124 lines
5.9 KiB
Plaintext
124 lines
5.9 KiB
Plaintext
Bakalarska praca
|
|
Meno studenta: Tomas Lukac
|
|
Veduci BP: prof. Ing. Milos Drutarovsky CSc.
|
|
Skola: KEMT FEI TUKE
|
|
Datum poslednej upravy: 15.4.2020
|
|
Verzia: 0.2
|
|
----------------------------
|
|
Zoznam zdrojovych suborov
|
|
certifikaty
|
|
autorita
|
|
|__autorita_ecc.pem
|
|
|__autorita_ecc.key
|
|
|__autorita_rsa.pem
|
|
|__autorita_rsa.key
|
|
server
|
|
|__server_ecc.pem
|
|
|__server_ecc.key
|
|
|__server_rsa.pem
|
|
|__server_rsa.key
|
|
klient
|
|
|__klient_ecc.pem
|
|
|__klient_ecc.key
|
|
|__klient_rsa.pem
|
|
|__klient_rsa.key
|
|
kniznica
|
|
|__komunikacia.h
|
|
|__komunikacia.c
|
|
|__kryptografia.h
|
|
|__kryptografia.c
|
|
tcpip_kanal
|
|
klient
|
|
|__klient.c
|
|
|__Makefile
|
|
server
|
|
|__server.c
|
|
|__Makefile
|
|
rs232_kanal
|
|
klient
|
|
|__klient.c
|
|
|__Makefile
|
|
|__klient.txt
|
|
server
|
|
|__server.c
|
|
|__Makefile
|
|
|__server.txt
|
|
|
|
Opis aplikacie
|
|
Realizuje zabezpecenu vymenu sprav medzi klientom a serverom a autentizaciu servera klientom vyuzitim kniznice WolfSSL. Ako prvu je
|
|
potrebne spustit aplikaciu na strane servera s prepinacom port s hodnotou, ktora urcuje ake bude cislo portu, na ktorom bude server
|
|
cakat na prichadzajucu komunikaciu, v pripade rs232 kanala je potrebne uviest cislo serioveho rozhrania (hodnoty: https://www.teuniz.net/RS-232/).
|
|
Dalsim potrebnym prepinacom je bud -n (nacitanie certifikatov z adresaru /certifikaty) alebo -g (vygenerovanie a podpis certifikatov
|
|
pomocou certifikatu a kluca autority, ktore sa nachadzaju taktiez v adresari /certifikaty).Sukromne kluce a certifikaty su ulozene vo formate DER.
|
|
Nasledne je potrebne spustit aplikaciu na strane klienta, ktora pri pouziti kanalu TCP_IP okrem predchadzajucich parametrov vyzaduje parameter
|
|
pre ip adresu: -ip adresa. Po vytvoreni zabezpeceneho prenosoveho kanalu sa klient pokusi odoslat subor, ktoreho lokacia mu bola predana pri
|
|
spusteni pomocou parametru -s subor. Pred samotnym poslanim klient najprv vyhotovi kontrolny sucet suboru, ktory odosle po zabezpecenom kanali
|
|
serveru. Ten po prijati suboru overi ci sa zhoduje prijaty kontrolny sucet s jeho, ktory vyhotovil po prijati suboru. Ak pri prijati suboru
|
|
nenastala chyba a kontrolne sucty sa zhoduju server oznami ze prijem bol uspesny a dalej caka na komunikaciu.
|
|
Klientsky program po odoslani suboru ukonci svoju cinnost.
