PoliEcho/quantum_entanglement
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved to wolfssl insted

Browse Source
This commit is contained in:
PoliEcho 2025-05-31 19:59:21 +02:00
parent a4b6a22868
commit ce9e9d0f3a
10 changed files with 179 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -1,8 +1,8 @@
# Compiler and flags # Compiler and flags
CPPC = g++ CPPC = g++
CPPC_FLAGS = -std=c++23 -s -O3 -lssl -lcrypto -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed CPPC_FLAGS = -std=c++23 -s -O3 -lwolfssl -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed
DEBUG_FLAGS = -ggdb -std=c++23 -lssl -lcrypto -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed DEBUG_FLAGS = -ggdb -std=c++23 -lwolfssl -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed
DEBUG_ASANITIZE = -fsanitize=address -ggdb -fno-omit-frame-pointer -std=c++23 -lssl -lcrypto -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed DEBUG_ASANITIZE = -fsanitize=address -ggdb -fno-omit-frame-pointer -std=c++23 -lwolfssl -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -fPIE -pie -Wall -Wextra -Wformat -Wformat=2 -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,--as-needed
SRC_PATH_CLIENT := src/client SRC_PATH_CLIENT := src/client

17
misc/gen_no_PQC.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# generate_certs.sh
# Requires oqsprovider installed (dnf install oqsprovider)
# Generate CA
openssl genpkey -algorithm ed25519 -out ca.key
openssl req -x509 -new -key ca.key -out ca.crt -subj "/CN=IF CA"
# Generate server cert
openssl genpkey -algorithm ed25519 -out server.key
openssl req -new -key server.key -out server.csr -subj "/CN=IF Server"
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
# Generate client cert
openssl genpkey -algorithm ed25519 -out client.key
openssl req -new -key client.key -out client.csr -subj "/CN=IF Client"
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

38
src/client/main.cpp
View File

@ -2,14 +2,18 @@
#include "../common/const.h" #include "../common/const.h"
#include "../common/global.h" #include "../common/global.h"
#include "../common/tls.h" #include "../common/tls.h"
#include <arpa/inet.h> #include <arpa/inet.h>
#include <csignal> #include <csignal>
#include <cstring>
#include <iostream> #include <iostream>
#include <openssl/err.h> #include <netinet/in.h>
#include <openssl/ssl.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <unistd.h> #include <unistd.h>
SSL_CTX *ctx; #include <wolfssl/options.h>
#include <wolfssl/ssl.h>
WOLFSSL_CTX *ctx;
int sockfd; int sockfd;
int main() { int main() {
@ -20,12 +24,18 @@ int main() {
// error signal handlers // error signal handlers
signal(SIGSEGV, safe_exit); signal(SIGSEGV, safe_exit);
// Initialize wolfSSL library
wolfSSL_Init();
ctx = create_context(false); ctx = create_context(false);
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) { if (sockfd < 0) {
std::cerr << "Socket creation failed: " << strerror(errno) << std::endl; std::cerr << "Socket creation failed: " << strerror(errno) << std::endl;
return 1; return 1;
} }
std::cout << "Socket created successfully (fd: " << sockfd << ")" std::cout << "Socket created successfully (fd: " << sockfd << ")"
<< std::endl; << std::endl;
@ -39,23 +49,25 @@ int main() {
return 1; return 1;
} }
SSL *ssl = SSL_new(ctx); WOLFSSL *ssl = wolfSSL_new(ctx);
SSL_set_fd(ssl, sockfd); wolfSSL_set_fd(ssl, sockfd);
int result = SSL_connect(ssl);
if (result != 1) { int result = wolfSSL_connect(ssl);
int ssl_error = SSL_get_error(ssl, result); if (result != WOLFSSL_SUCCESS) {
std::cerr << "SSL_connect failed with error code: " << ssl_error int ssl_error = wolfSSL_get_error(ssl, result);
std::cerr << "wolfSSL_connect failed with error code: " << ssl_error
<< std::endl; << std::endl;
ERR_print_errors_fp(stderr);
return 1; return 1;
} }
std::cout << "SSL connection established successfully" << std::endl; std::cout << "SSL connection established successfully" << std::endl;
handle_connection(ssl); handle_connection(ssl);
SSL_shutdown(ssl); wolfSSL_shutdown(ssl);
SSL_free(ssl); wolfSSL_free(ssl);
close(sockfd); close(sockfd);
SSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
return 0; return 0;
} }

