]> git.saurik.com Git - apple/security.git/blob - dtlsEcho/dtlsEchoServer.c
Security-59754.80.3.tar.gz
[apple/security.git] / dtlsEcho / dtlsEchoServer.c
1 /*
2 * Copyright (c) 2011-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <Security/Security.h>
26 #include <Security/SecBase.h>
27
28 #include "../sslViewer/sslAppUtils.h"
29
30 #include <stdlib.h>
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <netinet/in.h>
34 #include <arpa/inet.h>
35 #include <stdio.h>
36 #include <errno.h>
37 #include <unistd.h> /* close() */
38 #include <string.h> /* memset() */
39 #include <fcntl.h>
40 #include <time.h>
41
42 #ifdef NO_SERVER
43 #include "keychain/securityd/spi.h"
44 #endif
45
46 #define PORT 23232
47
48 static
49 unsigned char ServerRSA_Key_der[] = {
50 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xab,
51 0x05, 0xba, 0xdc, 0x2d, 0xb3, 0x03, 0xf1, 0x6c, 0x60, 0x7f, 0x5e, 0x80,
52 0x85, 0x54, 0x24, 0xc7, 0x87, 0x6e, 0xe5, 0xf1, 0xae, 0x76, 0x59, 0xe3,
53 0x4b, 0x9c, 0xff, 0xa2, 0x41, 0xfc, 0x40, 0xf8, 0xa8, 0x33, 0x12, 0xa9,
54 0x1b, 0x1a, 0xc5, 0xe8, 0xef, 0xb1, 0xe3, 0x75, 0x0b, 0xd2, 0x28, 0x49,
55 0x48, 0x64, 0x9c, 0x3d, 0x89, 0xb6, 0xf8, 0xa5, 0x93, 0xd0, 0x29, 0x8c,
56 0x9e, 0x7a, 0xf6, 0x00, 0x20, 0x08, 0x52, 0x08, 0xdc, 0x1d, 0x17, 0x8b,
57 0x44, 0x4e, 0x32, 0x13, 0xdc, 0xb1, 0x50, 0xa5, 0xf0, 0x94, 0x25, 0x50,
58 0xfa, 0x1e, 0xe3, 0xae, 0x66, 0x19, 0x13, 0x3e, 0x20, 0x86, 0x05, 0x9c,
59 0xda, 0xd9, 0xff, 0x8f, 0x72, 0x6e, 0xf5, 0xc1, 0xfd, 0x86, 0xae, 0x26,
60 0xcc, 0x4b, 0xc8, 0x9f, 0xa9, 0xd6, 0x3a, 0x1f, 0xb6, 0x8a, 0x8f, 0x04,
61 0x2d, 0xbb, 0xa4, 0x47, 0xb3, 0xfb, 0xf9, 0x02, 0x03, 0x01, 0x00, 0x01,
62 0x02, 0x81, 0x80, 0x38, 0x04, 0xf1, 0x77, 0x4b, 0xb4, 0xd6, 0xb6, 0xce,
63 0xf4, 0x30, 0xe4, 0x68, 0x9e, 0xc3, 0xb8, 0x24, 0x6f, 0x75, 0x60, 0xf6,
64 0xb0, 0x59, 0xee, 0x09, 0xa8, 0xeb, 0xed, 0x44, 0x5d, 0xee, 0xdd, 0xed,
65 0x55, 0x53, 0x1d, 0x6a, 0xad, 0x09, 0x31, 0x08, 0xa2, 0xf3, 0x16, 0xf9,
66 0x70, 0xfc, 0xce, 0xdb, 0x6a, 0x4e, 0x22, 0x6b, 0x79, 0xdf, 0xa8, 0x44,
67 0xbc, 0x4d, 0x34, 0x3e, 0xee, 0x6e, 0x81, 0xfa, 0xe5, 0xf4, 0x62, 0x95,
68 0x30, 0xce, 0x49, 0x11, 0x42, 0x2b, 0x2e, 0x6a, 0x87, 0x0c, 0x6a, 0x1f,
69 0xaf, 0x22, 0xec, 0x32, 0x6b, 0x3e, 0x1b, 0xc3, 0xcb, 0xb4, 0x46, 0xd6,
70 0x14, 0xd0, 0x52, 0x6b, 0x4c, 0x63, 0x74, 0xcb, 0xbe, 0xeb, 0xf8, 0xbf,
71 0x31, 0xd6, 0xe3, 0x42, 0x1f, 0x77, 0x68, 0xf2, 0xf2, 0xf0, 0xf4, 0x24,
72 0x10, 0x5f, 0x9c, 0x3c, 0x5c, 0xbb, 0x5b, 0x19, 0xed, 0x30, 0x01, 0x02,
