-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cipher suite selection to test applications.
Signed-off-by: Achim Kraus <[email protected]>
- Loading branch information
Showing
5 changed files
with
197 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,6 +35,7 @@ | |
|
||
#include "global.h" | ||
#include "dtls_debug.h" | ||
#include "dtls_ciphers_util.h" | ||
#include "dtls.h" | ||
|
||
#define DEFAULT_PORT 20220 | ||
|
@@ -228,6 +229,30 @@ send_to_peer(struct dtls_context_t *ctx, | |
&session->addr.sa, session->size); | ||
} | ||
|
||
static const dtls_cipher_t* ciphers = NULL; | ||
static unsigned int force_extended_master_secret = 0; | ||
|
||
static void | ||
get_user_parameters(struct dtls_context_t *ctx, | ||
session_t *session, dtls_user_parameters_t *user_parameters) { | ||
(void) ctx; | ||
(void) session; | ||
user_parameters->force_extended_master_secret = force_extended_master_secret; | ||
if (ciphers) { | ||
int index = 0; | ||
while (index < DTLS_MAX_CIPHER_SUITES) { | ||
user_parameters->cipher_suites[index] = ciphers[index]; | ||
if (ciphers[index] == TLS_NULL_WITH_NULL_NULL) { | ||
break; | ||
} | ||
++index; | ||
} | ||
if (index == DTLS_MAX_CIPHER_SUITES) { | ||
user_parameters->cipher_suites[index] = TLS_NULL_WITH_NULL_NULL; | ||
} | ||
} | ||
} | ||
|
||
static int | ||
dtls_handle_read(struct dtls_context_t *ctx) { | ||
int fd; | ||
|
@@ -328,23 +353,26 @@ usage( const char *program, const char *version) { | |
fprintf(stderr, "%s v%s -- DTLS client implementation\n" | ||
"(c) 2011-2014 Olaf Bergmann <[email protected]>\n\n" | ||
#ifdef DTLS_PSK | ||
"usage: %s [-i file] [-k file] [-o file] [-p port] [-v num] addr [port]\n" | ||
"usage: %s [-i file] [-k file] [-o file] [-p port] [-v num] [-c cipher-suites] [-e] addr [port]\n" | ||
#else /* DTLS_PSK */ | ||
"usage: %s [-o file] [-p port] [-v num] addr [port]\n" | ||
"usage: %s [-o file] [-p port] [-v num] [-c cipher-suites] [-e] addr [port]\n" | ||
#endif /* DTLS_PSK */ | ||
#ifdef DTLS_PSK | ||
"\t-i file\t\tread PSK identity from file\n" | ||
"\t-k file\t\tread pre-shared key from file\n" | ||
#endif /* DTLS_PSK */ | ||
"\t-o file\t\toutput received data to this file (use '-' for STDOUT)\n" | ||
"\t-p port\t\tlisten on specified port (default is %d)\n" | ||
"\t-v num\t\tverbosity level (default: 3)\n", | ||
"\t-v num\t\tverbosity level (default: 3)\n" | ||
"\t-e\t\tforce extended master secret (RFC7627)\n", | ||
program, version, program, DEFAULT_PORT); | ||
cipher_suites_usage(stderr, "\t"); | ||
} | ||
|
||
static dtls_handler_t cb = { | ||
.write = send_to_peer, | ||
.read = read_from_peer, | ||
.get_user_parameters = get_user_parameters, | ||
.event = NULL, | ||
#ifdef DTLS_PSK | ||
.get_psk_info = get_psk_info, | ||
|
@@ -393,7 +421,7 @@ main(int argc, char **argv) { | |
memcpy(psk_key, PSK_DEFAULT_KEY, psk_key_length); | ||
#endif /* DTLS_PSK */ | ||
|
||
while ((opt = getopt(argc, argv, "p:o:v:" PSK_OPTIONS)) != -1) { | ||
while ((opt = getopt(argc, argv, "ep:o:v:c:" PSK_OPTIONS)) != -1) { | ||
switch (opt) { | ||
#ifdef DTLS_PSK | ||
case 'i' : | ||
|
@@ -432,6 +460,12 @@ main(int argc, char **argv) { | |
case 'v' : | ||
log_level = strtol(optarg, NULL, 10); | ||
break; | ||
case 'c' : | ||
ciphers = init_cipher_suites(optarg); | ||
break; | ||
case 'e' : | ||
force_extended_master_secret = 1; | ||
break; | ||
default: | ||
usage(argv[0], dtls_package_version()); | ||
exit(1); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,8 +27,9 @@ | |
#include <signal.h> | ||
|
||