13
src/common/cleanup.cpp
View File

@ -1,7 +1,10 @@
#include "global.h" #include "global.h"
#include <csignal> #include <csignal>
#include <iostream> #include <iostream>
#include <openssl/ssl.h> #include <unistd.h>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
void safe_exit(int code) { void safe_exit(int code) {
switch (code) { switch (code) {
case SIGTERM: case SIGTERM:
@ -16,16 +19,16 @@ void safe_exit(int code) {
case SIGHUP: case SIGHUP:
std::cerr << "\nreceived SIGHUP exiting...\n"; std::cerr << "\nreceived SIGHUP exiting...\n";
break; break;
case SIGSEGV: case SIGSEGV:
std::cerr << "\nreceived SIGSEGV(segmentation fault) exiting...\nIf this " std::cerr << "\nreceived SIGSEGV(segmentation fault) exiting...\nIf this "
"repeats please report it as a bug\n"; "repeats please report it as a bug\n";
break; break;
default: default:
break; break;
} }
SSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
close(sockfd); close(sockfd);
exit(code); exit(code);
} }

6
src/common/global.h
View File

@ -1,6 +1,8 @@
#include <openssl/crypto.h>
#ifndef _IF_GLOBAL_HG_ #ifndef _IF_GLOBAL_HG_
#define _IF_GLOBAL_HG_ #define _IF_GLOBAL_HG_
extern SSL_CTX *ctx; #include <wolfssl/options.h>
#include <wolfssl/ssl.h>
extern WOLFSSL_CTX *ctx;
extern int sockfd; extern int sockfd;
#endif #endif

105
src/common/tls.cpp
View File

@ -1,59 +1,75 @@
#include "const.h" #include "const.h"
#include <iostream> #include <iostream>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <string> #include <string>
#include <thread> #include <thread>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
SSL_CTX *create_context(bool is_server) { WOLFSSL_CTX *create_context(bool is_server) {
const SSL_METHOD *method = WOLFSSL_METHOD *method =
is_server ? TLS_server_method() : TLS_client_method(); is_server ? wolfTLSv1_3_server_method() : wolfTLSv1_3_client_method();
SSL_CTX *ctx = SSL_CTX_new(method);
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
if (is_server) { WOLFSSL_CTX *ctx = wolfSSL_CTX_new(method);
SSL_CTX_use_certificate_file(ctx, CERTS_DIR "server.crt", SSL_FILETYPE_PEM); if (ctx == NULL) {
SSL_CTX_use_PrivateKey_file(ctx, CERTS_DIR "server.key", SSL_FILETYPE_PEM); std::cerr << "Failed to create wolfSSL context" << std::endl;
} else { return nullptr;
SSL_CTX_use_certificate_file(ctx, CERTS_DIR "client.crt", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, CERTS_DIR "client.key", SSL_FILETYPE_PEM);
} }
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, nullptr); // Set minimum protocol version to TLS 1.3
SSL_CTX_load_verify_locations(ctx, CERTS_DIR "ca.crt", nullptr); wolfSSL_CTX_set_min_proto_version(ctx, WOLFSSL_TLSV1_3);
if (is_server) {
if (wolfSSL_CTX_use_certificate_file(ctx, CERTS_DIR "server.crt",
WOLFSSL_FILETYPE_PEM) !=
WOLFSSL_SUCCESS) {
std::cerr << "Failed to load server certificate" << std::endl;
wolfSSL_CTX_free(ctx);
return nullptr;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, CERTS_DIR "server.key",
WOLFSSL_FILETYPE_PEM) !=
WOLFSSL_SUCCESS) {
unsigned long err = wolfSSL_ERR_get_error();
char err_buf[256];
wolfSSL_ERR_error_string(err, err_buf);
std::cerr << "Failed to load server private key" << std::endl;
std::cerr << "Error code: " << err << std::endl;
std::cerr << "Error description: " << err_buf << std::endl;
wolfSSL_CTX_free(ctx);
return nullptr;
}
} else {
if (wolfSSL_CTX_use_certificate_file(ctx, CERTS_DIR "client.crt",
WOLFSSL_FILETYPE_PEM) !=
WOLFSSL_SUCCESS) {
std::cerr << "Failed to load client certificate" << std::endl;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, CERTS_DIR "client.key",
WOLFSSL_FILETYPE_PEM) !=
WOLFSSL_SUCCESS) {
std::cerr << "Failed to load client private key" << std::endl;
}
}
// Enable peer verification
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, nullptr);
if (wolfSSL_CTX_load_verify_locations(ctx, CERTS_DIR "ca.crt", nullptr) !=
WOLFSSL_SUCCESS) {
std::cerr << "Failed to load CA certificate" << std::endl;
}
return ctx; return ctx;
} }
void handle_connection(SSL *ssl) { void handle_connection(WOLFSSL *ssl) {
char buf[1024]; char buf[1024];
std::cout << "Starting connection handler for SSL session" << std::endl; std::cout << "Starting connection handler for wolfSSL session" << std::endl;
std::thread send_thread([ssl]() {
while (true) {
std::string msg;
std::cout << "Enter message: ";
std::getline(std::cin, msg);
if (msg == "quit") {
std::cout << "Terminating send thread" << std::endl;
break;
}
int bytes_sent = SSL_write(ssl, msg.c_str(), msg.size());
if (bytes_sent <= 0) {
int ssl_error = SSL_get_error(ssl, bytes_sent);
std::cerr << "SSL_write failed with error: " << ssl_error << std::endl;
ERR_print_errors_fp(stderr);
break;
}
std::cout << "Sent " << bytes_sent << " bytes to server" << std::endl;
}
});
while (true) { while (true) {
int bytes = SSL_read(ssl, buf, sizeof(buf) - 1); int bytes = wolfSSL_read(ssl, buf, sizeof(buf) - 1);
if (bytes > 0) { if (bytes > 0) {
buf[bytes] = '\0'; buf[bytes] = '\0';
std::cout << "Received " << bytes << " bytes from server: " << buf std::cout << "Received " << bytes << " bytes from server: " << buf
@ -62,13 +78,10 @@ void handle_connection(SSL *ssl) {
std::cout << "Connection closed by peer" << std::endl; std::cout << "Connection closed by peer" << std::endl;
break; break;
} else { } else {
int ssl_error = SSL_get_error(ssl, bytes); int ssl_error = wolfSSL_get_error(ssl, bytes);
std::cerr << "SSL_read failed with error: " << ssl_error << std::endl; std::cerr << "wolfSSL_read failed with error: " << ssl_error << std::endl;
ERR_print_errors_fp(stderr);
break; break;
} }
} }
std::clog << "joining treads";
send_thread.join();
std::cout << "Connection handler finished" << std::endl; std::cout << "Connection handler finished" << std::endl;
} }