73 0x41, 0x00, 0xd2, 0x72, 0x8b, 0xd9, 0x1a, 0x8d, 0xcb, 0xa2, 0x56, 0x6b,
74 0x3b, 0x78, 0xf3, 0x7a, 0xd4, 0x97, 0x90, 0xcd, 0xcd, 0x5a, 0x32, 0x06,
75 0x3d, 0xb0, 0xc2, 0xfb, 0x9f, 0x95, 0x51, 0x63, 0xcf, 0xcd, 0x5c, 0xcb,
76 0x4b, 0xa7, 0xe5, 0x5f, 0xd0, 0xd3, 0x5a, 0xc8, 0x92, 0xe1, 0xde, 0xe0,
77 0x83, 0x86, 0xfe, 0xdd, 0xe1, 0xb4, 0x00, 0x72, 0x25, 0xb4, 0x20, 0x19,
78 0xf6, 0x94, 0xf8, 0xfd, 0x4e, 0x01, 0x02, 0x41, 0x00, 0xd0, 0x0a, 0x89,
79 0x2a, 0x99, 0x49, 0x35, 0x60, 0x14, 0x8d, 0x2c, 0xe7, 0x72, 0xa0, 0x19,
80 0xd6, 0x86, 0x60, 0x0d, 0xa6, 0x44, 0x89, 0x30, 0x98, 0xea, 0xeb, 0xdf,
81 0xfb, 0xb5, 0x56, 0x23, 0x3c, 0xe4, 0xc9, 0x76, 0x4f, 0x90, 0x8e, 0x55,
82 0x7d, 0x51, 0xcb, 0x41, 0xf1, 0x73, 0xb0, 0xa9, 0x8b, 0x36, 0xf9, 0x1a,
83 0xfe, 0x6f, 0xa3, 0x2e, 0x13, 0x30, 0xc4, 0xe3, 0x2c, 0x51, 0x7d, 0x1d,
84 0xf9, 0x02, 0x40, 0x6e, 0x72, 0x55, 0x79, 0x04, 0x99, 0xa4, 0x64, 0xb7,
85 0x8c, 0x21, 0xb3, 0x51, 0xbd, 0x86, 0x33, 0x61, 0x78, 0xd1, 0x2c, 0x64,
86 0x12, 0xa8, 0x6f, 0xcb, 0x75, 0x39, 0x84, 0xa9, 0x29, 0x84, 0x16, 0xd8,
87 0x7b, 0x8d, 0x62, 0x39, 0x5c, 0x77, 0x01, 0x65, 0xa4, 0xdc, 0x89, 0x94,
88 0x6a, 0x2a, 0x3d, 0x40, 0x27, 0x7c, 0xdb, 0xf6, 0x5b, 0xf1, 0xf3, 0xbd,
89 0xe1, 0x42, 0x6b, 0x5e, 0xdd, 0xba, 0x01, 0x02, 0x40, 0x6b, 0x56, 0x14,
90 0x41, 0x23, 0x47, 0x2f, 0x3f, 0xbc, 0x3a, 0xbe, 0x81, 0x47, 0x95, 0xac,
91 0xdf, 0x0f, 0x03, 0x7d, 0xe7, 0x5c, 0x13, 0x00, 0x3c, 0xd5, 0x70, 0x0f,
92 0x67, 0x19, 0xbf, 0x30, 0x7d, 0x19, 0x79, 0x8c, 0x0e, 0x2f, 0x02, 0x10,
93 0xbf, 0x90, 0xb4, 0xf2, 0xf7, 0xf5, 0x7d, 0x9f, 0x6c, 0x11, 0x57, 0xe3,
94 0x02, 0x85, 0x6c, 0xc6, 0xb7, 0xe6, 0x00, 0x9f, 0x48, 0xdd, 0x5e, 0x55,
95 0x59, 0x02, 0x40, 0x51, 0xb5, 0xaf, 0x36, 0x4b, 0x91, 0x6c, 0x89, 0x19,
96 0x44, 0x96, 0x6c, 0x4a, 0x94, 0x58, 0x29, 0x5c, 0x38, 0xd4, 0x6b, 0x24,
97 0xdc, 0x3b, 0xb1, 0x66, 0xc1, 0x3c, 0xc8, 0x17, 0x97, 0xb7, 0x05, 0xd9,
98 0x18, 0xb6, 0x43, 0x16, 0xf8, 0xf9, 0x5e, 0xed, 0x7e, 0x6f, 0xc4, 0xa6,
99 0x6a, 0x3a, 0xc7, 0xc0, 0x21, 0x6b, 0x39, 0xac, 0xf3, 0xf6, 0x40, 0xd5,
100 0x25, 0xf7, 0x44, 0x1d, 0xd4, 0xb2, 0x37
101 };
102
103 static
104 unsigned char ServerRSA_Cert_CA_RSA_der[] = {
105 0x30, 0x82, 0x02, 0x69, 0x30, 0x82, 0x01, 0x51, 0xa0, 0x03, 0x02, 0x01,
106 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
107 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x25, 0x31, 0x23, 0x30,
108 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x53, 0x65, 0x63, 0x75,
