├── extras ├── dynamicSSA │ ├── .gitignore │ ├── tests │ │ ├── wget │ │ ├── lighttpd │ │ ├── lighttpd.conf │ │ └── test.sh │ ├── Makefile │ ├── lighttpd.conf │ └── hashmap.h ├── sslsplit │ ├── firewallOn.sh │ ├── start.sh │ ├── README.md │ ├── ca.crt │ └── ca.key ├── Makefile ├── addons.c └── test.c ├── test_files ├── cert_gen │ ├── signed_certs │ │ ├── serial.txt │ │ ├── serial.txt.old │ │ ├── index.txt.attr │ │ ├── index.txt.attr.old │ │ ├── index.txt.old │ │ └── index.txt │ ├── .gitignore │ ├── combine_personal_pkcs12.sh │ ├── make_personal_csr.sh │ ├── make_signed_cert.sh │ ├── make_ca_cert.sh │ ├── csr_client │ │ ├── Makefile │ │ └── openssl_hostname_validation.h │ ├── openssl-client.cnf │ └── openssl-ca.cnf ├── webserver-event │ ├── www │ │ ├── myfile.txt │ │ ├── byu-y.gif │ │ ├── beehive.png │ │ ├── byu-logo.jpg │ │ ├── I-Have-A-Dream.pdf │ │ └── index.html │ ├── www2 │ │ ├── ajax.php │ │ ├── get_example.php │ │ ├── post_example.php │ │ └── index.html │ ├── utils.h │ ├── www4 │ │ ├── logo.png │ │ ├── cart2.png │ │ ├── favicon.ico │ │ ├── popup-box │ │ │ ├── 1.png │ │ │ ├── .index.html.swp │ │ │ └── index.html │ │ ├── checkout │ │ │ ├── check.png │ │ │ ├── check5.png │ │ │ └── check6.png │ │ ├── visa_checkout.png │ │ ├── securely_checkout.png │ │ ├── new-checkout │ │ │ └── check5.png │ │ ├── securely_checkout_2.png │ │ ├── shoes │ │ │ ├── Commanders │ │ │ │ ├── elham.jpg │ │ │ │ ├── mark.jpg │ │ │ │ ├── mason.jpg │ │ │ │ ├── zappala.jpg │ │ │ │ ├── benjamin.jpg │ │ │ │ └── torstein.jpg │ │ │ ├── Boots │ │ │ │ ├── 099502_6_1400x1400.jpg │ │ │ │ ├── 148766_6_1400x1400.jpg │ │ │ │ ├── 150095_6_1400x1400.jpg │ │ │ │ ├── 161025_6_1400x1400.jpg │ │ │ │ ├── 170937_6_1400x1400.jpg │ │ │ │ └── 173272_6_1400x1400.jpg │ │ │ ├── Dress │ │ │ │ ├── 160016_6_1400x1400.jpg │ │ │ │ ├── 163233_6_1400x1400.jpg │ │ │ │ ├── 174329_6_1400x1400.jpg │ │ │ │ ├── 174655_6_1400x1400.jpg │ │ │ │ ├── 175553_6_1400x1400.jpg │ │ │ │ └── 176337_6_1400x1400.jpg │ │ │ ├── Sandals │ │ │ │ ├── 151016_6_1400x1400.jpg │ │ │ │ ├── 160108_6_1400x1400.jpg │ │ │ │ ├── 162920_6_1400x1400.jpg │ │ │ │ ├── 174403_6_1400x1400.jpg │ │ │ │ ├── 175000_6_1400x1400.jpg │ │ │ │ └── 175039_6_1400x1400.jpg │ │ │ ├── Slippers │ │ │ │ ├── 088611_6_1400x1400.jpg │ │ │ │ ├── 098914_6_1400x1400.jpg │ │ │ │ ├── 171468_6_1400x1400.jpg │ │ │ │ ├── 171987_6_1400x1400.jpg │ │ │ │ ├── 172670_6_1400x1400.jpg │ │ │ │ └── 172878_6_1400x1400.jpg │ │ │ └── Sneakers │ │ │ │ ├── 159956_6_1400x1400.jpg │ │ │ │ ├── 169347_6_1400x1400.jpg │ │ │ │ ├── 170688_6_1400x1400.jpg │ │ │ │ ├── 171473_6_1400x1400.jpg │ │ │ │ ├── 174117_6_1400x1400.jpg │ │ │ │ └── 176367_6_1400x1400.jpg │ │ ├── account │ │ │ └── securely_compact_transparent_icon.png │ │ ├── footer.php │ │ ├── purchase │ │ │ └── index.php │ │ ├── login │ │ │ └── index.php │ │ └── header.php │ ├── utils.c │ ├── http.conf │ ├── Makefile │ ├── http_server.h │ ├── config.h │ ├── client.h │ ├── main.c │ └── config.c ├── webserver-eventSSL │ ├── www │ │ ├── myfile.txt │ │ ├── byu-y.gif │ │ ├── beehive.png │ │ ├── byu-logo.jpg │ │ ├── I-Have-A-Dream.pdf │ │ └── index.html │ ├── www2 │ │ ├── ajax.php │ │ ├── get_example.php │ │ ├── post_example.php │ │ └── index.html │ ├── server │ ├── utils.h │ ├── http.conf │ ├── utils.c │ ├── Makefile │ ├── http_server.h │ ├── config.h │ ├── client.h │ ├── main.c │ └── config.c ├── https_server │ ├── Makefile │ └── https_server.c ├── client_auth_client │ └── Makefile ├── session_test │ └── Makefile ├── combined_personal.pfx ├── simple_test │ ├── Makefile │ └── https_client.c ├── https_client │ ├── Makefile │ ├── test.sh │ ├── https_client.c │ └── graph.py ├── android_io │ └── TestAuth.java ├── manual_tests │ ├── Makefile │ ├── keys │ │ ├── certificate_b.pem │ │ ├── key_a.pem │ │ ├── key_b.pem │ │ └── certificate_a.pem │ ├── echo_server.c │ └── https_client.c ├── openssl_mod_tests │ ├── Makefile │ ├── client_key.key │ └── client_pub.pem ├── certificate_b.pem ├── key_a.pem ├── key_b.pem ├── key_personal.pem ├── certificate_a.pem ├── certificate_visa_ca.pem ├── certificate_ca.pem ├── key_ca.pem └── combined_personal.pem ├── tls_wrapper ├── examples ├── example_server │ ├── Makefile │ └── https_server.c └── example_client │ ├── Makefile │ └── example_client.c ├── docs ├── developer-documentation │ └── diagrams │ │ ├── step1.png │ │ ├── step11.png │ │ ├── step12.png │ │ ├── step14.png │ │ ├── step15.png │ │ ├── step2.png │ │ ├── step3.png │ │ ├── step8.png │ │ ├── step9.png │ │ ├── socketsWithSSA.png │ │ ├── socketsWithoutSSA.png │ │ └── SSA Sequence Diagrams - Entry Points.pdf └── install-documentation.md ├── self_sign.h ├── csr_daemon.h ├── tb_connector.h ├── qrdisplay ├── Makefile ├── insecure.svg └── secured.svg ├── issue_cert.h ├── removeClientAuth.sh ├── .gitignore ├── notification.h ├── config.h ├── in_tls.h ├── install_packages.sh ├── tb_communications.h ├── nsd.h ├── ssa.conf ├── rfcomm_server.c ├── queue.h ├── ssa.cfg ├── hashmap.h ├── hashmap_str.h ├── auth_daemon.h ├── netlink.h ├── log.h ├── rfcomm_client.c ├── notification.c ├── openssl_compat.h ├── daemon.h ├── queue.c ├── README.md ├── self_sign.c └── Makefile /extras/dynamicSSA/.gitignore: -------------------------------------------------------------------------------- 1 | dynamicSSA.so 2 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/serial.txt: -------------------------------------------------------------------------------- 1 | 0B 2 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/serial.txt.old: -------------------------------------------------------------------------------- 1 | 0A 2 | -------------------------------------------------------------------------------- /test_files/cert_gen/.gitignore: -------------------------------------------------------------------------------- 1 | index.txt* 2 | serial.txt* 3 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /extras/sslsplit/firewallOn.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | systemctl start firewalld 3 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/index.txt.attr.old: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /test_files/webserver-event/www/myfile.txt: -------------------------------------------------------------------------------- 1 | Hello World! How art thou? 2 | 3 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/myfile.txt: -------------------------------------------------------------------------------- 1 | Hello World! How art thou? 2 | 3 | -------------------------------------------------------------------------------- /tls_wrapper: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/tls_wrapper -------------------------------------------------------------------------------- /examples/example_server/Makefile: -------------------------------------------------------------------------------- 1 | normal: 2 | gcc -o example_server example_server.c 3 | -------------------------------------------------------------------------------- /test_files/https_server/Makefile: -------------------------------------------------------------------------------- 1 | normal: 2 | gcc -o https_server https_server.c 3 | -------------------------------------------------------------------------------- /examples/example_client/Makefile: -------------------------------------------------------------------------------- 1 | 2 | normal: 3 | gcc -o example_client example_client.c 4 | -------------------------------------------------------------------------------- /test_files/client_auth_client/Makefile: -------------------------------------------------------------------------------- 1 | normal: 2 | gcc -g -w -Wall -o client client.c 3 | -------------------------------------------------------------------------------- /test_files/webserver-event/www2/ajax.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www2/ajax.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | -------------------------------------------------------------------------------- /extras/dynamicSSA/tests/wget: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/extras/dynamicSSA/tests/wget -------------------------------------------------------------------------------- /test_files/session_test/Makefile: -------------------------------------------------------------------------------- 1 | normal: 2 | gcc -o https_client https_client.c -lssl -lcrypto 3 | clean: 4 | -------------------------------------------------------------------------------- /extras/dynamicSSA/tests/lighttpd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/extras/dynamicSSA/tests/lighttpd -------------------------------------------------------------------------------- /test_files/combined_personal.pfx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/combined_personal.pfx -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-eventSSL/server -------------------------------------------------------------------------------- /test_files/webserver-event/utils.h: -------------------------------------------------------------------------------- 1 | #ifndef UTILS_H 2 | #define UTILS_H 3 | 4 | int printfv(const char* format, ...); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /test_files/webserver-event/www/byu-y.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www/byu-y.gif -------------------------------------------------------------------------------- /test_files/webserver-event/www4/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/logo.png -------------------------------------------------------------------------------- /test_files/webserver-event/www/beehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www/beehive.png -------------------------------------------------------------------------------- /test_files/webserver-event/www/byu-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www/byu-logo.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/cart2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/cart2.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/favicon.ico -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/utils.h: -------------------------------------------------------------------------------- 1 | #ifndef UTILS_H 2 | #define UTILS_H 3 | 4 | int printfv(const char* format, ...); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/byu-y.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-eventSSL/www/byu-y.gif -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/beehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-eventSSL/www/beehive.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step1.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step11.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step12.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step14.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step15.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step2.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step3.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step8.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/step9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/step9.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/popup-box/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/popup-box/1.png -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/byu-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-eventSSL/www/byu-logo.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www/I-Have-A-Dream.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www/I-Have-A-Dream.pdf -------------------------------------------------------------------------------- /test_files/webserver-event/www4/checkout/check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/checkout/check.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/visa_checkout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/visa_checkout.png -------------------------------------------------------------------------------- /test_files/cert_gen/combine_personal_pkcs12.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | openssl pkcs12 -export -out ../combined_personal.pfx -inkey personal.key -in personal.crt 4 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/checkout/check5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/checkout/check5.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/checkout/check6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/checkout/check6.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/securely_checkout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/securely_checkout.png -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/I-Have-A-Dream.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-eventSSL/www/I-Have-A-Dream.pdf -------------------------------------------------------------------------------- /test_files/webserver-event/www4/new-checkout/check5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/new-checkout/check5.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/securely_checkout_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/securely_checkout_2.png -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/socketsWithSSA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/socketsWithSSA.png -------------------------------------------------------------------------------- /test_files/cert_gen/make_personal_csr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | openssl req -config openssl-client.cnf -newkey rsa:2048 -sha256 -nodes -out client_cert.csr -outform PEM 4 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/popup-box/.index.html.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/popup-box/.index.html.swp -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/elham.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/elham.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/mark.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/mark.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/mason.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/mason.jpg -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/socketsWithoutSSA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/socketsWithoutSSA.png -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/zappala.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/zappala.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/benjamin.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/benjamin.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Commanders/torstein.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Commanders/torstein.jpg -------------------------------------------------------------------------------- /test_files/cert_gen/make_signed_cert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out personal.crt -infiles client_cert.csr 4 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/099502_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/099502_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/148766_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/148766_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/150095_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/150095_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/161025_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/161025_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/170937_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/170937_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Boots/173272_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Boots/173272_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/160016_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/160016_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/163233_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/163233_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/174329_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/174329_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/174655_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/174655_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/175553_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/175553_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Dress/176337_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Dress/176337_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/151016_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/151016_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/160108_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/160108_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/162920_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/162920_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/174403_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/174403_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/175000_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/175000_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sandals/175039_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sandals/175039_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/088611_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/088611_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/098914_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/098914_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/171468_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/171468_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/171987_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/171987_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/172670_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/172670_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Slippers/172878_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Slippers/172878_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/159956_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/159956_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/169347_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/169347_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/170688_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/170688_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/171473_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/171473_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/174117_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/174117_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/webserver-event/www4/shoes/Sneakers/176367_6_1400x1400.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/shoes/Sneakers/176367_6_1400x1400.jpg -------------------------------------------------------------------------------- /test_files/simple_test/Makefile: -------------------------------------------------------------------------------- 1 | TARGET=https_client 2 | 3 | normal: 4 | gcc -o $(TARGET) https_client.c 5 | epoll: 6 | gcc -o epoll_client epoll_client.c 7 | 8 | clean : 9 | rm $(TARGET) 10 | -------------------------------------------------------------------------------- /docs/developer-documentation/diagrams/SSA Sequence Diagrams - Entry Points.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/docs/developer-documentation/diagrams/SSA Sequence Diagrams - Entry Points.pdf -------------------------------------------------------------------------------- /test_files/webserver-event/www4/account/securely_compact_transparent_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/markoneill/ssa-daemon/HEAD/test_files/webserver-event/www4/account/securely_compact_transparent_icon.png -------------------------------------------------------------------------------- /self_sign.h: -------------------------------------------------------------------------------- 1 | #ifndef SELF_SIGN_H 2 | #define SELF_SIGN_H 3 | 4 | int generate_rsa_key(EVP_PKEY** key_out, int bits); 5 | X509* generate_self_signed_certificate(EVP_PKEY* key, int serial, int days); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /test_files/cert_gen/make_ca_cert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | openssl req -x509 -config openssl-ca.cnf -newkey rsa:4096 -sha256 -days 1024 -nodes -out ca.crt -outform PEM 4 | openssl x509 -purpose -in ca.crt -inform PEM 5 | -------------------------------------------------------------------------------- /test_files/https_client/Makefile: -------------------------------------------------------------------------------- 1 | 2 | normal: 3 | gcc -o https_client https_client.c 4 | 5 | threaded: 6 | gcc -g -Wall -pthread -pg -o threaded_https_client threaded_client.c -lcrypto -lssl 7 | 8 | clean_gprof: 9 | rm gmon.out 10 | rm analysis.txt 11 | -------------------------------------------------------------------------------- /extras/dynamicSSA/Makefile: -------------------------------------------------------------------------------- 1 | CC=gcc 2 | CFLAGS= -shared -fPIC 3 | LIBS= -ldl 4 | SOURCES = $(wildcard *.c) 5 | OBJECTS = $(SOURCES:.c=.o) 6 | DEPS = hashmap.c hashmap.h 7 | 8 | dynamicSSA: dynamicSSA.c 9 | $(CC) $(CFLAGS) dynamicSSA.c $(DEPS) -o dynamicSSA.so $(LIBS) 10 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/http.conf: -------------------------------------------------------------------------------- 1 | host localhost www 2 | host 127.0.0.1 www2 3 | host ilab1.cs.byu.edu www 4 | host 192.168.21.101 www 5 | 6 | media txt text/plain 7 | media html text/html 8 | media jpg image/jpeg 9 | media gif image/gif 10 | media png image/png 11 | media pdf application/pdf 12 | -------------------------------------------------------------------------------- /csr_daemon.h: -------------------------------------------------------------------------------- 1 | #ifndef CSR_DAEMON_H 2 | #define CSR_DAEMON_H 3 | 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | 11 | #include "hashmap.h" 12 | #include "queue.h" 13 | 14 | 15 | 16 | int csr_server_create(int port); 17 | 18 | #endif /*CSR_DAEMON_H*/ 19 | -------------------------------------------------------------------------------- /test_files/android_io/TestAuth.java: -------------------------------------------------------------------------------- 1 | public class TestAuth { 2 | public static void main(String[] args) { 3 | Authenticator auth = new Authenticator(); 4 | if (!auth.connect("localhost", 6666)) { 5 | System.out.println("Could not connect to host"); 6 | return; 7 | } 8 | auth.serve(); 9 | //auth.disconnect(); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /test_files/manual_tests/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CCFLAGS = -Wall -g 3 | TARGET=https_client 4 | 5 | all: https_client echo_server 6 | 7 | echo_server: echo_server.c 8 | $(CC) $(CCFLAGS) -o echo_server echo_server.c 9 | 10 | https_client: https_client.c 11 | $(CC) $(CCFLAGS) -o $(TARGET) https_client.c 12 | 13 | clean : 14 | rm $(TARGET) 15 | -------------------------------------------------------------------------------- /extras/sslsplit/start.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | PORT=8020 3 | if [[ $EUID -ne 0 ]]; then 4 | echo "This script must be run as root" 5 | exit 1 6 | fi 7 | 8 | systemctl stop firewalld 9 | iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:$PORT -m owner --uid-owner 1000 10 | ./sslsplit -D -k ca.key -c ca.crt ssl 0.0.0.0 $PORT 11 | -------------------------------------------------------------------------------- /test_files/webserver-event/utils.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int verbose_flag; 5 | 6 | int printfv(const char* format, ...) { 7 | if (!verbose_flag) { 8 | return 0; 9 | } 10 | 11 | int ret; 12 | va_list args; 13 | va_start(args, format); 14 | ret = vprintf(format, args); 15 | va_end(args); 16 | return ret; 17 | } 18 | 19 | 20 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/utils.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int verbose_flag; 5 | 6 | int printfv(const char* format, ...) { 7 | if (!verbose_flag) { 8 | return 0; 9 | } 10 | 11 | int ret; 12 | va_list args; 13 | va_start(args, format); 14 | ret = vprintf(format, args); 15 | va_end(args); 16 | return ret; 17 | } 18 | 19 | 20 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/footer.php: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 |



14 |
15 |

PayMore is a fictional website run by the Internet Research Laboratory at Brigham Young University.