|
|
|
|
Generovanie certifikatov RSA (OpenSSL)
|
|
openssl genrsa -out autorita_rsa.key 2048
|
|
openssl req -x509 -new -nodes -key autorita_rsa.key -sha256 -days 1825 -out autorita_rsa.pem
|
|
openssl x509 -outform pem -in autorita_rsa.pem -out autorita_rsa.crt
|
|
openssl genrsa -out server_rsa.key 2048
|
|
openssl req -new -key server_rsa.key -out server_rsa.csr
|
|
openssl x509 -req -in server_rsa.csr -CA autorita_rsa.pem -CAkey autorita_rsa.key -CAcreateserial -out server_rsa.pem -days 1825 -sha256
|
|
openssl x509 -outform pem -in server_rsa.pem -out server_rsa.crt
|
|
openssl genrsa -out klient_rsa.key 2048
|
|
openssl req -new -key klient_rsa.key -out klient_rsa.csr
|
|
openssl x509 -req -in klient_rsa.csr -CA autorita_rsa.pem -CAkey autorita_rsa.key -CAcreateserial -out klient_rsa.pem -days 1825 -sha256
|
|
openssl pkcs12 -inkey klient_rsa.key -in klient_rsa.pem -export -out klient_rsa.pfx
|
|
|
|
Generovanie certifikatov ECC (OpenSSL)
|
|
openssl ecparam -genkey -name prime256v1 -out autorita_ecc.key
|
|
openssl req -x509 -new -nodes -key autorita_ecc.key -sha256 -days 1825 -out autorita_ecc.pem
|
|
openssl x509 -outform pem -in autorita_ecc.pem -out autorita_ecc.crt
|
|
openssl ecparam -genkey -name prime256v1 -out server_ecc.key
|
|
openssl req -new -key server_ecc.key -out server_ecc.csr
|
|
openssl x509 -req -in server_ecc.csr -CA autorita_ecc.pem -CAkey autorita_ecc.key -CAcreateserial -out server_ecc.pem -days 1825 -sha256
|
|
openssl x509 -outform pem -in server_ecc.pem -out server_ecc.crt
|
|
openssl ecparam -genkey -name prime256v1 -out klient_ecc.key
|
|
openssl req -new -key klient_ecc.key -out klient_ecc.csr
|
|
openssl x509 -req -in klient_ecc.csr -CA autorita_ecc.pem -CAkey autorita_ecc.key -CAcreateserial -out klient_ecc.pem -days 1825 -sha256
|
|
openssl pkcs12 -inkey klient_ecc.key -in klient_ecc.pem -export -out klient_ecc.pfx
|
|
|
|
|
|
Navod na prelozenie a spustenie (Linux)
|
|
1. prelozenie kniznice wolfssl s podporou OpenSSL (v adresari s kniznicou)
|
|
./configure --enable-opensslextra --enable-certgen --enable-keygen
|
|
make
|
|
sudo make install
|
|
2. prelozenie programov (v podadresari tcpip_kanal alebo rs232_kanal)
|
|
make all
|
|
3. spustenie (prenosovy kanal TCP/IP)
|
|
./server -port port -n rsa|ecc
|
|
./server -port port -g rsa|ecc
|
|
./klient -ip 127.0.0.1 -port port -n rsa|ecc -s subor
|
|
./klient -ip 127.0.0.1 -port port -g rsa|ecc -s subor
|
|
4. spustenie (prenosovy kanal RS232)
|
|
./server -port seriove_rozhranie -n rsa|ecc
|
|
./server -port seriove_rozhranie -g rsa|ecc
|
|
./klient -port seriove_rozhranie -n rsa|ecc -s subor
|
|
./klient -port seriove_rozhranie -g rsa|ecc -s subor
|
|
|
|
Navod na prelozenie a spustenie (Windows)
|
|
1. skopirovanie potrebnych dll z adresara /wolfssl/64bit_kniznice/ , resp. /wolfssl/32bit_kniznice/
|
|
do podadresara tcpip_kanal -> klient alebo server, resp. rs232_kanal -> klient alebo server
|
|
a) wolfssl.dll -> kniznica wolfssl
|
|
b) vcruntime140.dll -> visual c++ runtime
|
|
c) api-ms-win-crt-runtime-l1-1-0.dll
|
|
2. prelozenie programov (v podadresari tcpip_kanal alebo rs232_kanal)
|
|
make all
|
|
3. spustenie (prenosovy kanal TCP/IP)
|
|
server -port port -n rsa|ecc
|
|
server -port port -g rsa|ecc
|
|
klient -ip 127.0.0.1 -port port -n rsa|ecc -s subor
|
|
klient -ip 127.0.0.1 -port port -g rsa|ecc -s subor
|
|
4. spustenie (prenosovy kanal RS232)
|
|
server -port seriove_rozhranie -n rsa|ecc
|
|
server -port seriove_rozhranie -g rsa|ecc
|
|
klient -port seriove_rozhranie -n rsa|ecc -s subor
|
|
klient -port seriove_rozhranie -g rsa|ecc -s subor
|
|
|
|
|