109 0x72, 0x69, 0x74, 0x79, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x20,
110 0x43, 0x65, 0x72, 0x74, 0x20, 0x28, 0x52, 0x53, 0x41, 0x29, 0x30, 0x20,
111 0x17, 0x0d, 0x31, 0x35, 0x30, 0x33, 0x32, 0x33, 0x30, 0x37, 0x31, 0x30,
112 0x32, 0x36, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35, 0x35, 0x30, 0x33, 0x31,
113 0x33, 0x30, 0x37, 0x31, 0x30, 0x32, 0x36, 0x5a, 0x30, 0x3e, 0x31, 0x28,
114 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, 0x63,
115 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x65, 0x73, 0x74, 0x73, 0x20, 0x53,
116 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x28,
117 0x52, 0x53, 0x41, 0x29, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
118 0x03, 0x13, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
119 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
120 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
121 0x89, 0x02, 0x81, 0x81, 0x00, 0xab, 0x05, 0xba, 0xdc, 0x2d, 0xb3, 0x03,
122 0xf1, 0x6c, 0x60, 0x7f, 0x5e, 0x80, 0x85, 0x54, 0x24, 0xc7, 0x87, 0x6e,
123 0xe5, 0xf1, 0xae, 0x76, 0x59, 0xe3, 0x4b, 0x9c, 0xff, 0xa2, 0x41, 0xfc,
124 0x40, 0xf8, 0xa8, 0x33, 0x12, 0xa9, 0x1b, 0x1a, 0xc5, 0xe8, 0xef, 0xb1,
125 0xe3, 0x75, 0x0b, 0xd2, 0x28, 0x49, 0x48, 0x64, 0x9c, 0x3d, 0x89, 0xb6,
126 0xf8, 0xa5, 0x93, 0xd0, 0x29, 0x8c, 0x9e, 0x7a, 0xf6, 0x00, 0x20, 0x08,
127 0x52, 0x08, 0xdc, 0x1d, 0x17, 0x8b, 0x44, 0x4e, 0x32, 0x13, 0xdc, 0xb1,
128 0x50, 0xa5, 0xf0, 0x94, 0x25, 0x50, 0xfa, 0x1e, 0xe3, 0xae, 0x66, 0x19,
129 0x13, 0x3e, 0x20, 0x86, 0x05, 0x9c, 0xda, 0xd9, 0xff, 0x8f, 0x72, 0x6e,
130 0xf5, 0xc1, 0xfd, 0x86, 0xae, 0x26, 0xcc, 0x4b, 0xc8, 0x9f, 0xa9, 0xd6,
131 0x3a, 0x1f, 0xb6, 0x8a, 0x8f, 0x04, 0x2d, 0xbb, 0xa4, 0x47, 0xb3, 0xfb,
132 0xf9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x0d, 0x30, 0x0b, 0x30, 0x09,
133 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, 0x06,
134 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
135 0x03, 0x82, 0x01, 0x01, 0x00, 0xa7, 0x35, 0x63, 0xc8, 0x0a, 0xf7, 0xae,
136 0x0f, 0xe8, 0x10, 0x50, 0xb0, 0x79, 0x04, 0xa5, 0xf3, 0x48, 0x5d, 0x0a,
137 0x7a, 0x6b, 0xd0, 0xef, 0x17, 0x43, 0xe5, 0x21, 0xd4, 0xbb, 0xef, 0xac,
138 0x04, 0x21, 0x50, 0x7d, 0xd8, 0xe8, 0xf1, 0x3f, 0xd1, 0xb7, 0xa5, 0x93,
139 0xb4, 0xa8, 0xec, 0x23, 0xbe, 0xb6, 0xd9, 0xcc, 0xbe, 0x3c, 0x81, 0x34,
140 0x25, 0x24, 0x81, 0x1e, 0xd9, 0x8c, 0xd6, 0x20, 0x14, 0x36, 0x83, 0x29,
141 0x7f, 0x56, 0xcd, 0xc3, 0x90, 0xd0, 0x2d, 0x54, 0x8b, 0x05, 0xcb, 0xab,
142 0xb1, 0xf2, 0x44, 0xfc, 0xba, 0x73, 0xbf, 0x97, 0xc2, 0x2b, 0x5a, 0x6a,