16 |
17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /test_files/cert_gen/csr_client/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CC_FLAGS = -w -g -Wall 3 | 4 | EXEC = csr_client 5 | SOURCES = $(wildcard *.c) 6 | OBJECTS = $(SOURCES:.c=.o) 7 | LIBS = -lcrypto -lssl 8 | 9 | # Main target 10 | $(EXEC): $(OBJECTS) 11 | $(CC) $(OBJECTS) -o $(EXEC) $(LIBS) 12 | 13 | # To obtain object files 14 | %.o: %.c 15 | $(CC) -c $(CC_FLAGS) $< -o $@ 16 | 17 | # To remove generated files 18 | clean: 19 | rm -f $(EXEC) $(OBJECTS) 20 | -------------------------------------------------------------------------------- /test_files/webserver-event/http.conf: -------------------------------------------------------------------------------- 1 | host localhost www4 2 | host 127.0.0.1 www2 3 | host ilab1.cs.byu.edu www 4 | host 192.168.21.101 www 5 | host openrebellion.com www2 6 | host paymore.com www4 7 | host www.paymore.com www4 8 | host ilab.hax0r.online www4 9 | 10 | media txt text/plain 11 | media html text/html 12 | media jpg image/jpeg 13 | media gif image/gif 14 | media png image/png 15 | media pdf application/pdf 16 | media css text/css 17 | media js application/javascript 18 | media php text/html 19 | -------------------------------------------------------------------------------- /extras/dynamicSSA/lighttpd.conf: -------------------------------------------------------------------------------- 1 | server.document-root = "/srv/http/index.html" 2 | 3 | server.port = 3000 4 | 5 | server.modules += ( 6 | "mod_openssl", 7 | ) 8 | 9 | 10 | mimetype.assign = ( 11 | ".html" => "text/html", 12 | ".txt" => "text/plain", 13 | ".jpg" => "image/jpeg", 14 | ".png" => "image/png" 15 | ) 16 | 17 | $SERVER["socket"] == ":443" { 18 | ssl.engine = "enable" 19 | ssl.pemfile = "/etc/lighttpd/certs/server.pem" 20 | } 21 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CCFLAGS = -Wall -g -lssl -lcrypto 3 | 4 | HTTP_SERVER_SRC = main.c \ 5 | http_server.c \ 6 | client.c \ 7 | config.c \ 8 | utils.c 9 | 10 | HTTP_SERVER_OBJ = $(HTTP_SERVER_SRC:%.c=%.o) 11 | HTTP_SERVER_EXE = server 12 | 13 | all: $(HTTP_SERVER_EXE) 14 | 15 | $(HTTP_SERVER_EXE) : $(HTTP_SERVER_OBJ) 16 | $(CC) $(CCFLAGS) $^ -o $@ $(LIBS) 17 | 18 | %.o : %.c %.h 19 | $(CC) $(CCFLAGS) -c $< -o $@ 20 | 21 | clean: 22 | rm -rf *.o $(HTTP_SERVER_EXE) 23 | -------------------------------------------------------------------------------- /extras/dynamicSSA/tests/lighttpd.conf: -------------------------------------------------------------------------------- 1 | server.document-root = "/srv/http/index.html" 2 | 3 | server.port = 3000 4 | 5 | server.modules += ( 6 | "mod_openssl", 7 | ) 8 | 9 | 10 | mimetype.assign = ( 11 | ".html" => "text/html", 12 | ".txt" => "text/plain", 13 | ".jpg" => "image/jpeg", 14 | ".png" => "image/png" 15 | ) 16 | 17 | $SERVER["socket"] == ":443" { 18 | ssl.engine = "enable" 19 | ssl.pemfile = "/etc/lighttpd/certs/server.pem" 20 | } 21 | -------------------------------------------------------------------------------- /tb_connector.h: -------------------------------------------------------------------------------- 1 | #ifndef NATIVE_NETLINK_H 2 | #define NATIVE_NETLINK_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "tb_communications.h" 9 | 10 | int trustbase_connect(void); 11 | int trustbase_disconnect(void); 12 | int send_query_openssl(uint64_t id, char* host, int port, STACK_OF(X509)* chain); 13 | int send_query(uint64_t id, char* host, int port, unsigned char* chain, int length); 14 | int recv_response(void); 15 | #endif 16 | -------------------------------------------------------------------------------- /test_files/openssl_mod_tests/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CXXFLAGS=-w -Wall 3 | 4 | EXEC = client 5 | SOURCES = $(wildcard *.c) 6 | OBJECTS = $(SOURCES:.c=.o) 7 | INCLUDES = -I../../openssl/include 8 | LIBS = -L../../openssl/lib -lcrypto -lssl -Wl,-rpath -Wl,../../openssl/lib 9 | 10 | all: $(EXEC) 11 | 12 | # Main target 13 | $(EXEC): $(OBJECTS) 14 | $(CC) $(OBJECTS) -o $(EXEC) $(LIBS) 15 | 16 | # To obtain object files 17 | %.o: %.c 18 | $(CC) -c $(CXXFLAGS) $< $(INCLUDES) -o $@ 19 | 20 | # To remove generated files 21 | clean: 22 | rm -f $(EXEC) $(OBJECTS) 23 | -------------------------------------------------------------------------------- /qrdisplay/Makefile: -------------------------------------------------------------------------------- 1 | CFILES=qrPopUp.c 2 | BIN_PATH=bin/ 3 | TARGET=$(BIN_PATH)qrPopUp 4 | DBG_TARGET=$(BIN_PATH)qrPopUpDBG 5 | LFLAGS=`pkg-config --cflags --libs gtk+-3.0` 6 | DBG_CFLAGS= -D_DEBUG -Wall -g 7 | 8 | .PHONY: clean dbg run 9 | 10 | $(TARGET) : $(BIN_PATH) $(CFILES) 11 | $(CC) -o $(TARGET) $(CFILES) $(LFLAGS) 12 | 13 | $(DBG_TARGET) : $(BIN_PATH) $(CFILES) 14 | $(CC) $(DBG_CFLAGS) -o $(DBG_TARGET) $(CFILES) $(LFLAGS) 15 | 16 | $(BIN_PATH) : 17 | @umask 0; mkdir -p "$(BIN_PATH)" 18 | 19 | clean : 20 | @rm -rf "$(BIN_PATH)" 21 | 22 | dbg : $(DBG_TARGET) 23 | 24 | run : $(DEB_TARGET) 25 | ./$(DEB_TARGET) 26 | 27 | -------------------------------------------------------------------------------- /test_files/webserver-event/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CCFLAGS = -Wall -g 3 | CXX_CLIENTAUTH_FLAGS= -DCLIENT_AUTH 4 | 5 | HTTP_SERVER_SRC = main.c \ 6 | http_server.c \ 7 | client.c \ 8 | config.c \ 9 | utils.c 10 | 11 | HTTP_SERVER_OBJ = $(HTTP_SERVER_SRC:%.c=%.o) 12 | HTTP_SERVER_EXE = testShopServer 13 | 14 | all: $(HTTP_SERVER_EXE) 15 | 16 | clientauth: CCFLAGS+=$(CXX_CLIENTAUTH_FLAGS) 17 | clientauth: $(HTTP_SERVER_EXE) 18 | 19 | $(HTTP_SERVER_EXE) : $(HTTP_SERVER_OBJ) 20 | $(CC) $(CCFLAGS) $^ -o $@ $(LIBS) 21 | 22 | %.o : %.c %.h 23 | $(CC) $(CCFLAGS) -c $< -o $@ 24 | 25 | clean: 26 | rm -rf *.o $(HTTP_SERVER_EXE) 27 | -------------------------------------------------------------------------------- /extras/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CXXFLAGS=-w -Wall -fPIC 3 | CXX_DEBUG_FLAGS=-g 4 | CXX_RELEASE_FLAGS=-O3 5 | 6 | SO = addons.so 7 | SOURCES = $(wildcard *.c) 8 | OBJECTS = $(SOURCES:.c=.o) 9 | INCLUDES = 10 | LIBS = -ldl 11 | 12 | .PHONY: all clean 13 | 14 | all: CXXFLAGS+=$(CXX_DEBUG_FLAGS) 15 | all: $(SO) 16 | 17 | release: CXXFLAGS+=$(CXX_RELEASE_FLAGS) 18 | release: $(SO) 19 | 20 | # Main target 21 | $(SO): $(OBJECTS) 22 | $(CC) -shared $(OBJECTS) -o $(SO) $(LIBS) 23 | 24 | # To obtain object files 25 | %.o: %.c 26 | $(CC) -c $(CXXFLAGS) $< $(INCLUDES) -o $@ 27 | 28 | # To remove generated files 29 | clean: 30 | rm -f $(SO) $(OBJECTS) 31 | -------------------------------------------------------------------------------- /extras/dynamicSSA/tests/test.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Hacky script just to run wget and lighttpd with SSA and clean up if needed 4 | # Run with no arguments for wget run with an argument for lighttpd 5 | # You will need to set up the lighttpd config befor running lighttpd 6 | 7 | if [ "$#" -ge 1 ]; then 8 | LD_PRELOAD=$PWD/../dynamicSSA.so ./lighttpd -D -f /etc/lighttpd/lighttpd.conf 9 | else 10 | LD_PRELOAD=$PWD/../dynamicSSA.so ./wget --ca-certificate=/etc/ssl/certs/ca-bundle.crt https://www.google.com 11 | #LD_PRELOAD=$PWD/dynamicSSA.so ./wget --no-check-certificate https://www.google.com 12 | 13 | rm index.html 14 | fi 15 | 16 | 17 | -------------------------------------------------------------------------------- /issue_cert.h: -------------------------------------------------------------------------------- 1 | #ifndef ISSUE_CERT_H 2 | #define ISSUE_CERT_H 3 | 4 | unsigned char* net_encode_cert(X509* cert, int* len); 5 | X509* net_decode_cert(unsigned char* cert_buf,int len); 6 | char *X509_to_PEM(X509 *cert, int* bio_len); 7 | X509 *PEM_to_X509(char *pem); 8 | X509_REQ* get_csr_from_buf(char* buffer); 9 | X509* get_cert_from_file(char* filename); 10 | EVP_PKEY* get_private_key_from_buf(char* buffer); 11 | EVP_PKEY* get_private_key_from_file(char* filename); 12 | X509* issue_certificate(X509_REQ* cert_req, X509* ca_cert, EVP_PKEY* ca_key, 13 | int serial, int days); 14 | int add_ext(X509* cert, int nid, char* value); 15 | 16 | #endif /*ISSUE_CERT_H*/ 17 | -------------------------------------------------------------------------------- /removeClientAuth.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | HOST_FILE=/etc/hosts 3 | DOMAIN_NAME="www.paymore.com paymore.com" 4 | 5 | if [ -z "$1"]; then 6 | echo "hosts will not be reset" 7 | RESET_HOSTS=false 8 | else 9 | RESET_HOSTS=$1 10 | echo "request hosts reset? ${RESET_HOSTS}" 11 | fi 12 | 13 | pkill testShopServer 14 | pkill sslsplit 15 | pkill tls_wrapper 16 | 17 | if [ ${RESET_HOSTS} == "true" ]; then 18 | let count=$(grep -c "\$[0-9.]*[\s]*${DOMAIN_NAME}" $HOST_FILE) 19 | if [ $count > "0" ]; then 20 | echo "removing redirect on ${DOMAIN_NAME}" 21 | sed -i "0,/${DOMAIN_NAME}/ d" $HOST_FILE 22 | fi 23 | fi 24 | 25 | cd ./sslsplit 26 | ./firewallOn.sh > /dev/null & 27 | -------------------------------------------------------------------------------- /extras/sslsplit/README.md: -------------------------------------------------------------------------------- 1 | This is a sslsplit patch that use the SSA for the intercepted connections. 2 | 3 | This patch is dependent on in\_tls.h so sslsplit must be cloned within tlswrap 4 | Their is also an included dummy cert that you will need to install into your root store so that applications accept our fake certs. 5 | 6 | ## Getting started 7 | Start from the tlswrap directory 8 | `git clone https://github.com/droe/sslsplit && cd sslsplit` 9 | `cp ../extras/sslplit/* .` 10 | `git apply 0001-SSA-patch.patch` 11 | `make` 12 | `su root` 13 | `./start.sh` 14 | 15 | When your done you need to turn your firewall back on or you will not have internet access. 16 | `./firewallOn.sh` 17 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/purchase/index.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 |
8 | 9 |
10 | 11 | 12 | 15 | 16 | 17 |
18 | 19 |
20 | 21 | 22 | 23 | 24 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/index.txt.old: -------------------------------------------------------------------------------- 1 | V 180321021156Z 01 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 2 | V 190319204501Z 02 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 3 | V 190409202229Z 03 unknown /C=US/ST=Utah/L=Provo/O=Testing/CN=localhost 4 | V 190409205130Z 04 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 5 | V 190409210355Z 05 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 6 | V 190613002121Z 06 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 7 | V 190629174303Z 07 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 8 | V 190629182333Z 08 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 9 | V 190630173122Z 09 unknown /C=US/ST=Utah/L=Provo/O=BYU/CN=testshop.com 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | */bin/* 33 | *.exe 34 | *.out 35 | *.app 36 | *.i*86 37 | *.x86_64 38 | *.hex 39 | 40 | # Debug files 41 | *.dSYM/ 42 | *.su 43 | *.idb 44 | *.pdb 45 | 46 | # Kernel Module Compile Results 47 | *.mod* 48 | *.cmd 49 | .tmp_versions/ 50 | modules.order 51 | Module.symvers 52 | Mkfile.old 53 | dkms.conf 54 | 55 | # Test files 56 | *.csv 57 | test_files/* 58 | 59 | # Editor files 60 | *.swp 61 | *.swo 62 | .vscode/settings.json 63 | -------------------------------------------------------------------------------- /test_files/cert_gen/signed_certs/index.txt: -------------------------------------------------------------------------------- 1 | V 180321021156Z 01 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 2 | V 190319204501Z 02 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 3 | V 190409202229Z 03 unknown /C=US/ST=Utah/L=Provo/O=Testing/CN=localhost 4 | V 190409205130Z 04 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 5 | V 190409210355Z 05 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 6 | V 190613002121Z 06 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 7 | V 190629174303Z 07 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=Mark ONeill 8 | V 190629182333Z 08 unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=openrebellion.com 9 | V 190630173122Z 09 unknown /C=US/ST=Utah/L=Provo/O=BYU/CN=testshop.com 10 | V 190803001206Z 0A unknown /C=US/ST=Utah/L=Provo/O=US Citizens/CN=paymore.com 11 | -------------------------------------------------------------------------------- /test_files/webserver-event/http_server.h: -------------------------------------------------------------------------------- 1 | #ifndef HTTP_SERVER_H 2 | #define HTTP_SERVER_H 3 | 4 | #define BUFFER_MAX 2048 5 | #define MAX_HEADER_LENGTH 1024 6 | 7 | typedef struct http_header { 8 | char* field; 9 | char* value; 10 | } http_header_t; 11 | 12 | typedef struct http_request { 13 | struct http_request* next; 14 | int is_valid; 15 | char* method; 16 | char* path; 17 | char* version; 18 | http_header_t* headers; 19 | unsigned char* body; 20 | int header_length; 21 | int body_length; 22 | } http_request_t; 23 | 24 | typedef struct http_response { 25 | char* version; 26 | char* status; 27 | char* phrase; 28 | http_header_t* headers; 29 | unsigned char* body; 30 | int resource_fd; 31 | } http_response_t; 32 | 33 | void http_server_run(char* config_path, char* port); 34 | void free_http_request(http_request_t* request); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/http_server.h: -------------------------------------------------------------------------------- 1 | #ifndef HTTP_SERVER_H 2 | #define HTTP_SERVER_H 3 | 4 | #define BUFFER_MAX 2048 5 | #define MAX_HEADER_LENGTH 1024 6 | 7 | typedef struct http_header { 8 | char* field; 9 | char* value; 10 | } http_header_t; 11 | 12 | typedef struct http_request { 13 | struct http_request* next; 14 | int is_valid; 15 | char* method; 16 | char* path; 17 | char* version; 18 | http_header_t* headers; 19 | unsigned char* body; 20 | int header_length; 21 | int body_length; 22 | } http_request_t; 23 | 24 | typedef struct http_response { 25 | char* version; 26 | char* status; 27 | char* phrase; 28 | http_header_t* headers; 29 | unsigned char* body; 30 | int resource_fd; 31 | } http_response_t; 32 | 33 | void http_server_run(char* config_path, char* port); 34 | void free_http_request(http_request_t* request); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /test_files/webserver-event/config.h: -------------------------------------------------------------------------------- 1 | #ifndef CONFIG_H 2 | #define CONFIG_H 3 | 4 | #include 5 | #include 6 | 7 | #define MIME_MAX 256 /* RFC 6838 */ 8 | #define EXT_MAX 256 /* Likely */ 9 | 10 | 11 | typedef struct host_path { 12 | char host[NI_MAXHOST]; 13 | char path[PATH_MAX]; 14 | } host_path_t; 15 | 16 | typedef struct extension_mime { 17 | char extension[EXT_MAX]; 18 | char mime_type[MIME_MAX]; 19 | } extension_mime_t; 20 | 21 | typedef struct config { 22 | extension_mime_t* mimes; 23 | int mime_count; 24 | host_path_t* hosts; 25 | int host_count; 26 | } config_t; 27 | 28 | config_t parse_config(char* config_path); 29 | void free_config(config_t* config); 30 | char* get_host_path(config_t* config, char* host); 31 | char* get_mime_type(config_t* config, char* extension); 32 | void print_config(config_t* config); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/config.h: -------------------------------------------------------------------------------- 1 | #ifndef CONFIG_H 2 | #define CONFIG_H 3 | 4 | #include 5 | #include 6 | 7 | #define MIME_MAX 256 /* RFC 6838 */ 8 | #define EXT_MAX 256 /* Likely */ 9 | 10 | 11 | typedef struct host_path { 12 | char host[NI_MAXHOST]; 13 | char path[PATH_MAX]; 14 | } host_path_t; 15 | 16 | typedef struct extension_mime { 17 | char extension[EXT_MAX]; 18 | char mime_type[MIME_MAX]; 19 | } extension_mime_t; 20 | 21 | typedef struct config { 22 | extension_mime_t* mimes; 23 | int mime_count; 24 | host_path_t* hosts; 25 | int host_count; 26 | } config_t; 27 | 28 | config_t parse_config(char* config_path); 29 | void free_config(config_t* config); 30 | char* get_host_path(config_t* config, char* host); 31 | char* get_mime_type(config_t* config, char* extension); 32 | void print_config(config_t* config); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /notification.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 4 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 5 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 6 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 7 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 8 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 9 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 10 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 11 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 12 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 13 | */ 14 | 15 | #ifndef NOTIFICATION_H 16 | #define NOTIFICATION_H 17 | 18 | int connect_phone_alert(); 19 | 20 | #endif //NOTIFICATION_H 21 | -------------------------------------------------------------------------------- /config.h: -------------------------------------------------------------------------------- 1 | #ifndef CONFIG_H 2 | #define CONFIG_H 3 | #include 4 | #include 5 | #include 6 | #include "hashmap_str.h" 7 | enum validation { Normal, TrustBase }; 8 | #define SSA_EXT_SNI 0x0001 9 | #define SSA_EXT_ALPN 0x0002 10 | #define SSA_EXT_TICKET 0x0004 11 | 12 | typedef struct { 13 | char* profile; 14 | int min_version; 15 | int max_version; 16 | long options; //for version stuff too 17 | char* cipher_list; 18 | enum validation validate; 19 | char* trust_store; 20 | int custom_validation; 21 | long cache_timeout; 22 | char* cache_path; 23 | long extensions; //bitmask 24 | char* randseed_path; 25 | int randseed_size; 26 | 27 | } ssa_config_t; 28 | 29 | extern char DEFAULT_CONF[]; 30 | extern hsmap_t* global_config; 31 | extern size_t global_config_size; 32 | 33 | size_t parse_config(char* filename); 34 | void free_config(); 35 | ssa_config_t* get_app_config(char* app_path); 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /in_tls.h: -------------------------------------------------------------------------------- 1 | #ifndef IN_TLS 2 | #define IN_TLS 3 | 4 | /* Protocol */ 5 | #define IPPROTO_TLS (715 % 255) 6 | 7 | /* Options */ 8 | #define TLS_REMOTE_HOSTNAME 85 9 | #define TLS_HOSTNAME 86 10 | #define TLS_TRUSTED_PEER_CERTIFICATES 87 11 | #define TLS_CERTIFICATE_CHAIN 88 12 | #define TLS_PRIVATE_KEY 89 13 | #define TLS_ALPN 90 14 | #define TLS_SESSION_TTL 91 15 | #define TLS_DISABLE_CIPHER 92 16 | #define TLS_PEER_IDENTITY 93 17 | #define TLS_REQUEST_PEER_AUTH 94 18 | 19 | /* Internal use only */ 20 | #define TLS_PEER_CERTIFICATE_CHAIN 95 21 | #define TLS_ID 96 22 | 23 | /* TCP options */ 24 | #define TCP_UPGRADE_TLS 33 25 | 26 | /* Address types */ 27 | #define AF_HOSTNAME 43 28 | 29 | struct host_addr { 30 | unsigned char name[255]; 31 | }; 32 | 33 | struct sockaddr_host { 34 | sa_family_t sin_family; 35 | unsigned short sin_port; 36 | struct host_addr sin_addr; 37 | }; 38 | 39 | 40 | #endif 41 | 42 | -------------------------------------------------------------------------------- /test_files/webserver-event/www2/get_example.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | GET Example 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 |

Webserver GET Test

23 |
24 |
25 |
26 |
27 |

28 |
29 |
30 |
31 | 32 | 33 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www2/get_example.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | GET Example 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 |

