tcpip_kanal/Makefile @@ -17,22 +17,22 @@ LIB64 = -L. -lwolfssl -lws2_32 -m64 all: klient server klient: klient.o kryptografia.o komunikacia.o - $(CC) $(CFLAGS) -o klient klient.o kryptografia.o komunikacia.o $(LIB32) + $(CC) $(CFLAGS) -o klient klient.o kryptografia.o komunikacia.o $(LIB64) server: server.o kryptografia.o komunikacia.o - $(CC) $(CFLAGS) -o server server.o kryptografia.o komunikacia.o $(LIB32) + $(CC) $(CFLAGS) -o server server.o kryptografia.o komunikacia.o $(LIB64) klient.o: klient.c - $(CC) $(CFLAGS) -c klient.c $(LIB32) + $(CC) $(CFLAGS) -c klient.c $(LIB64) server.o: server.c - $(CC) $(CFLAGS) -c server.c $(LIB32) + $(CC) $(CFLAGS) -c server.c $(LIB64) kryptografia.o: ../kniznica/kryptografia.c ../kniznica/kryptografia.h - $(CC) $(CFLAGS) -c ../kniznica/kryptografia.c $(LIB32) + $(CC) $(CFLAGS) -c ../kniznica/kryptografia.c $(LIB64) komunikacia.o: ../kniznica/komunikacia.c ../kniznica/komunikacia.h - $(CC) $(CFLAGS) -c ../kniznica/komunikacia.c $(LIB32) + $(CC) $(CFLAGS) -c ../kniznica/komunikacia.c $(LIB64) .PHONY: clean diff --git a/tcpip_kanal/klient.c b/tcpip_kanal/klient.c index 0cefecc..b6fedb4 100644 --- a/tcpip_kanal/klient.c +++ b/tcpip_kanal/klient.c @@ -11,7 +11,7 @@ #include -#define RSA_VELKOST 1024 +#define RSA_VELKOST 2048 #define ECC_VELKOST 32 #define RSA_EXPONENT 65537 @@ -105,16 +105,18 @@ int main(int argc, char** argv) else if(!strcmp(argv[i+1], "rsa")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL); - subor_certifikat = "../certifikaty/server_rsa.pem"; - subor_kluc = "../certifikaty/server_rsa.key"; + subor_certifikat = "../certifikaty/klient_rsa.pem"; + subor_kluc = "../certifikaty/klient_rsa.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); } else if(!strcmp(argv[i+1], "ecc")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL); - subor_certifikat = "../certifikaty/server_ecc.pem"; - subor_kluc = "../certifikaty/server_ecc.key"; + subor_certifikat = "../certifikaty/klient_ecc.pem"; + subor_kluc = "../certifikaty/klient_ecc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); } else { @@ -133,18 +135,21 @@ int main(int argc, char** argv) else if(!strcmp(argv[i+1], "rsa")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL); - if(generovat_rsa_certifikat(RSA_VELKOST, RSA_EXPONENT, CTC_SHA256wRSA, "SR", "Kosice", "Klient.sk", "klient@klient.sk") == -1) return -1; + if(generovat_rsa_certifikat(RSA_VELKOST, RSA_EXPONENT, CTC_SHA256wRSA, "SR", "Kosice", "local.dev", "klient@klient.sk") == -1) return -1; subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem"; subor_kluc = "../certifikaty/vygenerovany_kluc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); } else if(!strcmp(argv[i+1], "ecc")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL); - if(generovat_ecc_certifikat(ECC_VELKOST, ECC_SECP256R1, CTC_SHAwECDSA, "SR", "Kosice", "Klient.sk", "klient@klient.sk") == -1) return -1; + if(generovat_ecc_certifikat(ECC_VELKOST, ECC_SECP256R1, CTC_SHAwECDSA, "SR", "Kosice", "local.dev", "klient@klient.sk") == -1) return -1; subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem"; subor_kluc = "../certifikaty/vygenerovany_kluc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + } else { @@ -181,12 +186,17 @@ int main(int argc, char** argv) cislo_soketu = pripojit_na_server(ip_adresa, cislo_portu, 10); if(!cislo_soketu) return -1; + ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, cislo_soketu); int uspech = wolfSSL_connect(ssl); + if(uspech != SSL_SUCCESS) { - fprintf(stderr, "Nastala chyba v spojeni.\n"); + char* popis_chyby = calloc(100, sizeof(char)); + int chyba = wolfSSL_get_error(ssl, 0); + wolfSSL_ERR_error_string(chyba, popis_chyby); + fprintf(stderr, "Nastala chyba v spojeni.