143 0x49, 0x27, 0x29, 0x7c, 0xb7, 0xb1, 0x4a, 0x1f, 0x28, 0x41, 0x05, 0x63,
144 0x58, 0x8e, 0xd5, 0x7e, 0x46, 0x74, 0x11, 0x01, 0x72, 0x93, 0x1f, 0xea,
145 0xf7, 0x37, 0x4a, 0xfa, 0x84, 0x53, 0xb6, 0x3c, 0x0e, 0xde, 0xe5, 0x1c,
146 0x12, 0x86, 0x0a, 0xf6, 0x8b, 0xac, 0xc8, 0xb5, 0x9a, 0x9b, 0xd2, 0x28,
147 0x15, 0x18, 0x83, 0x0a, 0xfc, 0x47, 0x1a, 0xcf, 0xed, 0xa1, 0x95, 0x4e,
148 0xcc, 0x3c, 0x2a, 0x9a, 0xdf, 0x09, 0xec, 0x28, 0x20, 0xfd, 0xc5, 0x42,
149 0xf1, 0xd8, 0x2f, 0x21, 0x88, 0xec, 0xe2, 0x24, 0xb2, 0xe2, 0x45, 0x5a,
150 0xce, 0xb4, 0x78, 0xb3, 0x30, 0x38, 0x0e, 0x1c, 0x6a, 0xa3, 0x04, 0x0e,
151 0xac, 0xa4, 0x97, 0xe3, 0xc1, 0x46, 0x0a, 0x9d, 0x65, 0x9a, 0xe9, 0x02,
152 0x12, 0xf0, 0x88, 0x58, 0xc6, 0xde, 0xe5, 0x23, 0x42, 0x3c, 0x58, 0x52,
153 0x27, 0x1a, 0xe2, 0xf5, 0x4a, 0x21, 0x47, 0xb2, 0x13, 0x0c, 0xb2, 0xd0,
154 0xcc, 0xb3, 0xfd, 0x66, 0x2a, 0xa6, 0x38, 0x5b, 0xe6, 0x2e, 0x90, 0x9e,
155 0x62, 0x3f, 0x7e, 0x60, 0xee, 0xd4, 0x02, 0x58, 0x7d, 0x5c, 0xf8, 0x39,
156 0x27, 0xa9, 0xdb, 0x3e, 0x24, 0x3c, 0xc0, 0xde, 0xc8
157 };
158
159
160 static void dumppacket(const unsigned char *data, unsigned long len)
161 {
162 unsigned long i;
163 for(i=0;i<len;i++)
164 {
165 if((i&0xf)==0) printf("%04lx :",i);
166 printf(" %02x", data[i]);
167 if((i&0xf)==0xf) printf("\n");
168 }
169 printf("\n");
170 }
171
172
173 /* 2K should be enough for everybody */
174 #define MTU 2048
175 static unsigned char readBuffer[MTU];
176 static unsigned int readOff=0;
177 static size_t readLeft=0;
178
179 static
180 OSStatus SocketRead(
181 SSLConnectionRef connection,
182 void *data,
183 size_t *dataLength)
184 {
185 int fd = (int)connection;
186 ssize_t len;
187 uint8_t *d=readBuffer;
188
189 if(readLeft==0)
190 {
191 len = read(fd, readBuffer, MTU);
192
193 if(len>0) {
194 readOff=0;
195 readLeft=(size_t) len;
196 printf("SocketRead: %ld bytes... epoch: %02x seq=%02x%02x\n",
197 len, d[4], d[9], d[10]);
198 } else {
199 int theErr = errno;
200 switch(theErr) {
201 case EAGAIN:
202 // printf("SocketRead: EAGAIN\n");
203 *dataLength=0;
204 /* nonblocking, no data */
205 return errSSLWouldBlock;
206 default:
207 perror("SocketRead");
208 return errSecIO;
209 }
210 }
211 }
212
213 if(readLeft<*dataLength) {
214 *dataLength=readLeft;
215 }
216
217 memcpy(data, readBuffer+readOff, *dataLength);
218 readLeft-=*dataLength;
219 readOff+=*dataLength;
220
221
222 return errSecSuccess;
223
224 }
225
226
227 static