Webserver GET Test

23 |
24 |
25 |
26 |
27 |

28 |
29 |
30 |
31 | 32 | 33 | -------------------------------------------------------------------------------- /install_packages.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DISTRO=$(awk -F= '/^NAME/{print $2}' /etc/os-release) 4 | test -n $DISTRO && echo "distribution detected: ${DISTRO}" || echo "could not determine OS type" 5 | if [[ "${DISTRO}" == 'Fedora' ]]; then 6 | echo 'Installing Fedora libraries for tls_wrapper' 7 | sudo dnf install \ 8 | avahi-devel \ 9 | elfutils-libelf-devel \ 10 | glib-devel \ 11 | gtk3-devel \ 12 | kernel-devel \ 13 | libconfig-devel \ 14 | libevent-devel \ 15 | libnl3-devel \ 16 | libnotify-devel \ 17 | openssl-devel \ 18 | qrencode \ 19 | 20 | 21 | echo 'Installed' 22 | fi 23 | 24 | if [[ "${DISTRO}" == '"Ubuntu"' ]]; then 25 | echo 'Installing Ubuntu libraries for tls_wrapper' 26 | sudo apt install \ 27 | libavahi-client-dev \ 28 | libconfig-dev \ 29 | libelf-dev \ 30 | libevent-dev \ 31 | libglib2.0-dev \ 32 | libnl-3-dev \ 33 | libnl-genl-3-dev \ 34 | libnotify-dev \ 35 | linux-headers-$(uname -r | sed 's/[0-9\.\-]*//') \ 36 | openssl \ 37 | qrencode \ 38 | 39 | echo 'Installed' 40 | fi 41 | -------------------------------------------------------------------------------- /tb_communications.h: -------------------------------------------------------------------------------- 1 | #ifndef _TB_COMMUNICATIONS_H 2 | #define _TB_COMMUNICATIONS_H 3 | 4 | struct handler_state_t; 5 | 6 | int tb_register_netlink(void); 7 | void tb_unregister_netlink(void); 8 | int tb_send_certificate_query(struct handler_state_t* state, unsigned char* certificate, size_t length); 9 | int tb_send_is_starttls_query(struct handler_state_t* state); 10 | int tb_send_shutdown(void); 11 | //int tb_get_certificate_response(void); 12 | 13 | // Attributes 14 | enum { 15 | TRUSTBASE_A_UNSPEC, 16 | TRUSTBASE_A_CERTCHAIN, 17 | TRUSTBASE_A_HOSTNAME, 18 | TRUSTBASE_A_CLIENT_HELLO, 19 | TRUSTBASE_A_SERVER_HELLO, 20 | TRUSTBASE_A_IP, 21 | TRUSTBASE_A_PORTNUMBER, 22 | TRUSTBASE_A_RESULT, 23 | TRUSTBASE_A_STATE_PTR, 24 | TRUSTBASE_A_PAD, 25 | __TRUSTBASE_A_MAX, 26 | }; 27 | 28 | #define TRUSTBASE_A_MAX (__TRUSTBASE_A_MAX - 1) 29 | 30 | // Operations 31 | enum { 32 | TRUSTBASE_C_UNSPEC, 33 | TRUSTBASE_C_QUERY, 34 | TRUSTBASE_C_QUERY_NATIVE, 35 | TRUSTBASE_C_RESPONSE, 36 | TRUSTBASE_C_SHUTDOWN, 37 | TRUSTBASE_C_SHOULDTLS, 38 | __TRUSTBASE_C_MAX, 39 | }; 40 | 41 | #define TRUSTBASE_C_MAX (__TRUSTBASE_C_MAX - 1) 42 | 43 | // Multicast group 44 | enum trustbase_groups { 45 | TRUSTBASE_QUERY, 46 | }; 47 | 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /test_files/webserver-event/client.h: -------------------------------------------------------------------------------- 1 | #ifndef CLIENT_H 2 | #define CLIENT_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include "http_server.h" 8 | 9 | typedef struct buffer { 10 | unsigned char* data; 11 | int length; 12 | int max_length; 13 | int position; 14 | } buffer_t; 15 | 16 | typedef struct resource { 17 | int fd; 18 | long int size; 19 | long int position; 20 | } resource_t; 21 | 22 | typedef enum state { 23 | PARSING_HEADERS, 24 | PARSING_BODY, 25 | RECEIVED_REQUEST, 26 | CREATING_RESPONSE, 27 | SENDING_HEADERS, 28 | SENDING_BODY, 29 | DISCONNECTED 30 | } state_t; 31 | 32 | typedef struct client { 33 | struct client* next; 34 | struct client* prev; 35 | int fd; 36 | state_t state; 37 | buffer_t send_buf; 38 | buffer_t recv_buf; 39 | char* sentinel_pos; 40 | http_request_t* current_request; 41 | http_request_t* request_list; 42 | resource_t current_resource; 43 | struct timeval last_event; 44 | char hostname[NI_MAXHOST]; 45 | char port[NI_MAXSERV]; 46 | } client_t; 47 | 48 | client_t* create_client(int server_sock); 49 | void sweep_clients(time_t timeout_secs); 50 | void reset_client(client_t* client); 51 | void free_client(client_t* client); 52 | 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/client.h: -------------------------------------------------------------------------------- 1 | #ifndef CLIENT_H 2 | #define CLIENT_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include "http_server.h" 8 | #include 9 | 10 | 11 | typedef struct buffer { 12 | unsigned char* data; 13 | int length; 14 | int max_length; 15 | int position; 16 | } buffer_t; 17 | 18 | typedef struct resource { 19 | int fd; 20 | long int size; 21 | long int position; 22 | } resource_t; 23 | 24 | typedef enum state { 25 | PARSING_HEADERS, 26 | PARSING_BODY, 27 | RECEIVED_REQUEST, 28 | CREATING_RESPONSE, 29 | SENDING_HEADERS, 30 | SENDING_BODY, 31 | DISCONNECTED 32 | } state_t; 33 | 34 | typedef struct client { 35 | struct client* next; 36 | struct client* prev; 37 | int fd; 38 | SSL* ssl; 39 | state_t state; 40 | buffer_t send_buf; 41 | buffer_t recv_buf; 42 | char* sentinel_pos; 43 | http_request_t* current_request; 44 | http_request_t* request_list; 45 | resource_t current_resource; 46 | struct timeval last_event; 47 | char hostname[NI_MAXHOST]; 48 | char port[NI_MAXSERV]; 49 | } client_t; 50 | 51 | client_t* create_client(int server_sock); 52 | void sweep_clients(time_t timeout_secs); 53 | void reset_client(client_t* client); 54 | void free_client(client_t* client); 55 | 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /test_files/certificate_b.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDjzCCAnegAwIBAgIJAJgD0PVviZFkMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV 3 | BAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEcMBoGA1UECgwT 4 | RGVmYXVsdCBDb21wYW55IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDMw 5 | MzIyNDgyMloXDTE5MDMwMzIyNDgyMlowXjELMAkGA1UEBhMCVVMxDTALBgNVBAgM 6 | BFV0YWgxDjAMBgNVBAcMBVByb3ZvMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkg 7 | THRkMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 8 | ggEKAoIBAQCndmf/4wqQyONpvOUCkv8kDe+Mzp1t3KEO/fmD7FEhlPfLRGTyfaQh 9 | Qfzd//8YD0Btr1oby43dziRWcEruiJDF3HfD2mlgJoltQUP2IJdwRsXt1+SIkptr 10 | WMF7jzyDkKEjnnCcqLLJcR35e6LgSShjt2IfavJCX+RqrGbmyfcY5n/oELCKw3GP 11 | Fj8BBxH8jWlJ85hE7+RmvXx/mQ69MQAKQm678Rj6AQS1yfHzWPTsA7OY3lg7+rL9 12 | 5l6ozNdGx+LfoY+DsemlnNyxmnT7kB6PD/H0WisnmijTKfeHNeyx8xJFqVB93Yp8 13 | r9ndCMJKPrxo8TeZphHPc6tV86aQQ+fhAgMBAAGjUDBOMB0GA1UdDgQWBBSiT1Xd 14 | D3Q2C2HGo1oS5yDEX+XdAzAfBgNVHSMEGDAWgBSiT1XdD3Q2C2HGo1oS5yDEX+Xd 15 | AzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQADTXy+4ldXfI5c0jQF 16 | DMRngNvhE/na5cwp2L8OnSRR6qQIL/vg4vaage3f0fh8nHUF/ZuTLw4A5775Ua1W 17 | OP2HLlpZRaFsnSm6O7xkWsMwlC45+agHYFY9sBmGxS6OhaI6QItnI1ls7biVseBT 18 | amv5z1H2lQdoNn6jph3Kw3uXQhi+e7qz894GCaPgCTVn+RbumO30iXtBvwQfB0l5 19 | T8wlW74ODLGeeHJVYLpIVEyplFbDUWGBP8k61pnAnUuoPk7zgJp3H2f+aSbjZoGi 20 | x2JOScUwmgw3NBzQAiOY1hnoas8h4iu+2mXlZesVCM7n4CIHoK1vN6LjcneGitbJ 21 | l5si 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /test_files/https_client/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #./threaded_https_client -a 100 -b 1024 -c 1 -d 1000000 -f fullTest.csv -h 192.168.21.101 4 | #./threaded_https_client -a 100 -b 1024 -c 1 -d 1000000 -f fullTest.csv -h 192.168.21.101 -s 5 | #./threaded_https_client -a 100 -b 1024 -c 1 -d 1000000 -f fullTest.csv -h www.phoenixteam.net 6 | #./threaded_https_client -a 100 -b 1024 -c 1 -d 1000000 -f fullTest.csv -h www.phoenixteam.net -s 7 | 8 | for j in {1..5} 9 | do 10 | echo "round $j" 11 | for i in {1..100} 12 | do 13 | echo "Iteration $i" 14 | ./threaded_https_client -b 1024 -c 1 -d 1000000 -f final_5_iterations.csv -h 192.168.0.100 -t $i 15 | done 16 | 17 | for i in {1..100} 18 | do 19 | echo "Iteration $i" 20 | ./threaded_https_client -b 1024 -c 1 -d 1000000 -f final_5_iterations.csv -h 192.168.21.101 -t $i -s 21 | done 22 | done 23 | 24 | for j in {1..5} 25 | do 26 | echo "round $j" 27 | for i in {1..100} 28 | do 29 | echo "Iteration $i" 30 | ./threaded_https_client -b 1024 -c 1 -d 1000000 -f final_5_iterations.csv -h www.phoenixteam.net -t $i 31 | done 32 | 33 | for i in {1..100} 34 | do 35 | echo "Iteration $i" 36 | ./threaded_https_client -b 1024 -c 1 -d 1000000 -f final_5_iterations.csv -h www.phoenixteam.net -t $i -s 37 | done 38 | done 39 | 40 | -------------------------------------------------------------------------------- /test_files/manual_tests/keys/certificate_b.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDjzCCAnegAwIBAgIJAJgD0PVviZFkMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV 3 | BAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEcMBoGA1UECgwT 4 | RGVmYXVsdCBDb21wYW55IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDMw 5 | MzIyNDgyMloXDTE5MDMwMzIyNDgyMlowXjELMAkGA1UEBhMCVVMxDTALBgNVBAgM 6 | BFV0YWgxDjAMBgNVBAcMBVByb3ZvMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkg 7 | THRkMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 8 | ggEKAoIBAQCndmf/4wqQyONpvOUCkv8kDe+Mzp1t3KEO/fmD7FEhlPfLRGTyfaQh 9 | Qfzd//8YD0Btr1oby43dziRWcEruiJDF3HfD2mlgJoltQUP2IJdwRsXt1+SIkptr 10 | WMF7jzyDkKEjnnCcqLLJcR35e6LgSShjt2IfavJCX+RqrGbmyfcY5n/oELCKw3GP 11 | Fj8BBxH8jWlJ85hE7+RmvXx/mQ69MQAKQm678Rj6AQS1yfHzWPTsA7OY3lg7+rL9 12 | 5l6ozNdGx+LfoY+DsemlnNyxmnT7kB6PD/H0WisnmijTKfeHNeyx8xJFqVB93Yp8 13 | r9ndCMJKPrxo8TeZphHPc6tV86aQQ+fhAgMBAAGjUDBOMB0GA1UdDgQWBBSiT1Xd 14 | D3Q2C2HGo1oS5yDEX+XdAzAfBgNVHSMEGDAWgBSiT1XdD3Q2C2HGo1oS5yDEX+Xd 15 | AzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQADTXy+4ldXfI5c0jQF 16 | DMRngNvhE/na5cwp2L8OnSRR6qQIL/vg4vaage3f0fh8nHUF/ZuTLw4A5775Ua1W 17 | OP2HLlpZRaFsnSm6O7xkWsMwlC45+agHYFY9sBmGxS6OhaI6QItnI1ls7biVseBT 18 | amv5z1H2lQdoNn6jph3Kw3uXQhi+e7qz894GCaPgCTVn+RbumO30iXtBvwQfB0l5 19 | T8wlW74ODLGeeHJVYLpIVEyplFbDUWGBP8k61pnAnUuoPk7zgJp3H2f+aSbjZoGi 20 | x2JOScUwmgw3NBzQAiOY1hnoas8h4iu+2mXlZesVCM7n4CIHoK1vN6LjcneGitbJ 21 | l5si 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /test_files/webserver-event/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "http_server.h" 6 | #include "utils.h" 7 | 8 | #define DEFAULT_PORT "8080" 9 | #define DEFAULT_CONFIG "http.conf" 10 | 11 | void usage(char* name); 12 | 13 | /* globals */ 14 | extern int verbose_flag; 15 | 16 | int main(int argc, char* argv[]) { 17 | char* port = NULL; 18 | char* config_path = NULL; 19 | 20 | port = DEFAULT_PORT; 21 | config_path = DEFAULT_CONFIG; 22 | 23 | int c; 24 | while ((c = getopt(argc, argv, "vp:c:")) != -1) { 25 | switch (c) { 26 | case 'v': 27 | verbose_flag = 1; 28 | break; 29 | case 'p': 30 | port = optarg; 31 | break; 32 | case 'c': 33 | config_path = optarg; 34 | break; 35 | case '?': 36 | if (optopt == 'p' || optopt == 'c') { 37 | fprintf(stderr, "Option -%c requires an argument\n", optopt); 38 | usage(argv[0]); 39 | exit(EXIT_FAILURE); 40 | } 41 | default: 42 | fprintf(stderr, "Unknown option encountered\n"); 43 | usage(argv[0]); 44 | exit(EXIT_FAILURE); 45 | } 46 | } 47 | 48 | printfv("Verbose mode set to %s\n", verbose_flag ? "true" : "false"); 49 | printfv("Config path set to %s\n", config_path); 50 | printfv("Port set to %s\n", port); 51 | http_server_run(config_path, port); 52 | return 0; 53 | } 54 | 55 | void usage(char* name) { 56 | printf("Usage: %s [-v] [-p port] [-c config-file]\n", name); 57 | printf("Example:\n"); 58 | printf("\t%s -v -p 8080 -c http.conf \n", name); 59 | return; 60 | } 61 | 62 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "http_server.h" 6 | #include "utils.h" 7 | 8 | #define DEFAULT_PORT "8080" 9 | #define DEFAULT_CONFIG "http.conf" 10 | 11 | void usage(char* name); 12 | 13 | /* globals */ 14 | extern int verbose_flag; 15 | 16 | int main(int argc, char* argv[]) { 17 | char* port = NULL; 18 | char* config_path = NULL; 19 | 20 | port = DEFAULT_PORT; 21 | config_path = DEFAULT_CONFIG; 22 | 23 | int c; 24 | while ((c = getopt(argc, argv, "vp:c:")) != -1) { 25 | switch (c) { 26 | case 'v': 27 | verbose_flag = 1; 28 | break; 29 | case 'p': 30 | port = optarg; 31 | break; 32 | case 'c': 33 | config_path = optarg; 34 | break; 35 | case '?': 36 | if (optopt == 'p' || optopt == 'c') { 37 | fprintf(stderr, "Option -%c requires an argument\n", optopt); 38 | usage(argv[0]); 39 | exit(EXIT_FAILURE); 40 | } 41 | default: 42 | fprintf(stderr, "Unknown option encountered\n"); 43 | usage(argv[0]); 44 | exit(EXIT_FAILURE); 45 | } 46 | } 47 | 48 | printfv("Verbose mode set to %s\n", verbose_flag ? "true" : "false"); 49 | printfv("Config path set to %s\n", config_path); 50 | printfv("Port set to %s\n", port); 51 | http_server_run(config_path, port); 52 | return 0; 53 | } 54 | 55 | void usage(char* name) { 56 | printf("Usage: %s [-v] [-p port] [-c config-file]\n", name); 57 | printf("Example:\n"); 58 | printf("\t%s -v -p 8080 -c http.conf \n", name); 59 | return; 60 | } 61 | 62 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/login/index.php: -------------------------------------------------------------------------------- 1 | 52 | -------------------------------------------------------------------------------- /test_files/cert_gen/openssl-client.cnf: -------------------------------------------------------------------------------- 1 | HOME = . 2 | RANDFILE = $ENV::HOME/.rnd 3 | 4 | #################################################################### 5 | [ req ] 6 | default_bits = 2048 7 | default_keyfile = personal.key 8 | distinguished_name = server_distinguished_name 9 | req_extensions = server_req_extensions 10 | string_mask = utf8only 11 | 12 | #################################################################### 13 | [ server_distinguished_name ] 14 | countryName = Country Name (2 letter code) 15 | countryName_default = US 16 | 17 | stateOrProvinceName = State or Province Name (full name) 18 | stateOrProvinceName_default = Utah 19 | 20 | localityName = Locality Name (eg, city) 21 | localityName_default = Provo 22 | 23 | organizationName = Organization Name (eg, company) 24 | organizationName_default = US Citizens 25 | 26 | commonName = Common Name (e.g. server FQDN or YOUR name) 27 | commonName_default = Mark O'Neill 28 | 29 | emailAddress = Email Address 30 | emailAddress_default = mark@markoneill.name 31 | 32 | #################################################################### 33 | [ server_req_extensions ] 34 | 35 | subjectKeyIdentifier = hash 36 | basicConstraints = CA:FALSE 37 | keyUsage = digitalSignature, keyEncipherment 38 | nsComment = "SSA Generated Certificate" 39 | subjectAltName = @alt_names 40 | 41 | [ alt_names ] 42 | DNS.1 = paymore.com 43 | DNS.2 = www.paymore.com 44 | DNS.3 = *.paymore.com 45 | DNS.4 = * 46 | 47 | -------------------------------------------------------------------------------- /test_files/https_client/https_client.