8
src/common/tls.h
View File

@ -1,7 +1,7 @@
#include <openssl/ssl.h>
#ifndef _IF_TLS_HG_ #ifndef _IF_TLS_HG_
#define _IF_TLS_HG_ #define _IF_TLS_HG_
SSL_CTX *create_context(bool is_server); #include <wolfssl/options.h>
void handle_connection(SSL *ssl); #include <wolfssl/ssl.h>
WOLFSSL_CTX *create_context(bool is_server);
void handle_connection(WOLFSSL *ssl);
#endif #endif

32
src/server/capture.cpp
View File

@ -1,5 +1,7 @@
#include "../common/cleanup.h"
#include "../common/const.h"
#include <arpa/inet.h> #include <arpa/inet.h>
#include <cerrno>
#include <cstring> #include <cstring>
#include <ifaddrs.h> #include <ifaddrs.h>
#include <iostream> #include <iostream>
@ -11,10 +13,22 @@
#include <string> #include <string>
#include <sys/socket.h> #include <sys/socket.h>
#include <unistd.h> #include <unistd.h>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
// this is max size standard Ipv4/6 packet can be // this is max size standard Ipv4/6 packet can be plus 1 for message type
// what in understand in practise it is much lower around 1500 bytes // what in understand in practise it is much lower around 1500 bytes
#define IP_PACKET_BUFFER_SIZE 65536 #define IP_PACKET_BUFFER_SIZE 65536 + 1
void process_incoming_ip_packet(unsigned char *buffer, int packet_size,
WOLFSSL *ssl) {
buffer[0] = IP_PACKET_TYPE; // Set message type
int bytes_sent = wolfSSL_write(ssl, buffer, IP_PACKET_BUFFER_SIZE);
if (bytes_sent <= 0) {
int ssl_error = wolfSSL_get_error(ssl, bytes_sent);
std::cerr << "wolfSSL_write failed with error: " << ssl_error << std::endl;
}
}
int get_interface_index(const char *interface_name) { int get_interface_index(const char *interface_name) {
struct ifaddrs *ifaddr, *ifa; struct ifaddrs *ifaddr, *ifa;
@ -38,7 +52,7 @@ int get_interface_index(const char *interface_name) {
return interface_index; return interface_index;
} }
int listen_for_ip_packets(const std::string interface_name) { int listen_for_ip_packets(const std::string interface_name, WOLFSSL *ssl) {
int raw_ip_scoketfd; int raw_ip_scoketfd;
unsigned char buffer[IP_PACKET_BUFFER_SIZE]; unsigned char buffer[IP_PACKET_BUFFER_SIZE];
@ -50,7 +64,7 @@ int listen_for_ip_packets(const std::string interface_name) {
if (raw_ip_scoketfd < 0) { if (raw_ip_scoketfd < 0) {
perror("Failed to create raw socket"); perror("Failed to create raw socket");
std::cerr << "Make sure you're running as root!" << std::endl; std::cerr << "Make sure you're running as root!" << std::endl;
return 1; safe_exit(EACCES);
} }
// Get interface index // Get interface index
@ -78,8 +92,10 @@ int listen_for_ip_packets(const std::string interface_name) {
// Main packet capture loop // Main packet capture loop
while (true) { while (true) {
int packet_size = recvfrom(raw_ip_scoketfd, buffer, IP_PACKET_BUFFER_SIZE, // read and leave first byte for message type
0, (struct sockaddr *)&saddr, &saddr_len); int packet_size =
recvfrom(raw_ip_scoketfd, buffer + 1, IP_PACKET_BUFFER_SIZE - 1, 0,
(struct sockaddr *)&saddr, &saddr_len);
if (packet_size < 0) { if (packet_size < 0) {
perror("Error receiving packet"); perror("Error receiving packet");
@ -88,7 +104,7 @@ int listen_for_ip_packets(const std::string interface_name) {
// Only process IP packets (skip non-IP traffic) // Only process IP packets (skip non-IP traffic)
if (packet_size >= sizeof(struct ethhdr) + sizeof(struct iphdr)) { if (packet_size >= sizeof(struct ethhdr) + sizeof(struct iphdr)) {
process_packet(buffer, packet_size); process_incoming_ip_packet(buffer, packet_size, ssl);
} }
} }