228 OSStatus SocketWrite(
229 SSLConnectionRef connection,
230 const void *data,
231 size_t *dataLength) /* IN/OUT */
232 {
233 int fd = (int)connection;
234 ssize_t len;
235 OSStatus err = errSecSuccess;
236 const uint8_t *d=data;
237
238 #if 0
239 if((rand()&3)==1) {
240 /* drop 1/8 packets */
241 printf("SocketWrite: Drop %ld bytes... epoch: %02x seq=%02x%02x\n",
242 *dataLength, d[4], d[9], d[10]);
243 return errSecSuccess;
244 }
245 #endif
246
247 len = send(fd, data, *dataLength, 0);
248
249 if(len>0) {
250 *dataLength=(size_t)len;
251
252 printf("SocketWrite: Sent %ld bytes... epoch: %02x seq=%02x%02x\n",
253 len, d[4], d[9], d[10]);
254
255 return err;
256 }
257
258 int theErr = errno;
259 switch(theErr) {
260 case EAGAIN:
261 /* nonblocking, no data */
262 err = errSSLWouldBlock;
263 break;
264 default:
265 perror("SocketWrite");
266 err = errSecIO;
267 break;
268 }
269
270 return err;
271
272 }
273
274
275 int main(int argc, char **argv)
276 {
277 struct sockaddr_in sa; /* server address for bind */
278 struct sockaddr_in ca; /* client address for connect */
279 int fd;
280 ssize_t l;
281
282 #ifdef NO_SERVER
283 # if DEBUG
284 securityd_init();
285 # endif
286 #endif
287
288 if ((fd=socket(AF_INET, SOCK_DGRAM, 0))==-1) {
289 perror("socket");
290 return errno;
291 }
292
293 time_t seed=time(NULL);
294 // time_t seed=1298952496;
295 srand((unsigned)seed);
296 printf("Random drop initialized with seed = %lu\n", seed);
297
298 memset((char *) &sa, 0, sizeof(sa));
299 sa.sin_family = AF_INET;
300 sa.sin_port = htons(PORT);
301 sa.sin_addr.s_addr = htonl(INADDR_ANY);
302
303 if(bind (fd, (struct sockaddr *)&sa, sizeof(sa))==-1)
304 {
305 perror("bind");
306 return errno;
307 }
308
309 printf("Waiting for first packet...\n");
310 /* PEEK only... */
311 socklen_t slen=sizeof(ca);
312 char b;
313 if((l=recvfrom(fd, &b, 1, MSG_PEEK, (struct sockaddr *)&ca, &slen))==-1)
314 {
315 perror("recvfrom");
316 return errno;
317 }
318
319 printf("Received packet from %s (%ld), connecting...\n", inet_ntoa(ca.sin_addr), l);
320
321 if(connect(fd, (struct sockaddr *)&ca, sizeof(ca))==-1)
322 {
323 perror("connect");
324 return errno;
325 }
326
327 /* Change to non blocking */
328 fcntl(fd, F_SETFL, O_NONBLOCK);
329
330
331 SSLConnectionRef c=(SSLConnectionRef)(intptr_t)fd;
332
333
334 OSStatus ortn;
335 SSLContextRef ctx = NULL;
336
337 SSLClientCertificateState certState;
338 SSLCipherSuite negCipher;
339
340 /*
341 * Set up a SecureTransport session.