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../../in_tls.h" 10 | 11 | int main() { 12 | struct sockaddr_host addr; 13 | addr.sin_family = AF_HOSTNAME; 14 | strcpy((char*)addr.sin_addr.name, "www.google.com"); 15 | addr.sin_port = htons(443); 16 | 17 | int sock_fd; 18 | if ((sock_fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS)) == -1) 19 | { 20 | fprintf(stderr, "Error creating socket: %s\n", strerror(errno)); 21 | exit(EXIT_FAILURE); 22 | } 23 | if (connect(sock_fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) 24 | { 25 | fprintf(stderr, "Error connecting: %s\n", strerror(errno)); 26 | exit(EXIT_FAILURE); 27 | } 28 | 29 | char http_request[] = "GET / HTTP/1.1\r\nHost: expired.badssl.com\r\n\r\n"; 30 | char http_response[2048]; 31 | memset(http_response, 0, 2048); 32 | printf("sending\n"); 33 | fflush(stdout); 34 | if(send(sock_fd, http_request, sizeof(http_request)-1, 0) == -1) 35 | { 36 | fprintf(stderr, "Error sending: %s\n", strerror(errno)); 37 | exit(EXIT_FAILURE); 38 | } 39 | printf("recving\n"); 40 | fflush(stdout); 41 | if (recv(sock_fd, http_response, 2047, 0) == -1) 42 | { 43 | fprintf(stderr, "Error recv(): %s\n", strerror(errno)); 44 | exit(EXIT_FAILURE); 45 | } 46 | printf("closing\n"); 47 | fflush(stdout); 48 | close(sock_fd); 49 | printf("Received:\n%s", http_response); 50 | fflush(stdout); 51 | return 0; 52 | } 53 | 54 | -------------------------------------------------------------------------------- /examples/example_client/example_client.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../../in_tls.h" 10 | 11 | int main() { 12 | struct sockaddr_host addr; 13 | addr.sin_family = AF_HOSTNAME; 14 | strcpy((char*)addr.sin_addr.name, "expired.badssl.com"); 15 | addr.sin_port = htons(443); 16 | 17 | int sock_fd; 18 | if ((sock_fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS)) == -1) 19 | { 20 | fprintf(stderr, "Error creating socket: %s\n", strerror(errno)); 21 | exit(EXIT_FAILURE); 22 | } 23 | if (connect(sock_fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) 24 | { 25 | fprintf(stderr, "Error connecting: %s\n", strerror(errno)); 26 | exit(EXIT_FAILURE); 27 | } 28 | 29 | char http_request[] = "GET / HTTP/1.1\r\nHost: expired.badssl.com\r\n\r\n"; 30 | char http_response[2048]; 31 | memset(http_response, 0, 2048); 32 | printf("sending\n"); 33 | fflush(stdout); 34 | if(send(sock_fd, http_request, sizeof(http_request)-1, 0) == -1) 35 | { 36 | fprintf(stderr, "Error sending: %s\n", strerror(errno)); 37 | exit(EXIT_FAILURE); 38 | } 39 | printf("recving\n"); 40 | fflush(stdout); 41 | if (recv(sock_fd, http_response, 2047, 0) == -1) 42 | { 43 | fprintf(stderr, "Error recv(): %s\n", strerror(errno)); 44 | exit(EXIT_FAILURE); 45 | } 46 | printf("closing\n"); 47 | fflush(stdout); 48 | close(sock_fd); 49 | printf("Received:\n%s", http_response); 50 | fflush(stdout); 51 | return 0; 52 | } 53 | 54 | -------------------------------------------------------------------------------- /nsd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef NSD_H 28 | #define NSD_H 29 | 30 | #include 31 | 32 | int register_auth_service(int port,EVP_PKEY *pKey); 33 | 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /ssa.conf: -------------------------------------------------------------------------------- 1 | # We must have a default profile 2 | 3 | # These are comments 4 | # Protocol sets the Protocol version. 5 | # We don't have SSL ones because they're all vulnerable anyway 6 | Protocol 1.1 1.2 1.3 7 | 8 | # CipherSuite is the order of preferred cipher suites to use 9 | # ! means disabled 10 | CipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS 11 | 12 | # Validation is either "TrustBase" or "Normal" 13 | Validation Normal 14 | 15 | # TrustStoreLocation designates the path to the 16 | # PEM certificate file containing all trusted root 17 | # certificates to be used in the SSA 18 | TrustStoreLocation "/etc/pki/tls/certs/ca-bundle.crt" 19 | 20 | # AppCustomValidation is either On or Off 21 | # Determines whether to honor certificates supplied by apps 22 | # for hard-coded validation 23 | AppCustomValidation On 24 | 25 | # Session caching settings 26 | # Timeout, in seconds 27 | SessionCacheTimeout 300 28 | # Path to store session data, for cross-machine sharing 29 | SessionCacheLocation "/ssa/session/" 30 | 31 | # Extensions 32 | # I need your help with this section. You know what functions we should be calling 33 | # in OpenSSL and with what params. Make something smart here that will work 34 | Extensions SNI ALPN 35 | 36 | # Misc 37 | # Seed location and stuff 38 | RandomSeed /dev/random 512 39 | 40 | 41 | # Profiles set specific deviations from default policy 42 | # for a given app path 43 | 44 | Protocol 1.0 1.2 45 | CipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS 46 | 47 | 48 | AppCustomValidation Off 49 | 50 | -------------------------------------------------------------------------------- /test_files/key_a.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI/g9W3d/jPa6q 3 | LpdJSFQdjE6v/NZRa2zER1zpS01zk9VawD9H7Vd71w7PKK9EVYKKTc6CQeSHiAPI 4 | RaFGQWgU4Kt+Qz5YXUqUSURA25vNx6W705KO0hr+I3slE1ou6fmZYTbciPJ3grPt 5 | WQCtxuTPpKxLvyPsgAPYtDj994lGi+MoPS6LXBWXgKtu0xeBPAalVIZiZXVYWCEV 6 | qdYMvYkaB8dMpobnr/YudK+aXXrhVNJU+3/zMKgYItK5lKVlRxjkkCw+f4qb258K 7 | Dbvw7zHxmzeStVzUJuypK29h7kKhdBVPeR3vZiBrKzxD49D76i29lmH0iPRGd0OJ 8 | tvCW6Lg7AgMBAAECggEAIpdO7oVK9eH0wIc6NDuFdnxiQnmCLQsO8gzSGbiDAOQt 9 | cOvrOCbJyp9thgubdmg9Ci5v3w0WFpk7BWmuYtf44Lb17MoH3c9YeYLOg1cITncQ 10 | t+2mqHvSd3CFzhCxkadk9Je9iGDtUdIlwzBxJHc5g970ZCjmNtqlTtNdh5/leUVl 11 | Va5YBjubcehQ6W+eweQQEUVsy0kuzZ1xYY0NnEnATwsCbvhoHGAbeNf4aj9mSS6Z 12 | UQ9uh/JtRkSRrNWO37/CF4htTl8AGqkf0006IlPFXUvDkK9BieGs9G2/JjzJUZfG 13 | KP7/KctuKBp6rhoGDnaauAcSF1UBj77bq8fhe/th6QKBgQD/ix1zHdvkI//yc/aS 14 | 3ctK4QTCOmOskfb2sZ6wfGPfLaK1obLl6wUswOv9nwPts4HgQwQQLN5Bku0ZYxtl 15 | IRcyTKkhrzRcdG1a3u6VFWeQZ59qu+Bmp9f9W72pCVPcahuwvZRQyJGTDuMmJZ6D 16 | CSjr5h/rpIf8sPnAqSpaoQf7VQKBgQDJWf5OWvcze3PERBe69qytZFwoR45vlIIw 17 | nCQKrs0tncmmya/mJltOI3x0pkNGCIM+tAGo2WNrERKXGfsP5FiINmJbo1+kadB8 18 | 8mC8gmDCCiah9Ev1CPyjlS5Sy7lYbjOyhEtvDfDbRG9s4DlFfnCzhE43tHVtl27F 19 | en2fVmOFTwKBgQDGGZ1B4XLWgEXpOZZ7si7npFrhCwy7+ge+pGFFpZhyqdkJ/wlF 20 | jZTcZc5MNZqBCfhz1t/ufinqIbFmTdst4aIu3xj6QO1RgvxHRq0jq402d+4weuby 21 | Dcm14gm8Ybu+Eg/XSpAQs/uOSiszJlSkdlRf020Jaun0rWlfvoRT76PVZQKBgAgN 22 | dlMx5iMD8+xMgNp0VRGWKu1ddz/VI6PICtT2irQhVFg8RrGgpRQp7SdJIvWhD4ap 23 | ckuLbiNxClpKqrTHABdqfWKG1SNhK/pjQyUm3bHE8CiX+ZWyJ1BvfevHxADaX2zr 24 | R40IdLKAOSiUixXRabZ0OyCVMgERBlgVfwKpVM+XAoGBAIkPRIkUFskDjS6UujwN 25 | R0h6/XeW8UU13a3AjXenqO/1/j7tk4ZI8LvnGOgK2YU2JgK2NUyoKEsVSH2cbFGv 26 | Rsf00plJbd5gvYsbubhWtq5M2n7UiyfYD00XDdBN38ZvSgXs8nGN0hd0c8/fOUdc 27 | 8iYpsIMSpCYYleryjqFsJ/5H 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test_files/key_b.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCndmf/4wqQyONp 3 | vOUCkv8kDe+Mzp1t3KEO/fmD7FEhlPfLRGTyfaQhQfzd//8YD0Btr1oby43dziRW 4 | cEruiJDF3HfD2mlgJoltQUP2IJdwRsXt1+SIkptrWMF7jzyDkKEjnnCcqLLJcR35 5 | e6LgSShjt2IfavJCX+RqrGbmyfcY5n/oELCKw3GPFj8BBxH8jWlJ85hE7+RmvXx/ 6 | mQ69MQAKQm678Rj6AQS1yfHzWPTsA7OY3lg7+rL95l6ozNdGx+LfoY+DsemlnNyx 7 | mnT7kB6PD/H0WisnmijTKfeHNeyx8xJFqVB93Yp8r9ndCMJKPrxo8TeZphHPc6tV 8 | 86aQQ+fhAgMBAAECggEAYuUzL9O2FqD8ZCJwoB+NW457TI1sPUgROVhVdUom840U 9 | 9U6zytzWA+oDWltnG59OLjhjH40Lf9TQcten+MxfqumzNM+UcXrwp7vmVcETjfPN 10 | ydM4nErwS+nDgaOqWgwcjXtxB6M8ymfqCr6wBoJNvu26ndE7tmUI8NJVhq/5JBNu 11 | qEVtPYvp1visEuv6reqOeoVVZ+WWBQ7JXh1C0B96qclW0VsnGamvZfA2U8DdJG8o 12 | M1vr+L7LXeovUAhZKbTuRMQk9DVBVr4AMRPSki3YJbWS1BNxltL6nWUDz9TXu+z0 13 | PkboPO8KC/0jWtBGLqHydTkquJTofaLIJanyTq1IAQKBgQDcY4bl7Msqn+zwAlhn 14 | DraUUSl06PQli1V9Rk7+bXPzaTMF9dYxGMwRl3JGI+HmkHx9OhIkBLUeulag+OkE 15 | r4Bt0WNp8skxTGIR3e/jGx2m6C/JGKebVKTGf9Ry0L+igB4KpHYKsBZe8Q79V7T1 16 | 5Hjqiwz3nrB3KFdcTajQWrF6IQKBgQDChZAcjP1NMTktKGtVwVJ8pfN/uOkB3TGE 17 | cKDiwvy1XNT1tC/KkMobDXcD7256USeaQjjq0uslM8MxhmE2QDgDOqmvzLPY1Q6W 18 | lB1EY18NP21V29kMCsfrfngwq5VjKMJXwYLQn3LKFLmwm43u3b7GV91v+FDo6xKP 19 | d7gZ+G41wQKBgQDG7IbMbgmLtcJVeKh2jQ87nG6A+eu1H6jQZG/UstKf+Gp3jMgC 20 | lNFNZ5dbu/Og+vWCyrGpFR6uV57tuP4KnqabeQ30iZIUD0/NtLdcFBOVnanUJ47R 21 | Y3s/OA54e/cdI+r5zCxHxVzL4WWYQlwyPkDt4wiXUQMS6rS/udEQD2x2QQKBgGAT 22 | Oc9wL3ed1UChkwoC9uvLx02RFbyu9FMWkdAOQGSPWjuU6HnjM39TEjJmYqmVRbsh 23 | 9By/WhbAzyq51W/HHiMyKTdEIpv490CWHTJ25i6T4jui3zvcY0vD5jcbuCgGrJ5N 24 | XIAQENEQlXpOCjctXJl4Mk2oVsYDvOIRXmOtWTnBAoGALIUjz6VCK8dbcWy6NyBF 25 | S0TQqWNJZntyW6EDEbua+AI+J/qBqyFWZh+1dooP44lU6VevEW8s6sYyg6c2dMeL 26 | QcPMuPy0OPTEeIGhxg3xn5IMD7QpUoz1+buDJj1rd7y8aLDSIsWpIEi7WeCbxVar 27 | A3FsDgpraLwQ/uwVu+mIdwc= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test_files/key_personal.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtyQmZMVDi/5Ni 3 | qT9exj7+JENvoYeigVYVeVsj96MeVIcRLXaS0dDenybdyYp7nwEuuBSbjS0HW5VV 4 | 7+Yp2VeG/qR9EXcLPfbU0JLtL9Yr/oKEkEYsZD/cDNIEoIXmFVMKHo7xbrKIVq2l 5 | 6ywqevIawKdGlYGmkOgx7Sid4LqG8r4OmL1RJSUUMhkXlNg7L3EadBb5sYDmTLTQ 6 | OnVoyNULit4ZnYpWzbgaetHxs0x2XQxfqZg/3do0k1xE/cwGLEpjPlA2TUGWcrb7 7 | WgTgReU+pcNAmquYb6R2/CCXJbnka2I7agMTdWuibMTqUa8mFd3N7CFy5wt1Ax1Y 8 | 3rPlnFtvAgMBAAECggEAFzPWMjvhXs1csjmCmnbBhlD1J/xbDZlTEv7m6kBv6ObE 9 | OcjmIegdiPuaxtXXxXWPRNuS9Mm+j1Ls91JWWpQIGZ/5+jDQwhF92SAX3c8bOzh5 10 | 2JUiqV6hIBIeIDwGZJfIRHub/iQXdhiMirCBbxKHLIc4TjY73y9NsQzG9X1Bqi6a 11 | KHmrg3R+FCAn3zEYAtQ+GK+FWJEQOLejfuAT7XVL3f2LS0WRBCFXo7vuFcWwx/aM 12 | YvIeOI209BjPDnvY5jjaU9Xk82KcfbFzO9M4HDroYd6I6ee+Sz+7wwwaG8XXhQjx 13 | mPrt3sTvdE2uDb1U47igaWZg1i66tNUKyvrXpGiIgQKBgQDlTjkPWIS/VQTmUe+J 14 | Grg+ZnK2E+0ui9xyXNiBxZeIJNoKQBMDlnAkLbIIYaj4bhxX64fCOwV3xgXz6pJa 15 | KJbW/WzZN+s/zdUkwzX28tl6feEjBnnhJEwip/yloy2Uxui9DgS62R5jPN0VFpWB 16 | 1DFrP6uGYO2yzeoLk9QTmBvmIQKBgQDCBDJjzPmHQeP/PXRqGqpP/dySdOF/THUr 17 | JaEuoil6rh/omTVwLH1Mn3/iQ6+OcIt51k3r8S/CwImv/tGDAhqc+zLeO+ToNDma 18 | Bd0jETRXp5SBFaeLHLextX1ehMsrDt5ClT46bWY9btT1EQR7dtQ8MfPFAjAW9Dok 19 | FYJjAG7vjwKBgQC6199EstMP+F3SsmblJ8GDDwVfeaMk70/EXAUK0Q9lHuoPuiAE 20 | J1vfDuDnVXRSYZ50wXVQfbk53EBTfQqdrj8ilUNRR/BHgBeyKeJaA43T8qg1WvyK 21 | yIHFJ26FJQ5qER3plneiLHJHWHuoyEswi89s3WeNSoPE02Zm4qDHCoWJIQKBgF9x 22 | kRhnjZlsYKz/nnVUCNSxHgEuXoAxLLK9ID3AqIchgbD7Lb6xJDK9hDva8FIyK2sU 23 | ceDQFZ7I+PMLeCXqswzmxm9tJ37TskKC//ZwUD+OwQ9/h5x31CYoEjSdPxU/izdW 24 | E/bKOrGeBEVKydmy61VxfWo9WUrxemil7C6n1+shAoGBANwCJQMCW8NIbQI4diqy 25 | 8GKIS2X5LCDu5G3uiqt++B7zyhfDMJftS1qQdylI/5sI4pBWQfSnIb4OoEjWLSGx 26 | J296JWziaaJDzKV9QWyL69N8mojslfmX8+Kp0ZLKUzNEyGhz4XF1JWn9wizgT5E0 27 | gVhhrHFlOkNDXfBLS6mHAwOW 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test_files/manual_tests/keys/key_a.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI/g9W3d/jPa6q 3 | LpdJSFQdjE6v/NZRa2zER1zpS01zk9VawD9H7Vd71w7PKK9EVYKKTc6CQeSHiAPI 4 | RaFGQWgU4Kt+Qz5YXUqUSURA25vNx6W705KO0hr+I3slE1ou6fmZYTbciPJ3grPt 5 | WQCtxuTPpKxLvyPsgAPYtDj994lGi+MoPS6LXBWXgKtu0xeBPAalVIZiZXVYWCEV 6 | qdYMvYkaB8dMpobnr/YudK+aXXrhVNJU+3/zMKgYItK5lKVlRxjkkCw+f4qb258K 7 | Dbvw7zHxmzeStVzUJuypK29h7kKhdBVPeR3vZiBrKzxD49D76i29lmH0iPRGd0OJ 8 | tvCW6Lg7AgMBAAECggEAIpdO7oVK9eH0wIc6NDuFdnxiQnmCLQsO8gzSGbiDAOQt 9 | cOvrOCbJyp9thgubdmg9Ci5v3w0WFpk7BWmuYtf44Lb17MoH3c9YeYLOg1cITncQ 10 | t+2mqHvSd3CFzhCxkadk9Je9iGDtUdIlwzBxJHc5g970ZCjmNtqlTtNdh5/leUVl 11 | Va5YBjubcehQ6W+eweQQEUVsy0kuzZ1xYY0NnEnATwsCbvhoHGAbeNf4aj9mSS6Z 12 | UQ9uh/JtRkSRrNWO37/CF4htTl8AGqkf0006IlPFXUvDkK9BieGs9G2/JjzJUZfG 13 | KP7/KctuKBp6rhoGDnaauAcSF1UBj77bq8fhe/th6QKBgQD/ix1zHdvkI//yc/aS 14 | 3ctK4QTCOmOskfb2sZ6wfGPfLaK1obLl6wUswOv9nwPts4HgQwQQLN5Bku0ZYxtl 15 | IRcyTKkhrzRcdG1a3u6VFWeQZ59qu+Bmp9f9W72pCVPcahuwvZRQyJGTDuMmJZ6D 16 | CSjr5h/rpIf8sPnAqSpaoQf7VQKBgQDJWf5OWvcze3PERBe69qytZFwoR45vlIIw 17 | nCQKrs0tncmmya/mJltOI3x0pkNGCIM+tAGo2WNrERKXGfsP5FiINmJbo1+kadB8 18 | 8mC8gmDCCiah9Ev1CPyjlS5Sy7lYbjOyhEtvDfDbRG9s4DlFfnCzhE43tHVtl27F 19 | en2fVmOFTwKBgQDGGZ1B4XLWgEXpOZZ7si7npFrhCwy7+ge+pGFFpZhyqdkJ/wlF 20 | jZTcZc5MNZqBCfhz1t/ufinqIbFmTdst4aIu3xj6QO1RgvxHRq0jq402d+4weuby 21 | Dcm14gm8Ybu+Eg/XSpAQs/uOSiszJlSkdlRf020Jaun0rWlfvoRT76PVZQKBgAgN 22 | dlMx5iMD8+xMgNp0VRGWKu1ddz/VI6PICtT2irQhVFg8RrGgpRQp7SdJIvWhD4ap 23 | ckuLbiNxClpKqrTHABdqfWKG1SNhK/pjQyUm3bHE8CiX+ZWyJ1BvfevHxADaX2zr 24 | R40IdLKAOSiUixXRabZ0OyCVMgERBlgVfwKpVM+XAoGBAIkPRIkUFskDjS6UujwN 25 | R0h6/XeW8UU13a3AjXenqO/1/j7tk4ZI8LvnGOgK2YU2JgK2NUyoKEsVSH2cbFGv 26 | Rsf00plJbd5gvYsbubhWtq5M2n7UiyfYD00XDdBN38ZvSgXs8nGN0hd0c8/fOUdc 27 | 8iYpsIMSpCYYleryjqFsJ/5H 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test_files/manual_tests/keys/key_b.