Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
T
TKSDK
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
guoxin
TKSDK
Commits
d034272b
Commit
d034272b
authored
Jun 15, 2023
by
guoxin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
这个TLS1.2的服务已经调试完毕可以跑起来了。
parent
f4e071b2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
191 additions
and
1 deletion
+191
-1
.gitignore
.gitignore
+0
-1
tlsServertest.cpp
test/tlsServertest.cpp
+191
-0
No files found.
.gitignore
View file @
d034272b
...
@@ -209,7 +209,6 @@ lib/libTKSDK.so
...
@@ -209,7 +209,6 @@ lib/libTKSDK.so
lib/libTKSDK.so.3
lib/libTKSDK.so.3
lib/libTKSDK.so.3.0
lib/libTKSDK.so.3.0
CMakeLists.txt
CMakeLists.txt
test/tlsServertest.cpp
key/demo_tlcp_server_BIN/cacert.pem
key/demo_tlcp_server_BIN/cacert.pem
key/demo_tlcp_server_BIN/cakey.pem
key/demo_tlcp_server_BIN/cakey.pem
key/demo_tlcp_server_BIN/careq.pem
key/demo_tlcp_server_BIN/careq.pem
...
...
test/tlsServertest.cpp
0 → 100644
View file @
d034272b
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
static
const
char
*
options
=
"[-port num] -cert file -key file -pass str [-cacert file]"
;
int
main
(
int
argc
,
char
**
argv
)
{
#define ECDHE_SM1_SM3 (0xe1|0x01)
printf
(
"ECDHE_SM1_SM3 : %d
\n
"
,
ECDHE_SM1_SM3
);
int
ret
=
1
;
char
*
prog
=
argv
[
0
];
int
port
=
443
;
char
*
certfile
=
NULL
;
char
*
keyfile
=
NULL
;
char
*
pass
=
NULL
;
char
*
cacertfile
=
NULL
;
int
server_ciphers
[]
=
{
TLS_cipher_ecdhe_sm4_cbc_sm3
,
};
TLS_CTX
ctx
;
TLS_CONNECT
conn
;
char
buf
[
1600
]
=
{
0
};
size_t
len
=
sizeof
(
buf
);
tls_socket_t
sock
;
tls_socket_t
conn_sock
;
struct
sockaddr_in
server_addr
;
struct
sockaddr_in
client_addr
;
tls_socklen_t
client_addrlen
;
argc
--
;
argv
++
;
if
(
argc
<
1
)
{
fprintf
(
stderr
,
"usage: %s %s
\n
"
,
prog
,
options
);
return
1
;
}
while
(
argc
>
0
)
{
if
(
!
strcmp
(
*
argv
,
"-help"
))
{
printf
(
"usage: %s %s
\n
"
,
prog
,
options
);
return
0
;
}
else
if
(
!
strcmp
(
*
argv
,
"-port"
))
{
if
(
--
argc
<
1
)
goto
bad
;
port
=
atoi
(
*
(
++
argv
));
}
else
if
(
!
strcmp
(
*
argv
,
"-cert"
))
{
if
(
--
argc
<
1
)
goto
bad
;
certfile
=
*
(
++
argv
);
}
else
if
(
!
strcmp
(
*
argv
,
"-key"
))
{
if
(
--
argc
<
1
)
goto
bad
;
keyfile
=
*
(
++
argv
);
}
else
if
(
!
strcmp
(
*
argv
,
"-pass"
))
{
if
(
--
argc
<
1
)
goto
bad
;
pass
=
*
(
++
argv
);
}
else
if
(
!
strcmp
(
*
argv
,
"-cacert"
))
{
if
(
--
argc
<
1
)
goto
bad
;
cacertfile
=
*
(
++
argv
);
}
else
{
fprintf
(
stderr
,
"%s: invalid option '%s'
\n
"
,
prog
,
*
argv
);
return
1
;
bad:
fprintf
(
stderr
,
"%s: option '%s' argument required
\n
"
,
prog
,
*
argv
);
return
1
;
}
argc
--
;
argv
++
;
}
if
(
!
certfile
)
{
fprintf
(
stderr
,
"%s: '-cert' option required
\n
"
,
prog
);
return
1
;
}
if
(
!