342 */
343 ortn = SSLNewDatagramContext(true, &ctx);
344 if(ortn) {
345 printSslErrStr("SSLNewDatagramContext", ortn);
346 return ortn;
347 }
348
349 #pragma clang diagnostic push
350 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
351
352 ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite);
353 if(ortn) {
354 printSslErrStr("SSLSetIOFuncs", ortn);
355 return ortn;
356 }
357
358 ortn = SSLSetConnection(ctx, c);
359 if(ortn) {
360 printSslErrStr("SSLSetConnection", ortn);
361 return ortn;
362 }
363
364 ortn = SSLSetDatagramHelloCookie(ctx, &ca, 32);
365 if(ortn) {
366 printSslErrStr("SSLSetDatagramHelloCookie", ortn);
367 return ortn;
368 }
369
370 ortn = SSLSetMaxDatagramRecordSize(ctx, 400);
371 if(ortn) {
372 printSslErrStr("SSLSetMaxDatagramRecordSize", ortn);
373 return ortn;
374 }
375
376 /* Lets not verify the cert, which is a random test cert */
377 ortn = SSLSetEnableCertVerify(ctx, false);
378 if(ortn) {
379 printSslErrStr("SSLSetEnableCertVerify", ortn);
380 return ortn;
381 }
382
383 ortn = SSLSetCertificate(ctx, chain_from_der(false, ServerRSA_Key_der, sizeof(ServerRSA_Key_der),
384 ServerRSA_Cert_CA_RSA_der, sizeof(ServerRSA_Cert_CA_RSA_der)));
385 if(ortn) {
386 printSslErrStr("SSLSetCertificate", ortn);
387 return ortn;
388 }
389
390 ortn = SSLSetClientSideAuthenticate(ctx, kAlwaysAuthenticate);
391 if(ortn) {
392 printSslErrStr("SSLSetCertificate", ortn);
393 return ortn;
394 }
395
396 printf("Server Handshake...\n");
397 do {
398 ortn = SSLHandshake(ctx);
399 if(ortn == errSSLWouldBlock) {
400 /* keep UI responsive */
401 sslOutputDot();
402 }
403 } while (ortn == errSSLWouldBlock);
404
405 if(ortn) {
406 printSslErrStr("SSLHandshake", ortn);
407 return ortn;
408 }
409
410 SSLGetClientCertificateState(ctx, &certState);
411 SSLGetNegotiatedCipher(ctx, &negCipher);
412
413 printf("Server Handshake done. Cipher is %s\n", sslGetCipherSuiteString(negCipher));
414
415 unsigned char buffer[MTU];
416 size_t len, readLen;
417
418 while(1) {
419 while((ortn=SSLRead(ctx, buffer, MTU, &readLen))==errSSLWouldBlock);
420 if(ortn) {
421 printSslErrStr("SSLRead", ortn);
422 break;
423 }
424 buffer[readLen]=0;
425 printf("Received %lu bytes:\n", readLen);
426 dumppacket(buffer, readLen);
427
428 ortn=SSLWrite(ctx, buffer, readLen, &len);
429 if(ortn) {
430 printSslErrStr("SSLRead", ortn);
431 break;
432 }
433 printf("Echoing %lu bytes\n", len);
434 }
435
436 SSLDisposeContext(ctx);
437
438 #pragma clang diagnostic pop
439
440 return ortn;
441 }