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCndmf/4wqQyONp 3 | vOUCkv8kDe+Mzp1t3KEO/fmD7FEhlPfLRGTyfaQhQfzd//8YD0Btr1oby43dziRW 4 | cEruiJDF3HfD2mlgJoltQUP2IJdwRsXt1+SIkptrWMF7jzyDkKEjnnCcqLLJcR35 5 | e6LgSShjt2IfavJCX+RqrGbmyfcY5n/oELCKw3GPFj8BBxH8jWlJ85hE7+RmvXx/ 6 | mQ69MQAKQm678Rj6AQS1yfHzWPTsA7OY3lg7+rL95l6ozNdGx+LfoY+DsemlnNyx 7 | mnT7kB6PD/H0WisnmijTKfeHNeyx8xJFqVB93Yp8r9ndCMJKPrxo8TeZphHPc6tV 8 | 86aQQ+fhAgMBAAECggEAYuUzL9O2FqD8ZCJwoB+NW457TI1sPUgROVhVdUom840U 9 | 9U6zytzWA+oDWltnG59OLjhjH40Lf9TQcten+MxfqumzNM+UcXrwp7vmVcETjfPN 10 | ydM4nErwS+nDgaOqWgwcjXtxB6M8ymfqCr6wBoJNvu26ndE7tmUI8NJVhq/5JBNu 11 | qEVtPYvp1visEuv6reqOeoVVZ+WWBQ7JXh1C0B96qclW0VsnGamvZfA2U8DdJG8o 12 | M1vr+L7LXeovUAhZKbTuRMQk9DVBVr4AMRPSki3YJbWS1BNxltL6nWUDz9TXu+z0 13 | PkboPO8KC/0jWtBGLqHydTkquJTofaLIJanyTq1IAQKBgQDcY4bl7Msqn+zwAlhn 14 | DraUUSl06PQli1V9Rk7+bXPzaTMF9dYxGMwRl3JGI+HmkHx9OhIkBLUeulag+OkE 15 | r4Bt0WNp8skxTGIR3e/jGx2m6C/JGKebVKTGf9Ry0L+igB4KpHYKsBZe8Q79V7T1 16 | 5Hjqiwz3nrB3KFdcTajQWrF6IQKBgQDChZAcjP1NMTktKGtVwVJ8pfN/uOkB3TGE 17 | cKDiwvy1XNT1tC/KkMobDXcD7256USeaQjjq0uslM8MxhmE2QDgDOqmvzLPY1Q6W 18 | lB1EY18NP21V29kMCsfrfngwq5VjKMJXwYLQn3LKFLmwm43u3b7GV91v+FDo6xKP 19 | d7gZ+G41wQKBgQDG7IbMbgmLtcJVeKh2jQ87nG6A+eu1H6jQZG/UstKf+Gp3jMgC 20 | lNFNZ5dbu/Og+vWCyrGpFR6uV57tuP4KnqabeQ30iZIUD0/NtLdcFBOVnanUJ47R 21 | Y3s/OA54e/cdI+r5zCxHxVzL4WWYQlwyPkDt4wiXUQMS6rS/udEQD2x2QQKBgGAT 22 | Oc9wL3ed1UChkwoC9uvLx02RFbyu9FMWkdAOQGSPWjuU6HnjM39TEjJmYqmVRbsh 23 | 9By/WhbAzyq51W/HHiMyKTdEIpv490CWHTJ25i6T4jui3zvcY0vD5jcbuCgGrJ5N 24 | XIAQENEQlXpOCjctXJl4Mk2oVsYDvOIRXmOtWTnBAoGALIUjz6VCK8dbcWy6NyBF 25 | S0TQqWNJZntyW6EDEbua+AI+J/qBqyFWZh+1dooP44lU6VevEW8s6sYyg6c2dMeL 26 | QcPMuPy0OPTEeIGhxg3xn5IMD7QpUoz1+buDJj1rd7y8aLDSIsWpIEi7WeCbxVar 27 | A3FsDgpraLwQ/uwVu+mIdwc= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /test_files/openssl_mod_tests/client_key.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCmE03up2DmZYbL 3 | 3qav7rhBSU7JRuATUZJp+hwpw5FS6YUGfOTRGPZwDU9hyK6Wbq88kBR74UGbZ9sH 4 | QqPE0cua/jKpxiKWLHB/eJ389XwmgjeYCx+45S1jngF6q7pXw2OTdpDt9fzytRR9 5 | ZA8QxhdiliQOjeP16swZe4I2jg+nvYy7M3Mv36nQo+8TGAJpCdbBXW+BtIYAsQKp 6 | UraMqbsp2KY0PNBGSEOjAmy6WWuM0wqiN2othAthdnPtnt1p+W7IOqJom+hQFI5u 7 | BsNCePKeWik1+dD1gUjTHz3xUNt5NSz9A5k3hskxMr1KIe+v/Bx2PzKc+BA0+x03 8 | S8JGZuPvAgMBAAECggEANeo2dq/oCWQUasMRojQBpVBDP5y+ygbFXZpQ4k4XM6+T 9 | /BM3xZoxBxeLGdeotjWgtiygOcdbITSKKsU7nX3ud5bmo68rM02iCAAEakbX0zib 10 | C8UwuznLjneRS13M1QkdnpXzXw1o3PJkgICnU2670MmlUwRFaWScdflewI9GDdI5 11 | k/QRk4Ay0Abk/2TEqEyKI1lw5zlmkj1Dfsn/Whu/e58YWr4Y2QDq0Rjz7Dh80r1K 12 | DjCDB1MCJQUgWDRQ882+QLotZGsZgGwKczWTkx12Vaf+8Mk5TMdLvsHdWLeUR1f+ 13 | Q+ObLIQ6kghsEVdeLh4o+EBJvj62WFwxjN/iFa4JYQKBgQDVg5UcDDGK33qFsWPI 14 | ap+YsD2JD++cI6JzaId3PCQvF13PxZgrBgArKbCXYH89Agu3UZhQG+BWEJp0S9OI 15 | E+gLFHaxCYprTilGbhR3EoNoCOyb+aNUydVg1efd1Ygw4Mhvh1H8Wt4MO/49Co6g 16 | rJ26d/AVOahpBFJHowdDfeMI8wKBgQDHHzJ20Ex8mVpxcJpVE+oXwdxS0t3Sq2Ot 17 | 9YBttb+ewQOSydGabs0s55Y2gpCUWFBKwRGikNIiqlcxel5Oc8eIx7vhN4AEsJwr 18 | kHqErtDNG+viUag7UPbu/cZFLFRHE65F3BctS/D9wscT41F5NGiMjxEl+PzpYQwN 19 | 1FvNaGY4FQKBgAxezEPMvQ4TtpCKX4KcEtUQ2O/Y+YPtWJshIkAZPutviiLgitlr 20 | RpU5nB6ZG6YYOT+MvateghfabGhygDXxGU+TBvFo4RkodSG8fPkNHInpgnPi+cCO 21 | 1QsAOafTmElkrJgxmeFqDlVdIHS+6NaMSbMlAcbpCUXUV0QJQQF7CK1bAoGAM+aD 22 | xshAR3HJSywobeiE6bBT9xqTSuf1UVBeKzpmOcDhZ49HHNOokv3B/29EtAXY18M/ 23 | D3pj6zkvBOx6TESNS6+T3v4SViaabhh4dsECF5QhhZn3GY7e7igjV8BYLzaIBBl7 24 | yQi0RdBRB3QGtmrcnVZlB9rAQSxUcf5Z904w5okCgYAnC+GKZulzW1rhF5q/SQA0 25 | /6i9DxL4vkpCknTYbjjPaMLGDyX0+V6NDFjXe4AEAcPl/Y9718RwDCgrDkBDuNH1 26 | 22wVK2da/vKUKPvhOugAnAL9KSCvi4yI6DaJF/KCkBlwKKUswn8oUPuC3RpdJJjR 27 | YjOHn0dQxA0oyu2oVlw6Nw== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /rfcomm_server.c: -------------------------------------------------------------------------------- 1 | #ifdef CLIENT_AUTH 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define BDADDR_DEFAULT (&(bdaddr_t) {{1, 2, 3, 4, 5, 6}}) 9 | 10 | void ba2strmason(bdaddr_t* bdaddr, char* buf) 11 | { 12 | sprintf(buf,"%02x:%02x:%02x:%02x:%02x:%02x", bdaddr->b[0],bdaddr->b[1],bdaddr->b[2],bdaddr->b[3],bdaddr->b[4],bdaddr->b[5]); 13 | } 14 | 15 | int main(int argc, char **argv) 16 | { 17 | struct sockaddr_rc loc_addr = { 0 }, rem_addr = { 0 }; 18 | char buf[1024] = { 0 }; 19 | int sock, client, bytes_read; 20 | socklen_t opt = sizeof(rem_addr); 21 | 22 | // allocate socket 23 | sock = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM); 24 | 25 | // bind socket to port 1 of the first available 26 | // local bluetooth adapter 27 | loc_addr.rc_family = AF_BLUETOOTH; 28 | //loc_addr.rc_bdaddr = *BDADDR_ANY; 29 | loc_addr.rc_bdaddr = *BDADDR_DEFAULT; 30 | loc_addr.rc_channel = (uint8_t) 1; 31 | bind(sock, (struct sockaddr *)&loc_addr, sizeof(loc_addr)); 32 | 33 | ba2strmason( &loc_addr.rc_bdaddr, buf ); 34 | printf("connection at addr= %s\n", buf); 35 | // put socket into listening mode 36 | listen(sock, 1); 37 | 38 | // accept one connection 39 | client = accept(sock, (struct sockaddr *)&rem_addr, &opt); 40 | 41 | ba2strmason( &rem_addr.rc_bdaddr, buf ); 42 | fprintf(stderr, "accepted connection from %s\n", buf); 43 | memset(buf, 0, sizeof(buf)); 44 | 45 | // read data from the client 46 | bytes_read = read(client, buf, sizeof(buf)); 47 | if( bytes_read > 0 ) { 48 | printf("received [%s]\n", buf); 49 | } 50 | 51 | // close connection 52 | printf("closing connection"); 53 | close(client); 54 | close(sock); 55 | return 0; 56 | } 57 | #endif /* CLIENT_AUTH */ 58 | -------------------------------------------------------------------------------- /queue.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef QUEUE_H 28 | #define QUEUE_H 29 | 30 | typedef struct queue { 31 | struct node* head; 32 | struct node* tail; 33 | int item_count; 34 | } queue_t; 35 | 36 | queue_t* queue_create(void); 37 | void queue_free(queue_t* q); 38 | int queue_enc(queue_t* q, void* value); 39 | void* queue_deq(queue_t* q); 40 | void queue_print(queue_t* q); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /test_files/openssl_mod_tests/client_pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE/TCCAuWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx 3 | DTALBgNVBAgMBFV0YWgxDjAMBgNVBAcMBVByb3ZvMRUwEwYDVQQKDAxQaG9lbml4 4 | IFRlYW0xGTAXBgNVBAsMEFB1YmxpYyBSZWxhdGlvbnMxGDAWBgNVBAMMD3Bob2Vu 5 | aXh0ZWFtLm9yZzEmMCQGCSqGSIb3DQEJARYXY29udGFjdEBwaG9lbml4dGVhbS5v 6 | cmcwHhcNMTgwNTEyMjEwODE4WhcNMTkwNTEyMjEwODE4WjBXMQswCQYDVQQGEwJV 7 | UzENMAsGA1UECAwEVXRhaDEOMAwGA1UEBwwFUHJvdm8xFDASBgNVBAoMC1VTIENp 8 | dGl6ZW5zMRMwEQYDVQQDDApTU0EgVGVzdGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC 9 | AQ8AMIIBCgKCAQEAphNN7qdg5mWGy96mr+64QUlOyUbgE1GSafocKcORUumFBnzk 10 | 0Rj2cA1PYciulm6vPJAUe+FBm2fbB0KjxNHLmv4yqcYilixwf3id/PV8JoI3mAsf 11 | uOUtY54Bequ6V8Njk3aQ7fX88rUUfWQPEMYXYpYkDo3j9erMGXuCNo4Pp72MuzNz 12 | L9+p0KPvExgCaQnWwV1vgbSGALECqVK2jKm7KdimNDzQRkhDowJsullrjNMKojdq 13 | LYQLYXZz7Z7dafluyDqiaJvoUBSObgbDQnjynlopNfnQ9YFI0x898VDbeTUs/QOZ 14 | N4bJMTK9SiHvr/wcdj8ynPgQNPsdN0vCRmbj7wIDAQABo4GJMIGGMB0GA1UdDgQW 15 | BBQTHbhssyW9LE91fukrWsuyCCeCHDAfBgNVHSMEGDAWgBQie56kldT+MOEfbyL2 16 | q9GZLup4vTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAsBglghkgBhvhCAQ0EHxYd 17 | T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggIB 18 | AK4WQBFo8j/H8ednRYJYOs3zcee/lqODFdadyyRqqnPVhsvj6yuuswXPWYbEZXOp 19 | nQZLhjhLvgXcF+B1UUs8VH3bndX7JN62epWA7NK0e9iBK8o8DhoLSl2NLGMIJN4k 20 | IRGavXiBpwfMvncYM0A+VMaTAcrGWW5lUgT4LwtynDiU5zqwlAj3dVUtjJPW3YnJ 21 | 7qGAuGu2HNj0vyOfCNkASzABdI/ZVSefZ2xyzGDCuWy3pLGUwrKJme6cC2CLz3tp 22 | s2qOA42HFk2szQb7jQONjpy0/6F+mn2/NXMvib4JQtr4B6QHfsIAFKpf9pd/3ujg 23 | 9OCaVgsMNdjyqd43B2Qo8qxjByU0yhGTRjjScdxg9CZCx/KAO6NSnoDGDH5txeJa 24 | UVsRj7gufSsA+FC0s4ShzRr8GdzGyflyLOk/nW9S4jmIsomNxCxX6oSHsmWbgyKC 25 | LHW07Q/Mcdt2wFxbo1WlO5kyaELRA+sG668IaAlj/kYC6RuKGZ1wPe6yJOqK4h47 26 | 8uQqjHoCTc9eK/VSe7TIOIfQM/sOQ0tpvjLHTw0ccy98zcL6a+qy6TY+tWV3Zida 27 | B+UpXihZ2Yod4KH6o2M4U4TBv2KuI+LdNcsh80+iAoPuoT0Iq7diNEdH+x1206sZ 28 | aZ98Wy8n6CgOKB2bUVZb8ofhatB17lllHDWz0ahnImRA 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /ssa.cfg: -------------------------------------------------------------------------------- 1 | # We must have a default profile 2 | Default = 3 | { 4 | # These are comments 5 | # Protocol sets the Protocol version. 6 | # We don't have SSL ones because they're all vulnerable anyway 7 | MinProtocol: "1.1" 8 | 9 | # CipherSuite is the order of preferred cipher suites to use 10 | # ! means disabled 11 | CipherSuite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" 12 | 13 | # Validation is either "TrustBase" or "Normal" 14 | Validation: "Normal" 15 | 16 | # TrustStoreLocation designates the path to the 17 | # PEM certificate file containing all trusted root 18 | # certificates to be used in the SSA 19 | # Fadora default 20 | TrustStoreLocation: "/etc/pki/tls/certs/ca-bundle.crt" 21 | # Ubuntu default 22 | # TrustStoreLocation: "/etc/ssl/certs/ca-certificates.crt" 23 | 24 | # AppCustomValidation is either On or Off 25 | # Determines whether to honor certificates supplied by apps 26 | # for hard-coded validation 27 | AppCustomValidation: "On" 28 | 29 | # Session caching settings 30 | # Timeout, in seconds 31 | SessionCacheTimeout: 300 32 | # Path to store session data, for cross-machine sharing 33 | SessionCacheLocation: "/ssa/session/" 34 | 35 | # Extensions 36 | # I need your help with this section. You know what functions we should be calling 37 | # in OpenSSL and with what params. Make something smart here that will work 38 | Extensions: ("SNI", "ALPN") 39 | 40 | # Misc 41 | # Seed location and stuff 42 | RandomSeed: ("/dev/random", 512) 43 | } 44 | 45 | # Profiles set specific deviations from default policy 46 | # for a given app path 47 | Profiles = 48 | ( { 49 | Application: "/bin/ncat" 50 | MinProtocol: "1.2" 51 | CipherSuite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS" 52 | }, 53 | { 54 | Application: "/bin/httpd" 55 | AppCustomValidation: "Off" 56 | } 57 | ) 58 | -------------------------------------------------------------------------------- /test_files/certificate_a.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFNzCCAx+gAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx 3 | DTALBgNVBAgMBFV0YWgxDjAMBgNVBAcMBVByb3ZvMR0wGwYDVQQKDBRUcnVzdEJh 4 | c2UgQXNzb2NpYXRlczEZMBcGA1UECwwQUHVibGljIFJlbGF0aW9uczEVMBMGA1UE 5 | AwwMb3dudHJ1c3Qub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QG93bnRydXN0 6 | Lm9yZzAeFw0xODA3MjQwMDEyMDZaFw0xOTA4MDMwMDEyMDZaMFgxCzAJBgNVBAYT 7 | AlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEUMBIGA1UECgwLVVMg 8 | Q2l0aXplbnMxFDASBgNVBAMMC3BheW1vcmUuY29tMIIBIjANBgkqhkiG9w0BAQEF 9 | AAOCAQ8AMIIBCgKCAQEAyP4PVt3f4z2uqi6XSUhUHYxOr/zWUWtsxEdc6UtNc5PV 10 | WsA/R+1Xe9cOzyivRFWCik3OgkHkh4gDyEWhRkFoFOCrfkM+WF1KlElEQNubzcel 11 | u9OSjtIa/iN7JRNaLun5mWE23Ijyd4Kz7VkArcbkz6SsS78j7IAD2LQ4/feJRovj 12 | KD0ui1wVl4CrbtMXgTwGpVSGYmV1WFghFanWDL2JGgfHTKaG56/2LnSvml164VTS 13 | VPt/8zCoGCLSuZSlZUcY5JAsPn+Km9ufCg278O8x8Zs3krVc1CbsqStvYe5CoXQV 14 | T3kd72Ygays8Q+PQ++otvZZh9Ij0RndDibbwlui4OwIDAQABo4HAMIG9MB0GA1Ud 15 | DgQWBBQfqval4ZVPB8DWIw6eZ159pQnznDAfBgNVHSMEGDAWgBRmjXOYjobYayku 16 | bcAlpp7vOjNgMDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAoBglghkgBhvhCAQ0E 17 | GxYZU1NBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTA5BgNVHREEMjAwggtwYXltb3Jl 18 | LmNvbYIPd3d3LnBheW1vcmUuY29tgg0qLnBheW1vcmUuY29tggEqMA0GCSqGSIb3 19 | DQEBCwUAA4ICAQCThlDvK8pJyIVmpeCyRVTYpdYB6l12/j6R0XaiGc88CtPeYPSl 20 | 87AyjCeaV+Lv1OTd/ING3y5HjZ3ABw/0kU7o8SXRO0sbDKP8AXAno1gVxqoLxcC0 21 | 9xpGhzmlH5rR4uA/TrPYLnaljY0TUxnE11xfpo65A3D/iIsgPl56xKXAVOLRwhrn 22 | 7icRFA+odJPd5nowddtrzHdH9ZiRCRRWOCzvN0+MQrlo93q2kJG5gIcqxCPijp4i 23 | E5H3Lbt9DSjClCvD70bpiHj0qrxHChJdFcUwywz3WB/KTeosOroS3pKJ6igclBCK 24 | RUpfZuMNh9Leq+Eu3nRuKt07zwaTeqSmhrU4jT9/s/99VpPsYla0OCwmU8tA28kP 25 | ZL3iVqfRgTXgToGW4wMaO+S4cIcH3iOlltZZP/i8MZNJWJd/FWlHQAGTtdDq6L9R 26 | 7dyiQWeV30gZIqh5oH4B29wGHmeBbV5Tk51MfkLrbNhJO78LBiushXvhh6bBaZik 27 | SmogLF3Uj0QgkGrhWw8MJagNCIoaqX6+WreuGhfVuK4y6eLCNrz43m6dW5rQ5fQA 28 | HirR6C2i62O2Q1TXv8Il2XZv809Rru/TLJSL/bA9kKrjJZ9h5n3ADfA8bk0CGL2R 29 | YlNX4LzPH+XyTZEB8Hht9WHVFfZiy8oJ1VYtdetlDJl4mVqS11v7DMDCZw== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /test_files/manual_tests/keys/certificate_a.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFNzCCAx+gAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx 3 | DTALBgNVBAgMBFV0YWgxDjAMBgNVBAcMBVByb3ZvMR0wGwYDVQQKDBRUcnVzdEJh 4 | c2UgQXNzb2NpYXRlczEZMBcGA1UECwwQUHVibGljIFJlbGF0aW9uczEVMBMGA1UE 5 | AwwMb3dudHJ1c3Qub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QG93bnRydXN0 6 | Lm9yZzAeFw0xODA3MjQwMDEyMDZaFw0xOTA4MDMwMDEyMDZaMFgxCzAJBgNVBAYT 7 | AlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEUMBIGA1UECgwLVVMg 8 | Q2l0aXplbnMxFDASBgNVBAMMC3BheW1vcmUuY29tMIIBIjANBgkqhkiG9w0BAQEF 9 | AAOCAQ8AMIIBCgKCAQEAyP4PVt3f4z2uqi6XSUhUHYxOr/zWUWtsxEdc6UtNc5PV 10 | WsA/R+1Xe9cOzyivRFWCik3OgkHkh4gDyEWhRkFoFOCrfkM+WF1KlElEQNubzcel 11 | u9OSjtIa/iN7JRNaLun5mWE23Ijyd4Kz7VkArcbkz6SsS78j7IAD2LQ4/feJRovj 12 | KD0ui1wVl4CrbtMXgTwGpVSGYmV1WFghFanWDL2JGgfHTKaG56/2LnSvml164VTS 13 | VPt/8zCoGCLSuZSlZUcY5JAsPn+Km9ufCg278O8x8Zs3krVc1CbsqStvYe5CoXQV 14 | T3kd72Ygays8Q+PQ++otvZZh9Ij0RndDibbwlui4OwIDAQABo4HAMIG9MB0GA1Ud 15 | DgQWBBQfqval4ZVPB8DWIw6eZ159pQnznDAfBgNVHSMEGDAWgBRmjXOYjobYayku 16 | bcAlpp7vOjNgMDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAoBglghkgBhvhCAQ0E 17 | GxYZU1NBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTA5BgNVHREEMjAwggtwYXltb3Jl 18 | LmNvbYIPd3d3LnBheW1vcmUuY29tgg0qLnBheW1vcmUuY29tggEqMA0GCSqGSIb3 19 | DQEBCwUAA4ICAQCThlDvK8pJyIVmpeCyRVTYpdYB6l12/j6R0XaiGc88CtPeYPSl 20 | 87AyjCeaV+Lv1OTd/ING3y5HjZ3ABw/0kU7o8SXRO0sbDKP8AXAno1gVxqoLxcC0 21 | 9xpGhzmlH5rR4uA/TrPYLnaljY0TUxnE11xfpo65A3D/iIsgPl56xKXAVOLRwhrn 22 | 7icRFA+odJPd5nowddtrzHdH9ZiRCRRWOCzvN0+MQrlo93q2kJG5gIcqxCPijp4i 23 | E5H3Lbt9DSjClCvD70bpiHj0qrxHChJdFcUwywz3WB/KTeosOroS3pKJ6igclBCK 24 | RUpfZuMNh9Leq+Eu3nRuKt07zwaTeqSmhrU4jT9/s/99VpPsYla0OCwmU8tA28kP 25 | ZL3iVqfRgTXgToGW4wMaO+S4cIcH3iOlltZZP/i8MZNJWJd/FWlHQAGTtdDq6L9R 26 | 7dyiQWeV30gZIqh5oH4B29wGHmeBbV5Tk51MfkLrbNhJO78LBiushXvhh6bBaZik 27 | SmogLF3Uj0QgkGrhWw8MJagNCIoaqX6+WreuGhfVuK4y6eLCNrz43m6dW5rQ5fQA 28 | HirR6C2i62O2Q1TXv8Il2XZv809Rru/TLJSL/bA9kKrjJZ9h5n3ADfA8bk0CGL2R 29 | YlNX4LzPH+XyTZEB8Hht9WHVFfZiy8oJ1VYtdetlDJl4mVqS11v7DMDCZw== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /test_files/webserver-event/www2/post_example.php: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | 20 | POST Example 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 |