#include "tinydtls.h" | ||
#include "dtls.h" | ||
#include "dtls_debug.h" | ||
#include "dtls_ciphers_util.h" | ||
#include "dtls.h" | ||
|
||
#ifdef IS_WINDOWS | ||
#include <winsock2.h> | ||
|
@@ -191,6 +192,30 @@ send_to_peer(struct dtls_context_t *ctx, | |
&session->addr.sa, session->size); | ||
} | ||
|
||
static const dtls_cipher_t* ciphers = NULL; | ||
static unsigned int force_extended_master_secret = 0; | ||
|
||
static void | ||
get_user_parameters(struct dtls_context_t *ctx, | ||
session_t *session, dtls_user_parameters_t *user_parameters) { | ||
(void) ctx; | ||
(void) session; | ||
user_parameters->force_extended_master_secret = force_extended_master_secret; | ||
if (ciphers) { | ||
int index = 0; | ||
while (index < DTLS_MAX_CIPHER_SUITES) { | ||
user_parameters->cipher_suites[index] = ciphers[index]; | ||
if (ciphers[index] == TLS_NULL_WITH_NULL_NULL) { | ||
break; | ||
} | ||
++index; | ||
} | ||
if (index == DTLS_MAX_CIPHER_SUITES) { | ||
user_parameters->cipher_suites[index] = TLS_NULL_WITH_NULL_NULL; | ||
} | ||
} | ||
} | ||
|
||
static int | ||
dtls_handle_read(struct dtls_context_t *ctx) { | ||
int *fd; | ||
|
@@ -283,17 +308,20 @@ usage(const char *program, const char *version) { | |
program = ++p; | ||
|
||
fprintf(stderr, "%s v%s -- DTLS server implementation\n" | ||
"(c) 2011-2014 Olaf Bergmann <[email protected]>\n\n" | ||
"usage: %s [-A address] [-p port] [-v num]\n" | ||
"(c) 2011-2014 Olaf Bergmann <[email protected]>\n\n" | ||
"usage: %s [-A address] [-p port] [-v num] [-c cipher-suites] [-e]\n" | ||
"\t-A address\t\tlisten on specified address (default is ::)\n" | ||
"\t-p port\t\tlisten on specified port (default is %d)\n" | ||
"\t-v num\t\tverbosity level (default: 3)\n", | ||
"\t-v num\t\tverbosity level (default: 3)\n" | ||
"\t-e\t\tforce extended master secret (RFC7627)\n", | ||
program, version, program, DEFAULT_PORT); | ||
cipher_suites_usage(stderr, "\t"); | ||
} | ||
|
||
static dtls_handler_t cb = { | ||
.write = send_to_peer, | ||
.read = read_from_peer, | ||
.get_user_parameters = get_user_parameters, | ||
.event = NULL, | ||
#ifdef DTLS_PSK | ||
.get_psk_info = get_psk_info, | ||
|
@@ -328,7 +356,7 @@ main(int argc, char **argv) { | |
listen_addr.sin6_family = AF_INET6; | ||
listen_addr.sin6_addr = in6addr_any; | ||
|
||
while ((opt = getopt(argc, argv, "A:p:v:")) != -1) { | ||
while ((opt = getopt(argc, argv, "eA:p:v:c:")) != -1) { | ||
switch (opt) { | ||
case 'A' : | ||
if (resolve_address(optarg, (struct sockaddr *)&listen_addr) < 0) { | ||
|
@@ -342,6 +370,12 @@ main(int argc, char **argv) { | |
case 'v' : | ||
log_level = strtol(optarg, NULL, 10); | ||
break; | ||
case 'c' : | ||
ciphers = init_cipher_suites(optarg); | ||
break; | ||
case 'e' : | ||
force_extended_master_secret = 1; | ||
break; | ||
default: | ||
usage(argv[0], dtls_package_version()); | ||
exit(1); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/******************************************************************************* | ||
* | ||
* Copyright (c) 2022 Contributors to the Eclipse Foundation. | ||
* | ||
* All rights reserved. This program and the accompanying materials | ||
* are made available under the terms of the Eclipse Public License v1.0 | ||
* and Eclipse Distribution License v. 1.0 which accompanies this distribution. | ||
* | ||
* The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html | ||
* and the Eclipse Distribution License is available at | ||
* http://www.eclipse.org/org/documents/edl-v10.php. | ||
* | ||
