PoliEcho/pupes-message
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pupes-message/relay/main.cpp
PoliEcho 3b73f82938 init
2025-05-02 13:24:10 +02:00

228 lines
6.2 KiB
C++
Raw Blame History

#include "../common/defines.h"
#include <algorithm>
#include <arpa/inet.h>
#include <fstream>
#include <iostream>
#include <mutex>
#include <netinet/in.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <sys/socket.h>
#include <thread>
#include <unistd.h>
#include <vector>
#define PORT 9009
struct Client {
SSL *ssl;
int socket;
};
std::vector<Client> clients;
std::mutex clients_mutex;
void handle_client(SSL *ssl, int client_socket) {
char buffer[BUFFER_SIZE];
while (true) {
// Read data securely using OpenSSL
int bytes_read = SSL_read(ssl, buffer, sizeof(buffer));
if (bytes_read <= 0) {
// Check for OpenSSL specific errors
int err = SSL_get_error(ssl, bytes_read);
if (err == SSL_ERROR_WANT_READ)
continue;
break; // Client disconnected or error occurred
}
// Broadcast to all other clients
std::lock_guard<std::mutex> lock(clients_mutex);
for (const auto &client : clients) {
if (client.socket != client_socket) {
// Send data securely using OpenSSL
SSL_write(client.ssl, buffer, bytes_read);
}
}
}
// Clean up when client disconnects
std::lock_guard<std::mutex> lock(clients_mutex);
clients.erase(std::remove_if(clients.begin(), clients.end(),
[client_socket](const Client &c) {
return c.socket == client_socket;
}),
clients.end());
// Free OpenSSL resources
SSL_free(ssl);
close(client_socket);
}
int main() {
// Initialize OpenSSL
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
// Create a TLS 1.3 server context
SSL_CTX *ctx = SSL_CTX_new(TLS_server_method());
if (ctx == NULL) {
std::cerr << "Failed to create SSL_CTX" << std::endl;
ERR_print_errors_fp(stderr);
return 1;
}
// Set min/max protocol to TLS 1.3
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
// Load ML-DSA post-quantum certificates and keys
if (SSL_CTX_use_certificate_file(ctx, "certs/mldsa87_entity_cert.pem",
SSL_FILETYPE_PEM) != 1) {
std::cerr << "Error loading certificate file" << std::endl;
ERR_print_errors_fp(stderr);
std::ifstream file("certs/mldsa87_entity_cert.pem");
if (file) {
std::cout << "Certificate file exists and is readable" << std::endl;
} else {
std::cout << "Cannot access certificate file" << std::endl;
}
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, "certs/mldsa87_entity_key.pem",
SSL_FILETYPE_PEM) != 1) {
std::cerr << "Error loading private key file" << std::endl;
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Load CA certificate for client verification
if (SSL_CTX_load_verify_locations(ctx, "certs/mldsa87_root_cert.pem", NULL) !=
1) {
std::cerr << "Error loading CA certificate" << std::endl;
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Configure TLS 1.3 cipher suites
if (SSL_CTX_set_ciphersuites(ctx, "TLS_AES_256_GCM_SHA384") != 1) {
std::cerr << "Error setting cipher suites" << std::endl;
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Create a TCP socket
int server_fd = socket(AF_INET, SOCK_STREAM, 0);
if (server_fd < 0) {
std::cerr << "Socket creation failed" << std::endl;
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Set socket options
int opt = 1;
if (setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) {
std::cerr << "setsockopt failed" << std::endl;
close(server_fd);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Bind socket to port
sockaddr_in address{};
address.sin_family = AF_INET;
address.sin_addr.s_addr = INADDR_ANY;
address.sin_port = htons(PORT);
if (bind(server_fd, (sockaddr *)&address, sizeof(address)) < 0) {
std::cerr << "Bind failed" << std::endl;
close(server_fd);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
// Listen for connections
if (listen(server_fd, 5) < 0) {
std::cerr << "Listen failed" << std::endl;
close(server_fd);
SSL_CTX_free(ctx);
EVP_cleanup();
return 1;
}
std::cout << "Secure server started on port " << PORT << std::endl;
std::cout << "Using TLS 1.3 with post-quantum cryptography" << std::endl;
// Accept and handle client connections
while (true) {
sockaddr_in client_addr{};
socklen_t client_len = sizeof(client_addr);
int client_socket =
accept(server_fd, (sockaddr *)&client_addr, &client_len);
if (client_socket < 0) {
std::cerr << "Accept failed" << std::endl;
continue;
}
char client_ip[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &(client_addr.sin_addr), client_ip, INET_ADDRSTRLEN);
std::cout << "New connection from " << client_ip << std::endl;
// Create a new SSL object for this connection
SSL *ssl = SSL_new(ctx);
if (ssl == NULL) {
std::cerr << "SSL_new failed" << std::endl;
ERR_print_errors_fp(stderr);
close(client_socket);
continue;
}
// Associate the socket with SSL
if (SSL_set_fd(ssl, client_socket) != 1) {
std::cerr << "SSL_set_fd failed" << std::endl;
ERR_print_errors_fp(stderr);
SSL_free(ssl);
close(client_socket);
continue;
}
// Accept the TLS connection
if (SSL_accept(ssl) != 1) {
std::cerr << "TLS handshake failed: " << SSL_get_error(ssl, 0)
<< std::endl;
ERR_print_errors_fp(stderr);
SSL_free(ssl);
close(client_socket);
continue;
}
// Add client to the list
std::lock_guard<std::mutex> lock(clients_mutex);
clients.push_back({ssl, client_socket});
// Create a thread to handle this client
std::thread(handle_client, ssl, client_socket).detach();
std::cout << "Client connected and secured with TLS 1.3" << std::endl;
}
// Clean up resources
close(server_fd);
SSL_CTX_free(ctx);
EVP_cleanup();
return 0;
}
Reference in New Issue View Git Blame Copy Permalink