Webserver POST Test

30 |
31 |
32 |
33 |
34 |

Member's Area

35 | Incorrect credentials

'; 38 | } 39 | else if ($_SESSION['logged_in']) { 40 | echo "

Welcome, Bob. The member's secret is 42

"; 41 | } 42 | else { 43 | echo "

You haven't tried to log in

"; 44 | } 45 | ?> 46 |
47 |
48 |
49 |
50 |

Debug Information (post variables)

51 |

52 |
53 |
54 |
55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www2/post_example.php: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | 20 | POST Example 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 |

Webserver POST Test

30 |
31 |
32 |
33 |
34 |

Member's Area

35 | Incorrect credentials

'; 38 | } 39 | else if ($_SESSION['logged_in']) { 40 | echo "

Welcome, Bob. The member's secret is 42

"; 41 | } 42 | else { 43 | echo "

You haven't tried to log in

"; 44 | } 45 | ?> 46 |
47 |
48 |
49 |
50 |

Debug Information (post variables)

51 |

52 |
53 |
54 |
55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /hashmap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef HASHMAP_H 28 | #define HASHMAP_H 29 | 30 | typedef struct hmap { 31 | struct hnode** buckets; 32 | int num_buckets; 33 | int item_count; 34 | } hmap_t; 35 | 36 | hmap_t* hashmap_create(int num_buckets); 37 | void hashmap_free(hmap_t* map); 38 | void hashmap_deep_free(hmap_t* map, void (*free_func)(void*)); 39 | int hashmap_add(hmap_t* map, unsigned long key, void* value); 40 | int hashmap_del(hmap_t* map, unsigned long key); 41 | void* hashmap_get(hmap_t* map, unsigned long key); 42 | void hashmap_print(hmap_t* map); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /extras/dynamicSSA/hashmap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef HASHMAP_H 28 | #define HASHMAP_H 29 | 30 | typedef struct hmap { 31 | struct hnode** buckets; 32 | int num_buckets; 33 | int item_count; 34 | } hmap_t; 35 | 36 | hmap_t* hashmap_create(int num_buckets); 37 | void hashmap_free(hmap_t* map); 38 | void hashmap_deep_free(hmap_t* map, void (*free_func)(void*)); 39 | int hashmap_add(hmap_t* map, unsigned long key, void* value); 40 | int hashmap_del(hmap_t* map, unsigned long key); 41 | void* hashmap_get(hmap_t* map, unsigned long key); 42 | void hashmap_print(hmap_t* map); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /hashmap_str.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef HASHMAP_STR_H 28 | #define HASHMAP_STR_H 29 | 30 | typedef struct hsmap { 31 | struct hsnode** buckets; 32 | int num_buckets; 33 | int item_count; 34 | } hsmap_t; 35 | 36 | hsmap_t* str_hashmap_create(int num_buckets); 37 | void str_hashmap_free(hsmap_t* map); 38 | void str_hashmap_deep_free(hsmap_t* map, void (*free_func)(void*)); 39 | int str_hashmap_add(hsmap_t* map, char* key, void* value); 40 | int str_hashmap_del(hsmap_t* map, char* key); 41 | void* str_hashmap_get(hsmap_t* map, char* key); 42 | void str_hashmap_print(hsmap_t* map); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /auth_daemon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifndef AUTH_DAEMON_H 29 | #define AUTH_DAEMON_H 30 | 31 | #define AUTH_REQ_HEADER_SIZE 5 32 | 33 | #define CERTIFICATE_REQUEST 0 34 | #define CERTIFICATE_RESPONSE 1 35 | #define SIGNATURE_REQUEST 2 36 | #define SIGNATURE_RESPONSE 3 37 | #define FAILURE_RESPONSE 4 38 | #define POPUP_EXE "./qrdisplay/bin/qrPopUp" 39 | #define QRIMG_PATH "./qrdisplay/qrCode.png" 40 | 41 | #define CONNECTED 0x0 42 | #define AVAILABLE 0x1 43 | 44 | #include 45 | #include 46 | 47 | void auth_server_create(int port, X509* cert, EVP_PKEY *pkey); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /docs/install-documentation.md: -------------------------------------------------------------------------------- 1 | # Install Documentation 2 | The SSA has two components - a kernel module and a userspace daemon. 3 | Both need to be installed and running to provide TLS as an operating system service. 4 | 5 | ## Compatibility 6 | The SSA is actively developed on Fedora, but may work for other distributions with a few minor changes. We are in process of working out the bugs for running on Ubuntu, and Ubuntu specific documentation will be added as it becomes available. 7 | 8 | ## Installing the kernel module 9 | 10 | ### Prerequisites 11 | 12 | Before building the SSA kernel module, you will need to install the relevant kernel headers and development packages for your Linux distribution 13 | 14 | For example, on Fedora, run 15 | ``` 16 | sudo dnf install kernel-devel-`uname -r` kernel-headers-`uname -r` 17 | sudo dnf install elfutils-libelf-devel 18 | ``` 19 | 20 | ### Build and Installation 21 | To install the SSA module type these commands into the terminal while in the ssa project folder as root user 22 | ``` 23 | make 24 | insmod ssa.ko 25 | ``` 26 | 27 | ### Removal 28 | To remove the SSA kernel module, shut down the encryption daemon (if running), and then run the following command as a privileged user: 29 | ``` 30 | rmmod ssa 31 | ``` 32 | 33 | ## Installing the daemon 34 | 35 | ### Prerequisites 36 | The install_packages.sh script currently installs dependencies for Fedora and Ubuntu systems. You may need to modify this script or install some packages manually if you are using a different Linux distribution. 37 | 38 | ### Building and Running 39 | Note: You must have the SSA kernel module installed before you build and run the SSA userspace daemon. 40 | To install and run the SSA userspace daemon you need to run these commands as root: 41 | 42 | ``` 43 | ./install_packages.sh 44 | make 45 | ./tls_wrapper 46 | ``` 47 | 48 | If you want to also have support for the AF_HOSTNAME address type, run `make hostname-support` instead of `make`. 49 | This feature will be included by default soon. 50 | 51 | To build the daemon with compiler optimizations and without debug logging, run `make release` or `make hostname-support-release` instead of `make`. -------------------------------------------------------------------------------- /netlink.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef NETLINK_H 28 | #define NETLINK_H 29 | 30 | #include 31 | 32 | #include 33 | #include 34 | 35 | #include "daemon.h" 36 | 37 | int netlink_disconnect(struct nl_sock* sock); 38 | void netlink_recv(evutil_socket_t fd, short events, void *arg); 39 | void netlink_notify_kernel(tls_daemon_ctx_t* ctx, unsigned long id, int response); 40 | void netlink_send_and_notify_kernel(tls_daemon_ctx_t* ctx, unsigned long id, char* data, unsigned int len); 41 | void netlink_handshake_notify_kernel(tls_daemon_ctx_t* ctx, unsigned long id, int response); 42 | struct nl_sock* netlink_connect(tls_daemon_ctx_t* ctx); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /examples/example_server/https_server.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "../../in_tls.h" 11 | 12 | #define CERT_FILE_A "../certificate_a.pem" 13 | #define KEY_FILE_A "../key_a.pem" 14 | #define CERT_FILE_B "../certificate_b.pem" 15 | #define KEY_FILE_B "../key_b.pem" 16 | #define BUFFER_SIZE 2048 17 | 18 | void handle_req(char* req, char* resp); 19 | 20 | int main() { 21 | char servername[255]; 22 | int servername_len = sizeof(servername); 23 | char request[BUFFER_SIZE]; 24 | char response[BUFFER_SIZE]; 25 | memset(request, 0, BUFFER_SIZE); 26 | 27 | struct sockaddr_in addr; 28 | addr.sin_family = AF_INET; 29 | addr.sin_addr.s_addr = inet_addr("0.0.0.0"); 30 | addr.sin_port = htons(443); 31 | 32 | int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS); 33 | bind(fd, (struct sockaddr*)&addr, sizeof(addr)); 34 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_A, sizeof(CERT_FILE_A)) == -1) { 35 | perror("cert a"); 36 | } 37 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_A, sizeof(KEY_FILE_A)) == -1) { 38 | perror("key a"); 39 | } 40 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_B, sizeof(CERT_FILE_B)) == -1) { 41 | perror("cert b"); 42 | } 43 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_B, sizeof(KEY_FILE_B)) == -1) { 44 | perror("key b"); 45 | } 46 | listen(fd, SOMAXCONN); 47 | 48 | while (1) { 49 | struct sockaddr_storage addr; 50 | socklen_t addr_len = sizeof(addr); 51 | int c_fd = accept(fd, (struct sockaddr*)&addr, &addr_len); 52 | if (getsockopt(c_fd, IPPROTO_TLS, TLS_HOSTNAME, servername, &servername_len) == -1) { 53 | perror("getsockopt: TLS_HOSTNAME"); 54 | exit(EXIT_FAILURE); 55 | } 56 | printf("Client requested host %d %s\n", servername_len, servername); 57 | recv(c_fd, request, BUFFER_SIZE, 0); 58 | handle_req(request, response); 59 | send(c_fd, response, BUFFER_SIZE, 0); 60 | close(c_fd); 61 | } 62 | return 0; 63 | } 64 | 65 | void handle_req(char* req, char* resp) { 66 | memcpy(resp, req, BUFFER_SIZE); 67 | return; 68 | } 69 | -------------------------------------------------------------------------------- /test_files/https_server/https_server.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "../../in_tls.h" 11 | 12 | #define CERT_FILE_A "../certificate_a.pem" 13 | #define KEY_FILE_A "../key_a.pem" 14 | #define CERT_FILE_B "../certificate_b.pem" 15 | #define KEY_FILE_B "../key_b.pem" 16 | #define BUFFER_SIZE 2048 17 | 18 | void handle_req(char* req, char* resp); 19 | 20 | int main() { 21 | char servername[255]; 22 | int servername_len = sizeof(servername); 23 | char request[BUFFER_SIZE]; 24 | char response[BUFFER_SIZE]; 25 | memset(request, 0, BUFFER_SIZE); 26 | 27 | struct sockaddr_in addr; 28 | addr.sin_family = AF_INET; 29 | addr.sin_addr.s_addr = inet_addr("0.0.0.0"); 30 | addr.sin_port = htons(443); 31 | 32 | int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS); 33 | bind(fd, (struct sockaddr*)&addr, sizeof(addr)); 34 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_A, sizeof(CERT_FILE_A)) == -1) { 35 | perror("cert a"); 36 | } 37 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_A, sizeof(KEY_FILE_A)) == -1) { 38 | perror("key a"); 39 | } 40 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_B, sizeof(CERT_FILE_B)) == -1) { 41 | perror("cert b"); 42 | } 43 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_B, sizeof(KEY_FILE_B)) == -1) { 44 | perror("key b"); 45 | } 46 | listen(fd, SOMAXCONN); 47 | 48 | while (1) { 49 | struct sockaddr_storage addr; 50 | socklen_t addr_len = sizeof(addr); 51 | int c_fd = accept(fd, (struct sockaddr*)&addr, &addr_len); 52 | if (getsockopt(c_fd, IPPROTO_TLS, TLS_HOSTNAME, servername, &servername_len) == -1) { 53 | perror("getsockopt: TLS_HOSTNAME"); 54 | exit(EXIT_FAILURE); 55 | } 56 | printf("Client requested host %d %s\n", servername_len, servername); 57 | recv(c_fd, request, BUFFER_SIZE, 0); 58 | handle_req(request, response); 59 | send(c_fd, response, BUFFER_SIZE, 0); 60 | close(c_fd); 61 | } 62 | return 0; 63 | } 64 | 65 | void handle_req(char* req, char* resp) { 66 | memcpy(resp, req, BUFFER_SIZE); 67 | return; 68 | } 69 | -------------------------------------------------------------------------------- /extras/addons.c: -------------------------------------------------------------------------------- 1 | #define _GNU_SOURCE 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../in_tls.h" 10 | 11 | #define PORT_LENGTH 32 12 | char* custom_itoa(int num, char* buf, int len); 13 | 14 | /* This POC is IPv4 only but can easily be extended to do IPv6 */ 15 | int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { 16 | typeof(connect) *real_connect; 17 | struct addrinfo hints; 18 | struct addrinfo* addr_ptr; 19 | struct addrinfo* addr_list; 20 | struct sockaddr_host* host_addr; 21 | char* hostname; 22 | char service[PORT_LENGTH]; 23 | int ret; 24 | int type; 25 | int type_len; 26 | 27 | //printf("Connect overriden\n"); 28 | 29 | /* Determine location of original connect call */ 30 | real_connect = dlsym(RTLD_NEXT, "connect"); 31 | if (addr->sa_family != AF_HOSTNAME) { 32 | return (*real_connect)(sockfd, addr, addrlen); 33 | } 34 | 35 | /* Determine socket type */ 36 | type_len = sizeof(type); 37 | if (getsockopt(sockfd, SOL_SOCKET, SO_TYPE, &type, &type_len) == -1) { 38 | errno = EPROTOTYPE; 39 | return -1; 40 | } 41 | 42 | 43 | /* Set hostname (only works on TLS sockets, so we check retval) */ 44 | host_addr = (struct sockaddr_host*)addr; 45 | hostname = host_addr->sin_addr.name; 46 | setsockopt(sockfd, IPPROTO_TLS, TLS_REMOTE_HOSTNAME, hostname, strlen(hostname)+1); 47 | 48 | /* Resolve hostname */ 49 | memset(&hints, 0, sizeof(hints)); 50 | hints.ai_socktype = type; 51 | hints.ai_family = AF_INET; /* Set AF_UNSPEC for IPv6 and IPv4 */ 52 | custom_itoa(ntohs(host_addr->sin_port), service, PORT_LENGTH); 53 | ret = getaddrinfo(hostname, service, &hints, &addr_list); 54 | if (ret != 0) { 55 | errno = EHOSTUNREACH; 56 | return -1; 57 | } 58 | for (addr_ptr = addr_list; addr_ptr != NULL; addr_ptr = addr_ptr->ai_next) { 59 | if ((*real_connect)(sockfd, addr_ptr->ai_addr, addr_ptr->ai_addrlen) == 0) { 60 | return 0; /* Success */ 61 | } 62 | } 63 | freeaddrinfo(addr_list); 64 | return -1; 65 | } 66 | 67 | 68 | char* custom_itoa(int num, char* buf, int len) { 69 | if (buf == NULL) { 70 | return NULL; 71 | } 72 | snprintf(buf, len, "%d", num); 73 | return buf; 74 | } 75 | 76 | -------------------------------------------------------------------------------- /log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef LOG_H 28 | #define LOG_H 29 | 30 | #include 31 | #include 32 | 33 | typedef enum log_level { 34 | LOG_DEBUG, 35 | LOG_INFO, 36 | LOG_WARNING, 37 | LOG_ERROR, 38 | } log_level_t; 39 | 40 | #ifndef NO_LOG 41 | int log_init(const char* log_filename, log_level_t level); 42 | void log_printf(log_level_t level, const char* format, ...); 43 | void log_printf_addr(struct sockaddr *addr); 44 | void log_close(void); 45 | #else 46 | #define noop 47 | #define log_init(X, Y) ((int)0) 48 | #define log_printf(...) noop 49 | #define log_printf_addr(...) noop 50 | #define log_close() noop 51 | #endif 52 | 53 | int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval* y); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /test_files/certificate_visa_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGBzCCA++gAwIBAgIJAO1dqd3FgA95MA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD 3 | VQQGEwJVUzENMAsGA1UECAwEVXRhaDEOMAwGA1UEBwwFUHJvdm8xDTALBgNVBAoM 4 | BFZpc2ExGTAXBgNVBAsMEFB1YmxpYyBSZWxhdGlvbnMxETAPBgNVBAMMCHZpc2Eu 5 | Y29tMSYwJAYJKoZIhvcNAQkBFhdjb250YWN0QHBob2VuaXh0ZWFtLm9yZzAeFw0x 6 | ODA2MjUyMDE5MzNaFw0xOTA2MjUyMDE5MzNaMIGRMQswCQYDVQQGEwJVUzENMAsG 7 | A1UECAwEVXRhaDEOMAwGA1UEBwwFUHJvdm8xDTALBgNVBAoMBFZpc2ExGTAXBgNV 8 | BAsMEFB1YmxpYyBSZWxhdGlvbnMxETAPBgNVBAMMCHZpc2EuY29tMSYwJAYJKoZI 9 | hvcNAQkBFhdjb250YWN0QHBob2VuaXh0ZWFtLm9yZzCCAiIwDQYJKoZIhvcNAQEB 10 | BQADggIPADCCAgoCggIBAN4+TPs5qxj5NU5aXxD0REcBCDCMzLrmbemRqjkLvhn4 11 | 7sZdcpfab0aIVp4J9ew4RspR8YBRtgjydW9PiEl7aNdpLNDziR9jV0KGzs410ale 12 | Gi3Hg8PXpOP2kYJ2wKa5IuDC+MGQLVXOH1bqJY+b4EP6txxz8NmqJpfdHE0X8QCV 13 | /Z0Rk4qOy4RGpH8OLjMgfOoKa6r4qkyFAC6/XlRlMnFe0Ay9kZUNBUdMa2d7U6FG 14 | yRCAZu251oP4di0/iCKTQ+mW0wh4tn05ED9rtLzcGeRy3VuqEeQOtxa8k5ZJo8Ie 15 | yYN9pKFn4OAbJcx4A37RO30ToF4cUNpH4SsgOgjlDc2ysE2i0fKplT5renq9G24b 16 | 4dkCMn36haQkHIm/SrKuyyyrBygGfFlgCvnSyo0wGLc6vxmcRkSykIUTudJkZ/61 17 | gedkwMKiPX6C+3Q944InC1qh0cgzSzeEPhnFf+CwkUEftEmwzR2L9GP1aBJTcT02 18 | hoWyMzTWjFWac8s5cZAWBAnU0H3e+uXIFFqLFKZU4bU4sPsYW4cKtgS9Sqr9Sqvo 19 | Pvw3w+4GvLPIsuTQOdOHMYAAUma4Fzf5r2mb5+htJAFmK4O9669IR07z53txQ0Xu 20 | 5fIUuDk47+wt5pbygYh/pu8THvLWsyGTdSUG+U+TSJmT+MnCsm2GKki+54fpy9Xr 21 | AgMBAAGjYDBeMB0GA1UdDgQWBBQxozwRbSiXoW+Ka5BOlPrmXyHQ1DAfBgNVHSME 22 | GDAWgBQxozwRbSiXoW+Ka5BOlPrmXyHQ1DAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud 23 | DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAF+PfqZqpHypDPMtKtVhcqRf9tN5g 24 | /nw2eKUZwyCo4RQXgwr+S3vLM/2duyu6AcqYzzQHr0c11bvdCC7N0hxclGXHlIj+ 25 | 8W/7fu5WF58++k6EefS0Zk9fKddfOPGPWdhDpAaVEC3/zmVNWeU07ODPNk2gZn4T 26 | /OY5PGm7L4AIgUSvoIoN4aVnZ9xpplfKyEo2LM+kWhJijfm3OX8OPAe1h1CldbCA 27 | 25mFA/qbFhSSWws9n9fsArGZKlDoQMeIQqz5D8oL4kdJdWiARL3YfH5CBAw4yNCa 28 | Fo0dr66HRlZjAcDWBwvtAuFcpkCArojqKjKoFWY3uTZ8hycNFN4E6rXYqSM2EKiT 29 | 4iD/EDR86swly++jOIvw/ksAWSQ7JjlfU58bhqjqXfprY5PuV2N79wFcZlz6C26y 30 | qrLa0CBdUTU+uJK5XZzBW+q4nWUJ9EpcfTr19Py8pu0anWJbjNHouoP9oGWmtu5o 31 | aI0vuVbH+LL3X6jaahGDmFadm3fIICjJIh+Gok4AwRlc+y1KxhuA+FiorfPbi1k0 32 | Anma5FL/QCZxhIrdlZzWgzhnipAXf97wcByWkpu013c8u05DGo7rWP5mRk1OqXa9 33 | NThIUMzGAoCWBngjhq1XoM5SmnjPW8la3vMOZLeKEm029QdxleXeRSrabgSs1og3 34 | X2W+N6uNgzJfyJU= 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /extras/sslsplit/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGKTCCBBGgAwIBAgIJAPx8V34iN2ykMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD 3 | VQQGEwJVUzENMAsGA1UECAwEVXRhaDEOMAwGA1UEBwwFUHJvdm8xHTAbBgNVBAoM 4 | FFRydXN0QmFzZSBBc3NvY2lhdGVzMRkwFwYDVQQLDBBQdWJsaWMgUmVsYXRpb25z 5 | MRUwEwYDVQQDDAxvd250cnVzdC5vcmcxIzAhBgkqhkiG9w0BCQEWFGNvbnRhY3RA 6 | b3dudHJ1c3Qub3JnMB4XDTE4MDYxOTE3MzkyNFoXDTIxMDQwODE3MzkyNFowgaIx 7 | CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEdMBsG 8 | A1UECgwUVHJ1c3RCYXNlIEFzc29jaWF0ZXMxGTAXBgNVBAsMEFB1YmxpYyBSZWxh 9 | dGlvbnMxFTATBgNVBAMMDG93bnRydXN0Lm9yZzEjMCEGCSqGSIb3DQEJARYUY29u 10 | dGFjdEBvd250cnVzdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC 11 | AQDAWp8XMUsnT18bXDDdWgUryJ+LBib98RJnd8GSt+LUAkgDLo8FKPBfbTNHp+Bl 12 | 8cmSYtxKKJHTmNW9UgXQPBn/FUqb3cbwny2k+Mxi5zAsKFfiQVa+6g05sLQZmqiz 13 | LY/U7QNUdlcC8ZE/ytFiSgEvlVLsrprmhNNF7Zno6K03XvIibKm5sH/7R32VXwb3 14 | NGh4PqOmbhcGo4LLjvakDygSm/iGCBjf/NrmJnFcV9FhdMYPnGhJQXCMpPnhZIGY 15 | ledoMKCCNQPDloHgEbALo8QDPVP/gp3mKzwT9QroFfoRfclkkOaGOk/9BLhft1ht 16 | JYLK/fkUtKPL+omB24oJgfTQO/63LlF5ArUka4quFpqdcgjhQL+2RZ8wernkcax8 17 | oMm0xO7OZ/SvhoTwaFYD4ZYKZMXGSB1xfz8bY1ZhljFfp8eMNndZ5jPlPx3Ptal+ 18 | tX65jWHtSQ059dTE9bDm3GFdp2DoB8bIN+1K83jc26UW3CaFdgtAqsxEi/6dAoEo 19 | 4GbCUvrJh/peEU8ezkQoD9w/Qu5yjhvbPPfCJCrxtDHyC26Jyv95UEMbdQP9crq2 20 | xzX9GfygY8SBC5DPpyNVXiyDl2XHRjHCWtI8Lyta1b0RJXLpm1Icj6NoJzgLRvq0 21 | QKaqr1ZGU6Y0euvrg4wFLCNAEcK202kwxtP9jWnX6QZ7XwIDAQABo2AwXjAdBgNV 22 | HQ4EFgQUZo1zmI6G2GspLm3AJaae7zozYDAwHwYDVR0jBBgwFoAUZo1zmI6G2Gsp 23 | Lm3AJaae7zozYDAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZI 24 | hvcNAQELBQADggIBAAzDTrVFKI25C+WuX1QQPxYYHiYvirXCz+3MDXGOy481RYpj 25 | +hL0o7vkIMFPQXNHUvX2PG51KUoL0eC6qNnwwiSrfpj6rzXzRSQ54Efg/5qSy+Nq 26 | vEdhAKCyKMiPar3CdyV222PQR21siMUmhE0Ie6mjQWAlBoo4jQWb9SYKkLap7R3A 27 | JgmMdlA3Ig54ITQwZ3SWCaShWEIvtkx0AjN4EFLV2b8JQRO16rJfIAmtS7f+czCo 28 | 9prSaKr/Ly2U8eGv7GivEFxskvzD43mlEBU+TQVG8CuohyKP9MfRgfLNyJ0K7NyD 29 | JvID0uN1ve7XSvS/KIdbyGjI3yCulbqJOQv7hldZ27mpE/cvl1hx1Mr9a2b5CAhq 30 | GQgOZ+UN3DlHQ1JA2rvW9wbq4OPSCyh1OSdTv/r5nBhi7Wz/FwCBjIkaEUASCR/R 31 | p6xapdQNE50kEGGEvCjwfh9qY6KYkiPkP1fzH8zceVb+/xR2ZlS4LIeJBDbR0VCn 32 | ldeZWs7woHjEhgdP82MigGlc1g8+187DzoYDzSY2Q48n7Iy8UywsHVm/FpWBuU38 33 | vGf4qa+fm1UAbBvi8LR6HACzHHF8qyR5HFFrF9m87v9LlqDFETQj7dccMqXERTlm 34 | uv9oOvcKPqxhmE1TCF9w89EIfbZ8xDnWJpeHBTZD+yDzrlTzXzsxHnj/rbnI 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /test_files/certificate_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGKTCCBBGgAwIBAgIJAPx8V34iN2ykMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD 3 | VQQGEwJVUzENMAsGA1UECAwEVXRhaDEOMAwGA1UEBwwFUHJvdm8xHTAbBgNVBAoM 4 | FFRydXN0QmFzZSBBc3NvY2lhdGVzMRkwFwYDVQQLDBBQdWJsaWMgUmVsYXRpb25z 5 | MRUwEwYDVQQDDAxvd250cnVzdC5vcmcxIzAhBgkqhkiG9w0BCQEWFGNvbnRhY3RA 6 | b3dudHJ1c3Qub3JnMB4XDTE4MDYxOTE3MzkyNFoXDTIxMDQwODE3MzkyNFowgaIx 7 | CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEdMBsG 8 | A1UECgwUVHJ1c3RCYXNlIEFzc29jaWF0ZXMxGTAXBgNVBAsMEFB1YmxpYyBSZWxh 9 | dGlvbnMxFTATBgNVBAMMDG93bnRydXN0Lm9yZzEjMCEGCSqGSIb3DQEJARYUY29u 10 | dGFjdEBvd250cnVzdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC 11 | AQDAWp8XMUsnT18bXDDdWgUryJ+LBib98RJnd8GSt+LUAkgDLo8FKPBfbTNHp+Bl 12 | 8cmSYtxKKJHTmNW9UgXQPBn/FUqb3cbwny2k+Mxi5zAsKFfiQVa+6g05sLQZmqiz 13 | LY/U7QNUdlcC8ZE/ytFiSgEvlVLsrprmhNNF7Zno6K03XvIibKm5sH/7R32VXwb3 14 | NGh4PqOmbhcGo4LLjvakDygSm/iGCBjf/NrmJnFcV9FhdMYPnGhJQXCMpPnhZIGY 15 | ledoMKCCNQPDloHgEbALo8QDPVP/gp3mKzwT9QroFfoRfclkkOaGOk/9BLhft1ht 16 | JYLK/fkUtKPL+omB24oJgfTQO/63LlF5ArUka4quFpqdcgjhQL+2RZ8wernkcax8 17 | oMm0xO7OZ/SvhoTwaFYD4ZYKZMXGSB1xfz8bY1ZhljFfp8eMNndZ5jPlPx3Ptal+ 18 | tX65jWHtSQ059dTE9bDm3GFdp2DoB8bIN+1K83jc26UW3CaFdgtAqsxEi/6dAoEo 19 | 4GbCUvrJh/peEU8ezkQoD9w/Qu5yjhvbPPfCJCrxtDHyC26Jyv95UEMbdQP9crq2 20 | xzX9GfygY8SBC5DPpyNVXiyDl2XHRjHCWtI8Lyta1b0RJXLpm1Icj6NoJzgLRvq0 21 | QKaqr1ZGU6Y0euvrg4wFLCNAEcK202kwxtP9jWnX6QZ7XwIDAQABo2AwXjAdBgNV 22 | HQ4EFgQUZo1zmI6G2GspLm3AJaae7zozYDAwHwYDVR0jBBgwFoAUZo1zmI6G2Gsp 23 | Lm3AJaae7zozYDAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZI 24 | hvcNAQELBQADggIBAAzDTrVFKI25C+WuX1QQPxYYHiYvirXCz+3MDXGOy481RYpj 25 | +hL0o7vkIMFPQXNHUvX2PG51KUoL0eC6qNnwwiSrfpj6rzXzRSQ54Efg/5qSy+Nq 26 | vEdhAKCyKMiPar3CdyV222PQR21siMUmhE0Ie6mjQWAlBoo4jQWb9SYKkLap7R3A 27 | JgmMdlA3Ig54ITQwZ3SWCaShWEIvtkx0AjN4EFLV2b8JQRO16rJfIAmtS7f+czCo 28 | 9prSaKr/Ly2U8eGv7GivEFxskvzD43mlEBU+TQVG8CuohyKP9MfRgfLNyJ0K7NyD 29 | JvID0uN1ve7XSvS/KIdbyGjI3yCulbqJOQv7hldZ27mpE/cvl1hx1Mr9a2b5CAhq 30 | GQgOZ+UN3DlHQ1JA2rvW9wbq4OPSCyh1OSdTv/r5nBhi7Wz/FwCBjIkaEUASCR/R 31 | p6xapdQNE50kEGGEvCjwfh9qY6KYkiPkP1fzH8zceVb+/xR2ZlS4LIeJBDbR0VCn 32 | ldeZWs7woHjEhgdP82MigGlc1g8+187DzoYDzSY2Q48n7Iy8UywsHVm/FpWBuU38 33 | vGf4qa+fm1UAbBvi8LR6HACzHHF8qyR5HFFrF9m87v9LlqDFETQj7dccMqXERTlm 34 | uv9oOvcKPqxhmE1TCF9w89EIfbZ8xDnWJpeHBTZD+yDzrlTzXzsxHnj/rbnI 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /rfcomm_client.c: -------------------------------------------------------------------------------- 1 | #ifdef CLIENT_AUTH 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}}) 10 | #define BDADDR_DEFAULT (&(bdaddr_t) {{1, 2, 3, 4, 5, 6}}) 11 | #define BDADDR_DEST_DEFAULT "01:02:03:04:05:06"; 12 | #define BDADDR_DESTINATION "00:1A:7D:DA:71:13"; 13 | 14 | bdaddr_t* str2bamason(char* addr) 15 | { 16 | 17 | bdaddr_t* bdaddr; 18 | char* token; 19 | int count = 0; 20 | const char* delim = ":"; 21 | bdaddr = (bdaddr_t*) malloc(sizeof(bdaddr_t)); 22 | token = strtok(addr,delim); 23 | while( token != NULL || count < 6) 24 | { 25 | bdaddr->b[count++] = strtol(token,NULL,16); 26 | token = strtok(NULL,delim); 27 | } 28 | printf("%d:%d:%d:%d:%d:%d", bdaddr->b[0],bdaddr->b[1],bdaddr->b[2],bdaddr->b[3],bdaddr->b[4],bdaddr->b[5]); 29 | return bdaddr; 30 | 31 | //sprintf(buf,"%d:%d:%d:%d:%d:%d", bdaddr->b[0],bdaddr->b[1],bdaddr->b[2],bdaddr->b[3],bdaddr->b[4],bdaddr->b[5]); 32 | } 33 | 34 | 35 | int main(int argc, char **argv) 36 | { 37 | struct sockaddr_rc addr = { 0 }; 38 | bdaddr_t* bdaddrPoint; 39 | int s, status; 40 | //char dest[18] = "01:23:45:67:89:AB"; 41 | //char dest[18] = BDADDR_DESTINATION; 42 | char dest[18] = BDADDR_DEST_DEFAULT; 43 | 44 | // allocate a socket 45 | s = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM); 46 | 47 | // set the connection parameters (who to connect to) 48 | addr.rc_family = AF_BLUETOOTH; 49 | addr.rc_channel = (uint8_t) 1; 50 | //addr.rc_bdaddr = *str2bamason(dest); 51 | addr.rc_bdaddr = *BDADDR_DEFAULT; 52 | printf("bdaddr from string = %02x:%02x:%02x:%02x:%02x:%02x\n",addr.rc_bdaddr.b[0],addr.rc_bdaddr.b[1],addr.rc_bdaddr.b[2],addr.rc_bdaddr.b[3],addr.rc_bdaddr.b[4],addr.rc_bdaddr.b[5]); 53 | //bdaddrPoint = strtoba( dest); 54 | //addr.rc_bdaddr = *bdaddrPoint; 55 | //addr.rc_bdaddr = *strtoba(dest); 56 | 57 | //strtoba( dest, &addr.rc_bdaddr ); 58 | 59 | // connect to server 60 | status = connect(s, (struct sockaddr *)&addr, sizeof(addr)); 61 | printf("After Connect\n"); 62 | 63 | // send a message 64 | if( status == 0 ) { 65 | status = write(s, "hello!", 6); 66 | } 67 | 68 | if( status < 0 ) perror("uh oh"); 69 | 70 | close(s); 71 | return 0; 72 | } 73 | #endif /* CLIENT_AUTH */ 74 | -------------------------------------------------------------------------------- /test_files/manual_tests/echo_server.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "../../in_tls.h" 11 | 12 | #define CERT_FILE_A "keys/certificate_a.pem" 13 | #define KEY_FILE_A "keys/key_a.pem" 14 | #define CERT_FILE_B "keys/certificate_b.pem" 15 | #define KEY_FILE_B "keys/key_b.pem" 16 | #define BUFFER_SIZE 2048 17 | 18 | void handle_req(char* req, char* resp); 19 | 20 | int main(int argc, char* argv[]) { 21 | 22 | if (argc < 2) { 23 | printf("USAGE: %s \n", argv[0]); 24 | exit(1); 25 | } 26 | int port = atoi(argv[1]); 27 | 28 | char servername[255]; 29 | int servername_len = sizeof(servername); 30 | char request[BUFFER_SIZE]; 31 | char response[BUFFER_SIZE]; 32 | memset(request, 0, BUFFER_SIZE); 33 | 34 | struct sockaddr_in addr; 35 | addr.sin_family = AF_INET; 36 | addr.sin_addr.s_addr = inet_addr("0.0.0.0"); 37 | addr.sin_port = htons(port); 38 | 39 | int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS); 40 | bind(fd, (struct sockaddr*)&addr, sizeof(addr)); 41 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_A, sizeof(CERT_FILE_A)) == -1) { 42 | perror("cert a"); 43 | } 44 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_A, sizeof(KEY_FILE_A)) == -1) { 45 | perror("key a"); 46 | } 47 | if (setsockopt(fd, IPPROTO_TLS, TLS_CERTIFICATE_CHAIN, CERT_FILE_B, sizeof(CERT_FILE_B)) == -1) { 48 | perror("cert b"); 49 | } 50 | if (setsockopt(fd, IPPROTO_TLS, TLS_PRIVATE_KEY, KEY_FILE_B, sizeof(KEY_FILE_B)) == -1) { 51 | perror("key b"); 52 | } 53 | listen(fd, SOMAXCONN); 54 | 55 | while (1) { 56 | struct sockaddr_storage addr; 57 | socklen_t addr_len = sizeof(addr); 58 | int c_fd = accept(fd, (struct sockaddr*)&addr, &addr_len); 59 | if (getsockopt(c_fd, IPPROTO_TLS, TLS_HOSTNAME, servername, &servername_len) == -1) { 60 | perror("getsockopt: TLS_HOSTNAME"); 61 | exit(EXIT_FAILURE); 62 | } 63 | printf("Client requested host %d %s\n", servername_len, servername); 64 | recv(c_fd, request, BUFFER_SIZE, 0); 65 | handle_req(request, response); 66 | send(c_fd, response, BUFFER_SIZE, 0); 67 | close(c_fd); 68 | } 69 | return 0; 70 | } 71 | 72 | void handle_req(char* req, char* resp) { 73 | memcpy(resp, req, BUFFER_SIZE); 74 | printf("Echo client data: %s\n", req); 75 | memcpy(resp, req, BUFFER_SIZE); 76 | return; 77 | } 78 | -------------------------------------------------------------------------------- /test_files/webserver-event/www2/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Webserver Lab Testing #2 5 | 6 | 7 | 8 | 9 | 10 | 19 | 20 | 21 |
22 |

Webserver Lab Testing #2

23 |

This page should present two forms and an AJAX-powered button. Use these for testing extra credit for POST and CGI functionality.