*******************************************************************************/ | ||
|
||
#include <string.h> | ||
|
||
#include "dtls_ciphers_util.h" | ||
|
||
|
||
struct cipher_entry { | ||
const char* name; | ||
const dtls_cipher_t cipher; | ||
}; | ||
|
||
#define CIPHER_ENTRY(X) { .name = #X, .cipher = X } | ||
#define ARRAY_LENGTH (sizeof(map)/sizeof(struct cipher_entry)) | ||
#define SEP ':' | ||
|
||
static const struct cipher_entry map[] = { | ||
#ifdef DTLS_PSK | ||
CIPHER_ENTRY(TLS_PSK_WITH_AES_128_CCM), | ||
CIPHER_ENTRY(TLS_PSK_WITH_AES_128_CCM_8), | ||
#endif /* DTLS_PSK */ | ||
#ifdef DTLS_ECC | ||
CIPHER_ENTRY(TLS_ECDHE_ECDSA_WITH_AES_128_CCM), | ||
CIPHER_ENTRY(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), | ||
#endif /* DTLS_ECC */ | ||
{ .name = NULL, .cipher = TLS_NULL_WITH_NULL_NULL} | ||
}; | ||
|
||
static dtls_cipher_t ciphers_table[ARRAY_LENGTH] = { TLS_NULL_WITH_NULL_NULL }; | ||
|
||
static dtls_cipher_t find_cipher_suite(const char *arg) { | ||
for (size_t index=0; index < ARRAY_LENGTH - 1; ++index) { | ||
size_t len = strlen(map[index].name); | ||
if (strncmp(arg, map[index].name, len) == 0 && (arg[len] == 0 || arg[len] == SEP)) { | ||
return map[index].cipher; | ||
} | ||
} | ||
return TLS_NULL_WITH_NULL_NULL; | ||
} | ||
|
||
static void add_cipher_suite(dtls_cipher_t cipher) { | ||
for (size_t index=0; index < ARRAY_LENGTH - 1; ++index) { | ||
if (ciphers_table[index] == cipher) { | ||
return; | ||
} | ||
if (ciphers_table[index] == TLS_NULL_WITH_NULL_NULL) { | ||
ciphers_table[index] = cipher; | ||
ciphers_table[index + 1] = TLS_NULL_WITH_NULL_NULL; | ||
return; | ||
} | ||
} | ||
} | ||
|
||
const dtls_cipher_t* | ||
init_cipher_suites(const char* arg) { | ||
while (arg) { | ||
dtls_cipher_t cipher = find_cipher_suite(arg); | ||
if (cipher != TLS_NULL_WITH_NULL_NULL) { | ||
add_cipher_suite(cipher); | ||
} | ||
arg = strchr(arg, SEP); | ||
if (arg) { | ||
++arg; | ||
} | ||
} | ||
return ciphers_table; | ||
} | ||
|
||
void | ||
cipher_suites_usage(FILE* file, const char* head) { | ||
fprintf(file, "%s-c ciphers\tlist of cipher-suites separated by ':'\n", head); | ||
fprintf(file, "%s\t\t(default is ", head); | ||
#if defined(DTLS_PSK) && defined(DTLS_ECC) | ||
fprintf(file, "%s:%s\n", map[0].name, map[1].name); | ||
fprintf(file, "%s\t\t :%s:%s)\n", head, map[2].name, map[3].name); | ||
#elif defined(DTLS_PSK) || defined(DTLS_ECC) | ||
fprintf(file, "%s:%s)\n", map[0].name, map[1].name); | ||
#endif | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/******************************************************************************* | ||
* | ||
* Copyright (c) 2022 Contributors to the Eclipse Foundation. | ||
* | ||
* All rights reserved. This program and the accompanying materials | ||
* are made available under the terms of the Eclipse Public License v1.0 | ||
* and Eclipse Distribution License v. 1.0 which accompanies this distribution. | ||
* | ||
* The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html | ||
* and the Eclipse Distribution License is available at | ||
* http://www.eclipse.org/org/documents/edl-v10.php. | ||
* | ||
*******************************************************************************/ | ||
|
||
#ifndef _DTLS_CIPHERS_UTIL_H_ | ||
#define _DTLS_CIPHERS_UTIL_H_ | ||
|
||
#include <stdio.h> | ||
|
||
#include "global.h" | ||
|
||
const dtls_cipher_t* init_cipher_suites(const char* arg); | ||
|
||
void cipher_suites_usage(FILE* file, const char* head); | ||
|
||
#endif /* _DTLS_CIPHERS_UTIL_H_ */ |