keyfile
)
{
fprintf
(
stderr
,
"%s: '-key' option required
\n
"
,
prog
);
return
1
;
}
if
(
!
pass
)
{
fprintf
(
stderr
,
"%s: '-pass' option required
\n
"
,
prog
);
return
1
;
}
memset
(
&
ctx
,
0
,
sizeof
(
ctx
));
memset
(
&
conn
,
0
,
sizeof
(
conn
));
if
(
tls_socket_lib_init
()
!=
1
)
{
error_print
();
return
-
1
;
}
// TLS1.2
// 加密套件 TLS_cipher_ecdhe_sm4_cbc_sm3
// 塞的服务器证书选用的是国密的证书
if
(
tls_ctx_init
(
&
ctx
,
TLS_protocol_tls12
,
TLS_server_mode
)
!=
1
||
tls_ctx_set_cipher_suites
(
&
ctx
,
server_ciphers
,
sizeof
(
server_ciphers
)
/
sizeof
(
int
))
!=
1
||
tls_ctx_set_certificate_and_key
(
&
ctx
,
certfile
,
keyfile
,
pass
)
!=
1
)
{
error_print
();
return
-
1
;
}
if
(
cacertfile
)
{
if
(
tls_ctx_set_ca_certificates
(
&
ctx
,
cacertfile
,
TLS_DEFAULT_VERIFY_DEPTH
)
!=
1
)
{
error_print
();
return
-
1
;
}
}
// Socket
// AF_INET -> TCP
if
(
tls_socket_create
(
&
sock
,
AF_INET
,
SOCK_STREAM
,
0
)
!=
1
)
{
fprintf
(
stderr
,
"%s: create socket error
\n
"
,
prog
);
goto
end
;
}
server_addr
.
sin_family
=
AF_INET
;
server_addr
.
sin_addr
.
s_addr
=
INADDR_ANY
;
server_addr
.
sin_port
=
htons
(
port
);
if
(
tls_socket_bind
(
sock
,
&
server_addr
)
!=
1
)
{
fprintf
(
stderr
,
"%s: socket bind error
\n
"
,
prog
);
goto
end
;
}
puts
(
"start listen ...
\n
"
);
tls_socket_listen
(
sock
,
1
);
restart:
//client_addrlen = sizeof(client_addr);
if
(
tls_socket_accept
(
sock
,
&
client_addr
,
&
conn_sock
)
!=
1
)
{
fprintf
(
stderr
,
"%s: socket accept error
\n
"
,
prog
);
goto
end
;
}
puts
(
"socket connected
\n
"
);
if
(
tls_init
(
&
conn
,
&
ctx
)
!=
1
||
tls_set_socket
(
&
conn
,
conn_sock
)
!=
1
)
{
error_print
();
return
-
1
;
}
//在 tls_do_handshake 中需要增加国密握手流程的部分
// add tlsgm.c
// update tls.c->tls_do_handshake "CASE TLS_protocol_tlsGM"
// 这里 握手协议的 服务端和客户端均走同样的方法适配进行 以 ctx -> isclient 区分角色身份
// 当前还是先让手机端能够通过tls1.2协议 以及国密套件连接到该服务上。
if
(
tls_do_handshake
(
&
conn
)
!=
1
)
{
error_print
();
return
-
1
;
}
for
(;;)
{
int
rv
;
size_t
sentlen
;
do
{
len
=
sizeof
(
buf
);
if
((
rv
=
tls_recv
(
&
conn
,
(
uint8_t
*
)
buf
,
sizeof
(
buf
),
&
len
))
!=
1
)
{
if
(
rv
<
0
)
fprintf
(
stderr
,
"%s: recv failure
\n
"
,
prog
);
else
fprintf
(
stderr
,
"%s: Disconnected by remote
\n
"
,
prog
);
//tls_socket_close(conn.sock); // FIXME:
tls_cleanup
(
&
conn
);
goto
restart
;
}
}
while
(
!
len
);
//
if
(
tls_send
(
&
conn
,
(
uint8_t
*
)
buf
,
len
,
&
sentlen
)
!=
1
)
{
fprintf
(
stderr
,
"%s: send failure, close connection
\n
"
,
prog
);
tls_socket_close
(
conn
.
sock
);
goto
end
;
}
}
end:
return
ret
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