24 |

Remember to use the php-cgi binary and make sure PHP is configured to alllow your CGI (by setting cgi.force_redirect = 0 in your php.ini file)

25 |

You may also modify this page and create your own custom CGI scripts in the language of your choice if you don't want to use PHP

26 |
27 |
28 |
29 |
30 |

GET form

31 |
32 | 33 | 34 | 39 | 40 |
41 |

POST form (also uses cookies)

42 |

The correct username is "bob" and the password is "pass"

43 |
44 | 45 | 46 | 47 |
48 |

AJAX Button

49 |
50 | 51 |
52 |
53 |
54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www2/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Webserver Lab Testing #2 5 | 6 | 7 | 8 | 9 | 10 | 19 | 20 | 21 |
22 |

Webserver Lab Testing #2

23 |

This page should present two forms and an AJAX-powered button. Use these for testing extra credit for POST and CGI functionality.

24 |

Remember to use the php-cgi binary and make sure PHP is configured to alllow your CGI (by setting cgi.force_redirect = 0 in your php.ini file)

25 |

You may also modify this page and create your own custom CGI scripts in the language of your choice if you don't want to use PHP

26 |
27 |
28 |
29 |
30 |

GET form

31 |
32 | 33 | 34 | 39 | 40 |
41 |

POST form (also uses cookies)

42 |

The correct username is "bob" and the password is "pass"

43 |
44 | 45 | 46 | 47 |
48 |

AJAX Button

49 |
50 | 51 |
52 |
53 |
54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /test_files/cert_gen/csr_client/openssl_hostname_validation.h: -------------------------------------------------------------------------------- 1 | /* Obtained from: https://github.com/iSECPartners/ssl-conservatory */ 2 | 3 | /* 4 | Copyright (C) 2012, iSEC Partners. 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | */ 24 | 25 | /* 26 | * Helper functions to perform basic hostname validation using OpenSSL. 27 | * 28 | * Please read "everything-you-wanted-to-know-about-openssl.pdf" before 29 | * attempting to use this code. This whitepaper describes how the code works, 30 | * how it should be used, and what its limitations are. 31 | * 32 | * Note from Mark O'Neill: Wildcard matching has been added and revocation checking 33 | * can be handled by plugins. 34 | * 35 | * Author: Alban Diquet 36 | * License: See LICENSE 37 | * 38 | */ 39 | 40 | typedef enum { 41 | MatchFound, 42 | MatchNotFound, 43 | NoSANPresent, 44 | MalformedCertificate, 45 | Error 46 | } HostnameValidationResult; 47 | 48 | /** 49 | * Validates the server's identity by looking for the expected hostname in the 50 | * server's certificate. As described in RFC 6125, it first tries to find a match 51 | * in the Subject Alternative Name extension. If the extension is not present in 52 | * the certificate, it checks the Common Name instead. 53 | * 54 | * Returns MatchFound if a match was found. 55 | * Returns MatchNotFound if no matches were found. 56 | * Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. 57 | * Returns Error if there was an error. 58 | */ 59 | HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert); 60 | -------------------------------------------------------------------------------- /test_files/https_client/graph.py: -------------------------------------------------------------------------------- 1 | import prettyplotlib as ppl 2 | from cycler import cycler 3 | import numpy as np 4 | import csv 5 | # prettyplotlib imports 6 | import matplotlib.pyplot as plt 7 | import matplotlib as mpl 8 | from prettyplotlib import brewer2mpl 9 | import pandas as pd 10 | 11 | 12 | def getopts(argv): 13 | opts = {} # Empty dictionary to store key-value pairs. 14 | while argv: # While there are arguments left to parse... 15 | if argv[0][0] == '-': # Found a "-name value" pair. 16 | opts[argv[0]] = argv[1] # Add key and value to the dictionary. 17 | argv = argv[1:] # Reduce the argument list by copying it starting from index 1. 18 | return opts 19 | 20 | if __name__ == '__main__': 21 | from sys import argv 22 | myargs = getopts(argv) 23 | fname = 'stats.csv' 24 | tGraph = 'ThreadsElapsedTime.png' 25 | bGraph = 'BytesDownloaded.png' 26 | bytes_downloaded = 0 27 | if '-f' in myargs: 28 | fname = myargs['-f'] 29 | if '-o' in myargs: #outputfilename for the png 30 | tGraph = myargs['-o'] 31 | bGraph = myargs['-o'] 32 | if '-b' in myargs: 33 | bytes_downloaded = 1 34 | mpl.rcParams['pdf.fonttype']=42#('font',**{'family':'serif','serif':['Computer Modern Roman'],'monospace':['Computer Modern Typewriter']}) 35 | fig, ax = plt.subplots(1) 36 | df = pd.read_csv(open(fname,'rb'),sep=',').groupby('target') 37 | plt.rc('lines', linewidth=4) 38 | plt.rc('axes', prop_cycle=(cycler('color', ['r', 'g']))) 39 | for name,target in df: 40 | split = target.groupby('ssl'); 41 | if name == "www.phoenixteam.net": 42 | name = "(remote)" 43 | else: 44 | name = "(local)" 45 | for name2,t in split: 46 | if bytes_downloaded == 0: 47 | data = t.groupby("numThreads")["timeElapsed"].mean() 48 | else: 49 | data = t.groupby("amountDownloaded")["timeElapsed"].mean() 50 | params = '-' 51 | if name2 == 0: 52 | name2 = "SSA " 53 | else: 54 | name2 = "OpenSSL " 55 | params = '--' 56 | ppl.plot(data,params ,label=name2+name) 57 | ppl.legend(ax, loc ="upper left") 58 | if bytes_downloaded == 0: 59 | plt.ylabel('Time Elapsed') 60 | plt.xlabel('Number of Processes') 61 | #plt.title('Time Elapsed Workload') 62 | fig.savefig(tGraph) 63 | else: 64 | plt.ylabel('Time Elapsed') 65 | plt.xlabel('Number of Bytes Downloaded') 66 | #plt.title('Time Elapsed Workload') 67 | fig.savefig(bGraph) 68 | -------------------------------------------------------------------------------- /test_files/simple_test/https_client.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../../in_tls.h" 10 | 11 | int connect_to_host(char* host, char* service); 12 | void print_identity(int fd); 13 | 14 | int main(int argc, char* argv[]) { 15 | int sock_fd; 16 | char http_request[2048]; 17 | char http_response[2048]; 18 | 19 | if (argc < 3) { 20 | printf("USAGE: %s \n", argv[0]); 21 | return 0; 22 | } 23 | 24 | sock_fd = connect_to_host(argv[1], argv[2]); 25 | sprintf(http_request,"GET / HTTP/1.1\r\nhost: %s\r\n\r\n", argv[1]); 26 | 27 | memset(http_response, 0, 2048); 28 | send(sock_fd, http_request, strlen(http_request), 0); 29 | recv(sock_fd, http_response, 750, 0); 30 | printf("Received:\n%s\n", http_response); 31 | close(sock_fd); 32 | return 0; 33 | } 34 | 35 | int connect_to_host(char* host, char* service) { 36 | int sock; 37 | int ret; 38 | struct addrinfo hints; 39 | struct addrinfo* addr_ptr; 40 | struct addrinfo* addr_list; 41 | 42 | memset(&hints, 0, sizeof(hints)); 43 | hints.ai_socktype = SOCK_STREAM; 44 | hints.ai_family = AF_INET; 45 | ret = getaddrinfo(host, service, &hints, &addr_list); 46 | if (ret != 0) { 47 | fprintf(stderr, "Failed in getaddrinfo: %s\n", gai_strerror(ret)); 48 | exit(EXIT_FAILURE); 49 | } 50 | 51 | for (addr_ptr = addr_list; addr_ptr != NULL; addr_ptr = addr_ptr->ai_next) { 52 | sock = socket(addr_ptr->ai_family, addr_ptr->ai_socktype, IPPROTO_TLS); 53 | if (sock == -1) { 54 | perror("socket"); 55 | continue; 56 | } 57 | if (setsockopt(sock, IPPROTO_TLS, TLS_REMOTE_HOSTNAME, host, strlen(host)+1) == -1) { 58 | perror("setsockopt: TLS_REMOTE_HOSTNAME"); 59 | close(sock); 60 | continue; 61 | } 62 | 63 | if (connect(sock, addr_ptr->ai_addr, addr_ptr->ai_addrlen) == -1) { 64 | perror("connect"); 65 | close(sock); 66 | continue; 67 | } 68 | 69 | print_identity(sock); 70 | break; 71 | } 72 | freeaddrinfo(addr_list); 73 | if (addr_ptr == NULL) { 74 | fprintf(stderr, "failed to find a suitable address for connection\n"); 75 | exit(EXIT_FAILURE); 76 | } 77 | return sock; 78 | } 79 | 80 | void print_identity(int fd) { 81 | char data[4096]; 82 | socklen_t data_len = sizeof(data); 83 | if (getsockopt(fd, IPPROTO_TLS, TLS_PEER_CERTIFICATE_CHAIN, data, &data_len) == -1) { 84 | perror("TLS_PEER_CERTIFICATE_CHAIN"); 85 | } 86 | printf("Peer certificate:\n%s\n", data); 87 | if (getsockopt(fd, IPPROTO_TLS, TLS_PEER_IDENTITY, data, &data_len) == -1) { 88 | perror("TLS_PEER_IDENTITY"); 89 | } 90 | printf("Peer identity:\n%s\n", data); 91 | return; 92 | } 93 | 94 | -------------------------------------------------------------------------------- /notification.c: -------------------------------------------------------------------------------- 1 | #ifdef CLIENT_AUTH 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "log.h" 10 | 11 | #define NOTIFICATION_TITLE "No authentication device" 12 | #define NOTIFICATION_TEXT_1 "To use Securely, open the app and connect to " 13 | #define NOTIFICATION_TEXT_2 "To use Securely, open the app and connect to your computer" 14 | #define NOTIFICATION_MAX_LEN 256 15 | #define NOTIFICATION_LEN_1 strlen(NOTIFICATION_TEXT_1) 16 | 17 | #define D_BUSS_ADDRESS "DBUS_SESSION_BUS_ADDRESS" 18 | 19 | int dispatch_notification(); 20 | 21 | int connect_phone_alert() { 22 | struct passwd *data; 23 | char buf[50]; 24 | char cmd_buf[256]; 25 | size_t bufsize = 50; 26 | FILE* cmd_out; 27 | int pid, err; 28 | uid_t saved_uid; 29 | 30 | saved_uid = geteuid(); 31 | 32 | getlogin_r(buf, bufsize); 33 | data = getpwnam(buf); 34 | 35 | snprintf(cmd_buf, 256, "pgrep -u %s dbus-daemon", buf); 36 | cmd_out = popen(cmd_buf, "r"); fgets(buf, 50, cmd_out); 37 | pclose(cmd_out); 38 | 39 | pid = strtoul(buf, NULL, 10); 40 | 41 | snprintf(cmd_buf, 256, 42 | "grep -z DBUS_SESSION_BUS_ADDRESS /proc/%d/environ | sed -e s/DBUS_SESSION_BUS_ADDRESS=//", pid); 43 | cmd_out = popen(cmd_buf, "r"); 44 | fgets(cmd_buf, 256, cmd_out); 45 | pclose(cmd_out); 46 | 47 | if ((err = setenv(D_BUSS_ADDRESS, cmd_buf, TRUE)) < 0) { 48 | log_printf(LOG_ERROR, "setenv error %d\n", err); 49 | return -1; 50 | } 51 | if ((err = seteuid(data->pw_uid)) < 0) { 52 | log_printf(LOG_ERROR, "setuid failed with err %d\n", err); 53 | } 54 | dispatch_notification(); 55 | if ((err = seteuid(saved_uid)) < 0) { 56 | log_printf(LOG_ERROR, "setuid(%d) failed\n", err); 57 | return -1; 58 | } 59 | 60 | return 0; 61 | } 62 | 63 | int dispatch_notification() { 64 | GError *err; 65 | char note_text[NOTIFICATION_MAX_LEN]; 66 | NotifyNotification * message; 67 | 68 | strcpy(note_text, NOTIFICATION_TEXT_1); 69 | if (gethostname(¬e_text[NOTIFICATION_LEN_1], 70 | NOTIFICATION_MAX_LEN - NOTIFICATION_LEN_1) < 0) { 71 | log_printf(LOG_ERROR, "Failed to get hostname: %s\n", strerror(errno)); 72 | strcpy(note_text, NOTIFICATION_TEXT_2); 73 | } 74 | 75 | err = NULL; 76 | notify_init (NOTIFICATION_TITLE); 77 | message = notify_notification_new ( 78 | NOTIFICATION_TITLE, 79 | note_text, 80 | "dialog-information"); 81 | notify_notification_show (message, &err); 82 | if (err != NULL) { 83 | log_printf(LOG_ERROR, "%s\n", err->message); 84 | } 85 | g_object_unref(G_OBJECT(message)); 86 | notify_uninit(); 87 | return 0; 88 | } 89 | 90 | #if _DEBUG 91 | int main(){ 92 | connect_phone_alert(); 93 | } 94 | #endif //DEBUG 95 | 96 | #endif //CLIENT_AUTH 97 | 98 | -------------------------------------------------------------------------------- /openssl_compat.h: -------------------------------------------------------------------------------- 1 | /* Validation code Obtained from: https://github.com/iSECPartners/ssl-conservatory */ 2 | 3 | /* 4 | Copyright (C) 2012, iSEC Partners. 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | */ 24 | 25 | /* 26 | * Helper functions to perform basic hostname validation using OpenSSL. 27 | * 28 | * Please read "everything-you-wanted-to-know-about-openssl.pdf" before 29 | * attempting to use this code. This whitepaper describes how the code works, 30 | * how it should be used, and what its limitations are. 31 | * 32 | * Note from Mark O'Neill: Wildcard matching has been added and revocation checking 33 | * can be handled by plugins. 34 | * 35 | * Author: Alban Diquet 36 | * License: See LICENSE 37 | * 38 | */ 39 | #include 40 | #include 41 | #include 42 | 43 | typedef enum { 44 | MatchFound, 45 | MatchNotFound, 46 | NoSANPresent, 47 | MalformedCertificate, 48 | Error 49 | } HostnameValidationResult; 50 | 51 | /** 52 | * Validates the server's identity by looking for the expected hostname in the 53 | * server's certificate. As described in RFC 6125, it first tries to find a match 54 | * in the Subject Alternative Name extension. If the extension is not present in 55 | * the certificate, it checks the Common Name instead. 56 | * 57 | * Returns MatchFound if a match was found. 58 | * Returns MatchNotFound if no matches were found. 59 | * Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. 60 | * Returns Error if there was an error. 61 | */ 62 | HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert); 63 | int compat_SSL_use_certificate_chain_file(SSL *ssl, const char *file); 64 | -------------------------------------------------------------------------------- /qrdisplay/insecure.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | 8 | 9 | 10 | 12 | 15 | 18 | 21 | 23 | 25 | 28 | 30 | 31 | 34 | 35 | -------------------------------------------------------------------------------- /test_files/webserver-event/config.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "config.h" 6 | 7 | #define CONFIG_LINE_MAX 2048 8 | 9 | char default_mime[] = "text/plain"; 10 | 11 | config_t parse_config(char* config_path) { 12 | // XXX better error handling in this function 13 | config_t cfg = { 14 | .hosts = NULL, .host_count = 0, 15 | .mimes = NULL, .mime_count = 0, 16 | }; 17 | char buffer[CONFIG_LINE_MAX]; 18 | FILE* config_file = fopen(config_path, "r"); 19 | if (config_file == NULL) { 20 | perror("Configuration file error"); 21 | exit(EXIT_FAILURE); 22 | } 23 | while (fgets(buffer, CONFIG_LINE_MAX, config_file) != NULL) { 24 | if (strncmp(buffer, "host", strlen("host")) == 0) { 25 | cfg.host_count++; 26 | } 27 | else if (strncmp(buffer, "media", strlen("media")) == 0) { 28 | cfg.mime_count++; 29 | } 30 | } 31 | if (cfg.host_count == 0) { 32 | fprintf(stderr, "No hosts found in config file. Aborting\n"); 33 | fclose(config_file); 34 | exit(EXIT_FAILURE); 35 | } 36 | 37 | fseek(config_file, 0, SEEK_SET); 38 | cfg.hosts = (host_path_t*)malloc(sizeof(host_path_t) * cfg.host_count); 39 | if (cfg.mime_count) { 40 | cfg.mimes = (extension_mime_t*)malloc(sizeof(extension_mime_t) * cfg.mime_count); 41 | } 42 | int host_i = 0; 43 | int mime_i = 0; 44 | while (fgets(buffer, CONFIG_LINE_MAX, config_file) != NULL) { 45 | if (strncmp(buffer, "host", strlen("host")) == 0) { 46 | sscanf(buffer, "%*s %s %s[^\n]", cfg.hosts[host_i].host, cfg.hosts[host_i].path); 47 | host_i++; 48 | } 49 | else if (strncmp(buffer, "media", strlen("media")) == 0) { 50 | sscanf(buffer, "%*s %s %s[^\n]", cfg.mimes[mime_i].extension, cfg.mimes[mime_i].mime_type); 51 | mime_i++; 52 | } 53 | } 54 | fclose(config_file); 55 | return cfg; 56 | } 57 | 58 | void free_config(config_t* config) { 59 | if (config->host_count) free(config->hosts); 60 | if (config->mime_count) free(config->mimes); 61 | return; 62 | } 63 | 64 | char* get_host_path(config_t* config, char* host) { 65 | int i; 66 | for (i = 0; i < config->host_count; i++) { 67 | if (strcmp(config->hosts[i].host, host) == 0) { 68 | return config->hosts[i].path; 69 | } 70 | } 71 | return NULL; 72 | } 73 | 74 | char* get_mime_type(config_t* config, char* path) { 75 | char* type = default_mime; 76 | char* extension = strrchr(path, '.') + 1; 77 | if (extension == NULL) { 78 | return type; 79 | } 80 | int i; 81 | for(i = 0; i < config->mime_count; i++) { 82 | if (strcmp(config->mimes[i].extension, extension) == 0) { 83 | type = config->mimes[i].mime_type; 84 | return type; 85 | } 86 | } 87 | return type; 88 | } 89 | 90 | void print_config(config_t* config) { 91 | int i; 92 | printf("Config:\n"); 93 | for (i = 0; i < config->host_count; i++) { 94 | printf("\tHost: %s --> %s\n", config->hosts[i].host, config->hosts[i].path); 95 | } 96 | printf("\n"); 97 | for (i = 0; i < config->mime_count; i++) { 98 | printf("\tMedia: %s --> %s\n", config->mimes[i].extension, config->mimes[i].mime_type); 99 | } 100 | return; 101 | } 102 | 103 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/config.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "config.h" 6 | 7 | #define CONFIG_LINE_MAX 2048 8 | 9 | char default_mime[] = "text/plain"; 10 | 11 | config_t parse_config(char* config_path) { 12 | // XXX better error handling in this function 13 | config_t cfg = { 14 | .hosts = NULL, .host_count = 0, 15 | .mimes = NULL, .mime_count = 0, 16 | }; 17 | char buffer[CONFIG_LINE_MAX]; 18 | FILE* config_file = fopen(config_path, "r"); 19 | if (config_file == NULL) { 20 | perror("Configuration file error"); 21 | exit(EXIT_FAILURE); 22 | } 23 | while (fgets(buffer, CONFIG_LINE_MAX, config_file) != NULL) { 24 | if (strncmp(buffer, "host", strlen("host")) == 0) { 25 | cfg.host_count++; 26 | } 27 | else if (strncmp(buffer, "media", strlen("media")) == 0) { 28 | cfg.mime_count++; 29 | } 30 | } 31 | if (cfg.host_count == 0) { 32 | fprintf(stderr, "No hosts found in config file. Aborting\n"); 33 | fclose(config_file); 34 | exit(EXIT_FAILURE); 35 | } 36 | 37 | fseek(config_file, 0, SEEK_SET); 38 | cfg.hosts = (host_path_t*)malloc(sizeof(host_path_t) * cfg.host_count); 39 | if (cfg.mime_count) { 40 | cfg.mimes = (extension_mime_t*)malloc(sizeof(extension_mime_t) * cfg.mime_count); 41 | } 42 | int host_i = 0; 43 | int mime_i = 0; 44 | while (fgets(buffer, CONFIG_LINE_MAX, config_file) != NULL) { 45 | if (strncmp(buffer, "host", strlen("host")) == 0) { 46 | sscanf(buffer, "%*s %s %s[^\n]", cfg.hosts[host_i].host, cfg.hosts[host_i].path); 47 | host_i++; 48 | } 49 | else if (strncmp(buffer, "media", strlen("media")) == 0) { 50 | sscanf(buffer, "%*s %s %s[^\n]", cfg.mimes[mime_i].extension, cfg.mimes[mime_i].mime_type); 51 | mime_i++; 52 | } 53 | } 54 | fclose(config_file); 55 | return cfg; 56 | } 57 | 58 | void free_config(config_t* config) { 59 | if (config->host_count) free(config->hosts); 60 | if (config->mime_count) free(config->mimes); 61 | return; 62 | } 63 | 64 | char* get_host_path(config_t* config, char* host) { 65 | int i; 66 | for (i = 0; i < config->host_count; i++) { 67 | if (strcmp(config->hosts[i].host, host) == 0) { 68 | return config->hosts[i].path; 69 | } 70 | } 71 | return NULL; 72 | } 73 | 74 | char* get_mime_type(config_t* config, char* path) { 75 | char* type = default_mime; 76 | char* extension = strrchr(path, '.') + 1; 77 | if (extension == NULL) { 78 | return type; 79 | } 80 | int i; 81 | for(i = 0; i < config->mime_count; i++) { 82 | if (strcmp(config->mimes[i].extension, extension) == 0) { 83 | type = config->mimes[i].mime_type; 84 | return type; 85 | } 86 | } 87 | return type; 88 | } 89 | 90 | void print_config(config_t* config) { 91 | int i; 92 | printf("Config:\n"); 93 | for (i = 0; i < config->host_count; i++) { 94 | printf("\tHost: %s --> %s\n", config->hosts[i].host, config->hosts[i].path); 95 | } 96 | printf("\n"); 97 | for (i = 0; i < config->mime_count; i++) { 98 | printf("\tMedia: %s --> %s\n", config->mimes[i].extension, config->mimes[i].mime_type); 99 | } 100 | return; 101 | } 102 | 103 | -------------------------------------------------------------------------------- /qrdisplay/secured.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | 8 | 9 | 12 | 13 | 14 | 17 | 20 | 23 | 25 | 27 | 30 | 33 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /test_files/cert_gen/openssl-ca.cnf: -------------------------------------------------------------------------------- 1 | HOME = . 2 | RANDFILE = $ENV::HOME/.rnd 3 | 4 | #################################################################### 5 | [ ca ] 6 | default_ca = CA_default # The default ca section 7 | 8 | [ CA_default ] 9 | 10 | default_days = 375 # how long to certify for 11 | default_crl_days= 30 # how long before next CRL 12 | default_md = sha256 # use public key default MD 13 | preserve = no # keep passed DN ordering 14 | 15 | base_dir = signed_certs 16 | certificate = ca.crt # The CA certifcate 17 | private_key = ca.key # The CA private key 18 | new_certs_dir = $base_dir # Location for new certs after signing 19 | database = $base_dir/index.txt # Database index file 20 | serial = $base_dir/serial.txt # The current serial number 21 | 22 | unique_subject = no # Set to 'no' to allow creation of 23 | # several certificates with same subject. 24 | 25 | 26 | x509_extensions = ca_extensions # The extensions to add to the cert 27 | 28 | email_in_dn = no # Don't concat the email in the DN 29 | copy_extensions = copy # Required to copy SANs from CSR to cert 30 | 31 | #################################################################### 32 | [ req ] 33 | default_bits = 2048 34 | default_keyfile = ca.key 35 | distinguished_name = ca_distinguished_name 36 | x509_extensions = ca_extensions 37 | string_mask = utf8only 38 | 39 | #################################################################### 40 | [ ca_distinguished_name ] 41 | countryName = Country Name (2 letter code) 42 | countryName_default = US 43 | 44 | stateOrProvinceName = State or Province Name (full name) 45 | stateOrProvinceName_default = Utah 46 | 47 | localityName = Locality Name (eg, city) 48 | localityName_default = Provo 49 | 50 | organizationName = Organization Name (eg, company) 51 | organizationName_default = TrustBase Associates 52 | 53 | organizationalUnitName = Organizational Unit (eg, division) 54 | organizationalUnitName_default = Public Relations 55 | 56 | commonName = Common Name (e.g. server FQDN or YOUR name) 57 | commonName_default = owntrust.org 58 | 59 | emailAddress = Email Address 60 | emailAddress_default = contact@owntrust.org 61 | 62 | #################################################################### 63 | [ ca_extensions ] 64 | 65 | subjectKeyIdentifier=hash 66 | authorityKeyIdentifier=keyid:always, issuer 67 | basicConstraints = critical, CA:true 68 | keyUsage = keyCertSign, cRLSign 69 | 70 | #################################################################### 71 | [ signing_policy ] 72 | countryName = optional 73 | stateOrProvinceName = optional 74 | localityName = optional 75 | organizationName = optional 76 | organizationalUnitName = optional 77 | commonName = supplied 78 | emailAddress = optional 79 | 80 | #################################################################### 81 | [ signing_req ] 82 | subjectKeyIdentifier=hash 83 | authorityKeyIdentifier=keyid,issuer 84 | 85 | basicConstraints = CA:FALSE 86 | keyUsage = digitalSignature, keyEncipherment 87 | -------------------------------------------------------------------------------- /daemon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef DAEMON_H 28 | #define DAEMON_H 29 | 30 | #include 31 | 32 | #include 33 | #include 34 | 35 | #include 36 | #include 37 | #include 38 | 39 | #include "hashmap.h" 40 | #include "queue.h" 41 | 42 | 43 | #define MAX_HOSTNAME 255 44 | 45 | typedef struct tls_daemon_ctx { 46 | struct event_base* ev_base; 47 | struct nl_sock* netlink_sock; 48 | int netlink_family; 49 | int port; /* Port to use for both listening and netlink */ 50 | hmap_t* sock_map; 51 | hmap_t* sock_map_port; 52 | } tls_daemon_ctx_t; 53 | 54 | int server_create(int port); 55 | void socket_cb(tls_daemon_ctx_t* ctx, unsigned long id, char* comm); 56 | void setsockopt_cb(tls_daemon_ctx_t* ctx, unsigned long id, int level, 57 | int option, void* value, socklen_t len); 58 | void getsockopt_cb(tls_daemon_ctx_t* ctx, unsigned long id, int level, int option); 59 | void bind_cb(tls_daemon_ctx_t* ctx, unsigned long id, struct sockaddr* int_addr, 60 | int int_addrlen, struct sockaddr* ext_addr, int ext_addrlen); 61 | void connect_cb(tls_daemon_ctx_t* ctx, unsigned long id, struct sockaddr* int_addr, 62 | int int_addrlen, struct sockaddr* rem_addr, int rem_addrlen, int blocking); 63 | void listen_cb(tls_daemon_ctx_t* ctx, unsigned long id, struct sockaddr* int_addr, 64 | int int_addrlen, struct sockaddr* ext_addr, int ext_addrlen); 65 | void associate_cb(tls_daemon_ctx_t* ctx, unsigned long id, struct sockaddr* int_addr, 66 | int int_addrlen); 67 | void close_cb(tls_daemon_ctx_t* ctx, unsigned long id); 68 | void upgrade_cb(tls_daemon_ctx_t* ctx, unsigned long id, struct sockaddr* int_addr, 69 | int int_addrlen); 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /queue.c: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS Wrapping Daemon - transparent TLS wrapping of plaintext connections 3 | * Copyright (C) 2017, Mark O'Neill 4 | * All rights reserved. 5 | * https://owntrust.org 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions, and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #include 28 | #include 29 | 30 | #include "queue.h" 31 | 32 | typedef struct node { 33 | void* value; 34 | struct node* next; 35 | } node_t; 36 | 37 | queue_t* queue_create(void) { 38 | queue_t* q; 39 | q = (queue_t*)malloc(sizeof(queue_t)); 40 | if (q == NULL) { 41 | return NULL; 42 | } 43 | q->item_count = 0; 44 | q->head = NULL; 45 | q->tail = NULL; 46 | return q; 47 | } 48 | 49 | void queue_free(queue_t* q) { 50 | node_t* cur; 51 | node_t* tmp; 52 | if (q == NULL) { 53 | return; 54 | } 55 | cur = q->head; 56 | while (cur != NULL) { 57 | tmp = cur; 58 | cur = cur->next; 59 | free(tmp); 60 | } 61 | free(q); 62 | return; 63 | } 64 | 65 | int queue_enc(queue_t* q, void* value) { 66 | node_t* new_node; 67 | new_node = (node_t*)calloc(1, sizeof(node_t)); 68 | if (new_node == NULL) { 69 | return 1; 70 | } 71 | new_node->value = value; 72 | 73 | if (q->head == NULL) { 74 | q->head = new_node; 75 | q->tail = new_node; 76 | q->item_count++; 77 | return 0; 78 | } 79 | 80 | q->tail->next = new_node; 81 | q->tail = new_node; 82 | q->item_count++; 83 | return 0; 84 | } 85 | 86 | void* queue_deq(queue_t* q) { 87 | node_t* node; 88 | void* value; 89 | if (q->head == NULL) { 90 | return NULL; 91 | } 92 | node = q->head; 93 | value = node->value; 94 | q->head = node->next; 95 | 96 | if (q->head == NULL) { 97 | q->tail = NULL; 98 | } 99 | 100 | free(node); 101 | q->item_count--; 102 | return value; 103 | } 104 | 105 | void queue_print(queue_t* q) { 106 | node_t* cur; 107 | printf("Queue contains:\n"); 108 | cur = q->head; 109 | while (cur != NULL) { 110 | printf("\tNode with value %p\n", cur->value); 111 | cur = cur->next; 112 | } 113 | return; 114 | } 115 | 116 | -------------------------------------------------------------------------------- /test_files/webserver-event/www/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Webserver Testing 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 |