\nCislo chyby: %d\nDovod chyby: %s\n", chyba, popis_chyby); printf("Skontrolujte certifikaty.\n"); return -1; } diff --git a/tcpip_kanal/server.c b/tcpip_kanal/server.c index 06e8703..c6cd059 100644 --- a/tcpip_kanal/server.c +++ b/tcpip_kanal/server.c @@ -11,7 +11,7 @@ #include -#define RSA_VELKOST 1024 +#define RSA_VELKOST 2048 #define ECC_VELKOST 32 #define RSA_EXPONENT 65537 @@ -77,18 +77,21 @@ int main(int argc, char **argv) else if(!strcmp(argv[i+1], "rsa")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL); - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); subor_certifikat = "../certifikaty/server_rsa.pem"; subor_kluc = "../certifikaty/server_rsa.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + } else if(!strcmp(argv[i+1], "ecc")) { + printf("jo\n"); wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL); - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); subor_certifikat = "../certifikaty/server_ecc.pem"; subor_kluc = "../certifikaty/server_ecc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + } else { @@ -112,18 +115,23 @@ int main(int argc, char **argv) else if(!strcmp(argv[i+1], "rsa")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_rsa.pem", NULL); - if(generovat_rsa_certifikat(RSA_VELKOST, RSA_EXPONENT, CTC_SHA256wRSA, "SR", "Kosice", "Server.sk", "server@server.sk") == -1) return -1; + if(generovat_rsa_certifikat(RSA_VELKOST, RSA_EXPONENT, CTC_SHA256wRSA, "SR", "Kosice", "local.dev", "server@server.sk") == -1) return -1; subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem"; subor_kluc = "../certifikaty/vygenerovany_kluc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + } else if(!strcmp(argv[i+1], "ecc")) { wolfSSL_CTX_load_verify_locations(ctx, "../certifikaty/autorita_ecc.pem", NULL); - if(generovat_ecc_certifikat(ECC_VELKOST, ECC_SECP256R1, CTC_SHAwECDSA, "SR", "Kosice", "Server.sk", "server@server.sk") == -1) return -1; + if(generovat_ecc_certifikat(ECC_VELKOST, ECC_SECP256R1, CTC_SHAwECDSA, "SR", "Kosice", "local.dev", "server@server.sk") == -1) return -1; subor_certifikat = "../certifikaty/vygenerovany_certifikat.pem"; subor_kluc = "../certifikaty/vygenerovany_kluc.key"; if(nacitat_certifikaty(ctx, subor_certifikat, subor_kluc) == -1) return -1; + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + + } else { @@ -149,7 +157,7 @@ int main(int argc, char **argv) //nastav_sifry(ctx, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); cislo_soketu = cakat_na_komunikaciu(cislo_portu); - + while(1) { printf("------------\n"); @@ -161,17 +169,21 @@ int main(int argc, char **argv) ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, cislo_soketu_klienta); int uspech; - zobraz_sifru(ssl); - zobraz_certifikat(ssl); if(wolfSSL_accept(ssl) != SSL_SUCCESS) { - fprintf(stderr, "Nastala chyba v spojeni.\n"); + char* popis_chyby = calloc(100, sizeof(char)); + int chyba = wolfSSL_get_error(ssl, 0); + wolfSSL_ERR_error_string(chyba, popis_chyby); + fprintf(stderr, "Nastala chyba v spojeni.\nCislo chyby: %d\nDovod chyby: %s\n", chyba, popis_chyby); printf("Skontrolujte certifikaty.\n"); return -1; } + zobraz_sifru(ssl); + zobraz_certifikat(ssl); prijat_subor(ssl, ctx); } } ukoncit_soket(cislo_soketu); return 0; } + \ No newline at end of file diff --git a/tcpip_kanal/wolfssl.dll b/tcpip_kanal/wolfssl.dll index 882927c..1d45e0f 100644 Binary files a/tcpip_kanal/wolfssl.dll and b/tcpip_kanal/wolfssl.dll differ diff --git a/tcpip_kanal/wolfssl_32.dll b/tcpip_kanal/wolfssl_32.dll new file mode 100644 index 0000000..882927c Binary files /dev/null and b/tcpip_kanal/wolfssl_32.dll differ diff --git a/tcpip_kanal/wolfssl_64.dll b/tcpip_kanal/wolfssl_64.dll deleted file mode 100644 index 1d45e0f..0000000 Binary files a/tcpip_kanal/wolfssl_64.dll and /dev/null differ