8
src/server/capture.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef CAPTURE_H
#define CAPTURE_H
#include <string>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
int listen_for_ip_packets(const std::string interface_name, WOLFSSL *ssl);
#endif

38
src/server/main.cpp
View File

@ -2,14 +2,17 @@
#include "../common/const.h" #include "../common/const.h"
#include "../common/global.h" #include "../common/global.h"
#include "../common/tls.h" #include "../common/tls.h"
#include <arpa/inet.h>
#include <csignal> #include <csignal>
#include <cstring>
#include <iostream> #include <iostream>
#include <openssl/err.h> #include <netinet/in.h>
#include <openssl/ssl.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <unistd.h> #include <unistd.h>
SSL_CTX *ctx; #include <wolfssl/options.h>
#include <wolfssl/ssl.h>
WOLFSSL_CTX *ctx;
int sockfd; int sockfd;
int main() { int main() {
@ -21,12 +24,17 @@ int main() {
// error signal handlers // error signal handlers
signal(SIGSEGV, safe_exit); signal(SIGSEGV, safe_exit);
// Initialize wolfSSL library
wolfSSL_Init();
ctx = create_context(true); ctx = create_context(true);
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) { if (sockfd < 0) {
std::cerr << "Socket creation failed: " << strerror(errno) << std::endl; std::cerr << "Socket creation failed: " << strerror(errno) << std::endl;
return 1; return 1;
} }
std::cout << "Socket created successfully (fd: " << sockfd << ")" std::cout << "Socket created successfully (fd: " << sockfd << ")"
<< std::endl; << std::endl;
@ -39,25 +47,33 @@ int main() {
std::cerr << "Bind failed: " << strerror(errno) << std::endl; std::cerr << "Bind failed: " << strerror(errno) << std::endl;
return 1; return 1;
} }
listen(sockfd, 5);
listen(sockfd, 1);
while (true) { while (true) {
sockaddr_in client_addr{}; sockaddr_in client_addr{};
socklen_t len = sizeof(client_addr); socklen_t len = sizeof(client_addr);
int client_fd = accept(sockfd, (sockaddr *)&client_addr, &len); int client_fd = accept(sockfd, (sockaddr *)&client_addr, &len);
SSL *ssl = SSL_new(ctx); WOLFSSL *ssl = wolfSSL_new(ctx);
SSL_set_fd(ssl, client_fd); wolfSSL_set_fd(ssl, client_fd);
SSL_accept(ssl);
if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
std::cerr << "wolfSSL_accept failed" << std::endl;
wolfSSL_free(ssl);
close(client_fd);
continue;
}
handle_connection(ssl); handle_connection(ssl);
SSL_shutdown(ssl); wolfSSL_shutdown(ssl);
SSL_free(ssl); wolfSSL_free(ssl);
close(client_fd); close(client_fd);
} }
SSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
close(sockfd); close(sockfd);
return 0; return 0;
} }