Webserver Testing

15 |

This page should load external styles and javascript and 3 local images of different types

16 |
17 | 18 |
19 |
20 |
21 |

JPEG Image

22 | BYU Logo 23 |
24 |
25 |

PNG Image

26 | Beehive 27 |
28 |
29 |

GIF Image

30 | Y Mountain 31 |
32 |
33 |
34 | 35 |
36 |
37 |
38 |

Files

39 |
40 | 41 |
42 |
myfile.txt
43 |
44 |

A simple text file that should be served using the text/plain MIME type.

45 | 46 | 47 |
48 |
largefile.txt
49 |
50 |

A rather large text file containing a dictionary for simple password cracking.

51 | 52 | 53 |
54 |
I Have a Dream, by Martin Lurther King, Jr.
55 |
56 |

PDF of MLK's famous speech. Should be served using the application/pdf MIME type.

57 | 58 | 59 |
60 |
test.txt
61 |
62 |

This file should not be able to be served and instead trigger an error 403. Use "chmod 0 test.txt" before testing to make the file unreadable.

63 | 64 | 65 |
66 |
not-here
67 |
68 |

This file does not exist and should trigger an error 404.

69 | 70 |
71 |
72 |
73 |
74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /test_files/webserver-eventSSL/www/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Webserver Lab Testing 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 |

Webserver Lab Testing

15 |

This page should load external styles and javascript and 3 local images of different types

16 |
17 | 18 |
19 |
20 |
21 |

JPEG Image

22 | BYU Logo 23 |
24 |
25 |

PNG Image

26 | Beehive 27 |
28 |
29 |

GIF Image

30 | Y Mountain 31 |
32 |
33 |
34 | 35 |
36 |
37 |
38 |

Files

39 |
40 | 41 |
42 |
myfile.txt
43 |
44 |

A simple text file that should be served using the text/plain MIME type.

45 | 46 | 47 |
48 |
largefile.txt
49 |
50 |

A rather large text file containing a dictionary for simple password cracking.

51 | 52 | 53 |
54 |
I Have a Dream, by Martin Lurther King, Jr.
55 |
56 |

PDF of MLK's famous speech. Should be served using the application/pdf MIME type.

57 | 58 | 59 |
60 |
test.txt
61 |
62 |

This file should not be able to be served and instead trigger an error 403. Use "chmod 0 test.txt" before testing to make the file unreadable.

63 | 64 | 65 |
66 |
not-here
67 |
68 |

This file does not exist and should trigger an error 404.

69 | 70 |
71 |
72 |
73 |
74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /extras/sslsplit/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDAWp8XMUsnT18b 3 | XDDdWgUryJ+LBib98RJnd8GSt+LUAkgDLo8FKPBfbTNHp+Bl8cmSYtxKKJHTmNW9 4 | UgXQPBn/FUqb3cbwny2k+Mxi5zAsKFfiQVa+6g05sLQZmqizLY/U7QNUdlcC8ZE/ 5 | ytFiSgEvlVLsrprmhNNF7Zno6K03XvIibKm5sH/7R32VXwb3NGh4PqOmbhcGo4LL 6 | jvakDygSm/iGCBjf/NrmJnFcV9FhdMYPnGhJQXCMpPnhZIGYledoMKCCNQPDloHg 7 | EbALo8QDPVP/gp3mKzwT9QroFfoRfclkkOaGOk/9BLhft1htJYLK/fkUtKPL+omB 8 | 24oJgfTQO/63LlF5ArUka4quFpqdcgjhQL+2RZ8wernkcax8oMm0xO7OZ/SvhoTw 9 | aFYD4ZYKZMXGSB1xfz8bY1ZhljFfp8eMNndZ5jPlPx3Ptal+tX65jWHtSQ059dTE 10 | 9bDm3GFdp2DoB8bIN+1K83jc26UW3CaFdgtAqsxEi/6dAoEo4GbCUvrJh/peEU8e 11 | zkQoD9w/Qu5yjhvbPPfCJCrxtDHyC26Jyv95UEMbdQP9crq2xzX9GfygY8SBC5DP 12 | pyNVXiyDl2XHRjHCWtI8Lyta1b0RJXLpm1Icj6NoJzgLRvq0QKaqr1ZGU6Y0euvr 13 | g4wFLCNAEcK202kwxtP9jWnX6QZ7XwIDAQABAoICAFuTiURAapg3eH8NIBJyBh43 14 | MIW+kxe5CtsJr7XLKAlpYKFrLBn3yKCV26EUsoe2WhIAUQJZWDvV+oRcpXni8zl3 15 | CIM2Tb1G+zMcZCn+CPgs6NJF6yePRGaf0s6RzBkp6t0jTb+La5dyLIWjaJYTx4bA 16 | 367g3cw7ll4nZWv2QmknIb3z38YQ2o1mFsrjZ+yPHeGJaN4WcY3ukJma4Z9vu9NI 17 | QESHXFhfCFQkHzoocP2l25mZDCk8J3o+HN0KvYxIadg3tmLnHHikkgZ8RUT1XZ9x 18 | NiliJQxsrviNY/jkZZ6oNRZUyftDjctW0PR41Hd6MU+1JD2QVp8JEygovgoSvdsG 19 | IUg0D6puBqwJvyrPiHiSlg4yNMhGwSKgoMXoV+A/e7pIhUzfvwlrOLBZ830fWHHq 20 | Uhvo3l13txusn3SqYDylEkeABYckKTNRah04YplKktJqBTqYHLtEf1X4o5NlZcSk 21 | y9nHy8a71h7O1elh/OfI/HjadPb7CaFCb5NpHDuFwXpPrrnvADLQ8/ceImAcBvjb 22 | 662gaDGMPA55O/tzAIsyltAXwmse8exrlBZN0lqJXlQLDcpW4p3A78REflat8uGo 23 | AnvJXMf/5pXe7ZwdwdtUi3ShqRccKkzvTBtAvlGLsP2rbtdSDdOKYsV/Dok/g9lB 24 | HPiJFpDwy8G5fsbCOXYBAoIBAQDkqM3v+xPxNPOGLjs/C6WeikzNX1GuP36cGD28 25 | Um5ICS5wqLinExskAhL0B0sa43uEyDc55EWWqsAmegtAJOOh37mJkL/Ho00w0FhT 26 | K3haD1JNKGi5CDvzc0RPr6Qah/eVXYt+D42dzSSILCumv5Y1TkXNGLmMFRKgBqcf 27 | DZCCBF5i3S8KA32SqPvU4CzvR4PbLl31DQFP3iUd4zrYlDcIjMJ68Jq1Lt/K8G2Z 28 | udy6Z54wr5VsgUdTBBF7aJgnx7Y+LV9jX3M9gwiibSG1VxGLeAJ2HX5J1T37g/1A 29 | k4Irj9oJfvZiS+0k8tY5fv8sQB0ZH1TnCxKhkWn7qt0oG/BfAoIBAQDXWoT+X5i8 30 | p0Uu4hwHX8XXdeBV2O9SreaDlkRD9lqXb/q++Sclule1LKCRqFnjZLmATAMIEUKi 31 | pQzTd9d5UGd3pFuctEOLUUgDKkEKMWkToiq7q3hb8MfQdR/uAZ8aa1zouvtL+k67 32 | VPWiJKispOY4fLdtTKvLs7SbufMLQZsgKJx1v3r807ARgF55nLUYbtF8RkQ8EMeg 33 | NRG6Z+/42aHxve0ItFJXMyd57RUBUyj3eX8J18JfM8MjwBIhCq+XDPjots2tRZvq 34 | JbHgOT8c8944hkLXimK2IoBwoc+UOkvWXeHyylFa2X+YSDpvIN5WOeveIF6/Xw+i 35 | 6W88cbIfxVUBAoIBAQDIvYVmHFeql6D/eJDczV3N7H52gisUPXvqj8GLFhbpON5D 36 | W2wYiUZ3ezamc8y0w2cJ8DfDpCqPlkHwxY4g9wG8d8vMAH7NRgkbRJ12DqCu9+p6 37 | AHLHlnoDRXuANaNtA1cREznGJuNd2N4sihKcZm/5RkkzQHSMjWd3g7+uHFt0OV+f 38 | jayhLuVMHvxPK6tnObKBdphX7N3s/wo4zec4gg46fFC0W4yGaatg32ho3+nu387Z 39 | 0RvuUSSLtfOfEvkZW1QcC/tFI2PpaaLn7cT9DX5Coc4PYd8f9IxgxcRMr/NESRrS 40 | 4Vpue1eq62G0wlBEydiB2KbR2z+1BhM0NRHJB5YjAoIBAQCjj1V5GUQY7HYIEKU3 41 | GI9bgGSc7wF9aySrhkJc18ugPuVTjEomRmv852MgnZt/sG2POqwGwY05mF+wcNHP 42 | iri6zrLhxquSMW6fMMVrJ3Hl/oG0PZxRQAOSmJJiowqi9y3+eJ0J7JdFglZ5Cpyt 43 | WySbfGWX9uZ39QnUSJuGThKyjwWeDIstYN3VvQiEFvgYEXq7h2altBzZ2dSYHf7N 44 | owVzZEuWE9aB8hEmcmFEu1Ne+gD5icxPoDGygluCiuonsCuQG98Endy4Ll71rKT5 45 | qWJ6zcYQjENCj9u7L7pHmyskKfPFAdJeTNiy4RC4fF9BYAZ7k1xCvsFSezcH0lZ1 46 | +NsBAoIBAQDkNiaqlybolruVj5vsP3rkv63DTziMpHv+ZXIpgT2f799V4farg2KT 47 | Jw1tUc7r4IG8cRDcILzOY8uw+ACEFIFYcTE7LicENttyzZqhwHsl5A3Grf7PFH6c 48 | cY0a/ihen/ca+g4B7Drw5B4pJm9RQWhh+4yUqXK4NznDGFluFNC8greRxrOAwNn9 49 | ogYK7pu6ZOvQWDqkekzaZvv+KpATJX1dYOMafysAX9ZTc3ymjico3J+7cu6yVedb 50 | ++Wc4zPcLLrEkzar/5ZVErZy2eI4oXrQ/8Ka4nOU2zlDu6HaptiD0thMDFpNfSN/ 51 | 9Mw5TOQhXQQzPO3hvkK7bHLrPMcFPiSV 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /test_files/key_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDAWp8XMUsnT18b 3 | XDDdWgUryJ+LBib98RJnd8GSt+LUAkgDLo8FKPBfbTNHp+Bl8cmSYtxKKJHTmNW9 4 | UgXQPBn/FUqb3cbwny2k+Mxi5zAsKFfiQVa+6g05sLQZmqizLY/U7QNUdlcC8ZE/ 5 | ytFiSgEvlVLsrprmhNNF7Zno6K03XvIibKm5sH/7R32VXwb3NGh4PqOmbhcGo4LL 6 | jvakDygSm/iGCBjf/NrmJnFcV9FhdMYPnGhJQXCMpPnhZIGYledoMKCCNQPDloHg 7 | EbALo8QDPVP/gp3mKzwT9QroFfoRfclkkOaGOk/9BLhft1htJYLK/fkUtKPL+omB 8 | 24oJgfTQO/63LlF5ArUka4quFpqdcgjhQL+2RZ8wernkcax8oMm0xO7OZ/SvhoTw 9 | aFYD4ZYKZMXGSB1xfz8bY1ZhljFfp8eMNndZ5jPlPx3Ptal+tX65jWHtSQ059dTE 10 | 9bDm3GFdp2DoB8bIN+1K83jc26UW3CaFdgtAqsxEi/6dAoEo4GbCUvrJh/peEU8e 11 | zkQoD9w/Qu5yjhvbPPfCJCrxtDHyC26Jyv95UEMbdQP9crq2xzX9GfygY8SBC5DP 12 | pyNVXiyDl2XHRjHCWtI8Lyta1b0RJXLpm1Icj6NoJzgLRvq0QKaqr1ZGU6Y0euvr 13 | g4wFLCNAEcK202kwxtP9jWnX6QZ7XwIDAQABAoICAFuTiURAapg3eH8NIBJyBh43 14 | MIW+kxe5CtsJr7XLKAlpYKFrLBn3yKCV26EUsoe2WhIAUQJZWDvV+oRcpXni8zl3 15 | CIM2Tb1G+zMcZCn+CPgs6NJF6yePRGaf0s6RzBkp6t0jTb+La5dyLIWjaJYTx4bA 16 | 367g3cw7ll4nZWv2QmknIb3z38YQ2o1mFsrjZ+yPHeGJaN4WcY3ukJma4Z9vu9NI 17 | QESHXFhfCFQkHzoocP2l25mZDCk8J3o+HN0KvYxIadg3tmLnHHikkgZ8RUT1XZ9x 18 | NiliJQxsrviNY/jkZZ6oNRZUyftDjctW0PR41Hd6MU+1JD2QVp8JEygovgoSvdsG 19 | IUg0D6puBqwJvyrPiHiSlg4yNMhGwSKgoMXoV+A/e7pIhUzfvwlrOLBZ830fWHHq 20 | Uhvo3l13txusn3SqYDylEkeABYckKTNRah04YplKktJqBTqYHLtEf1X4o5NlZcSk 21 | y9nHy8a71h7O1elh/OfI/HjadPb7CaFCb5NpHDuFwXpPrrnvADLQ8/ceImAcBvjb 22 | 662gaDGMPA55O/tzAIsyltAXwmse8exrlBZN0lqJXlQLDcpW4p3A78REflat8uGo 23 | AnvJXMf/5pXe7ZwdwdtUi3ShqRccKkzvTBtAvlGLsP2rbtdSDdOKYsV/Dok/g9lB 24 | HPiJFpDwy8G5fsbCOXYBAoIBAQDkqM3v+xPxNPOGLjs/C6WeikzNX1GuP36cGD28 25 | Um5ICS5wqLinExskAhL0B0sa43uEyDc55EWWqsAmegtAJOOh37mJkL/Ho00w0FhT 26 | K3haD1JNKGi5CDvzc0RPr6Qah/eVXYt+D42dzSSILCumv5Y1TkXNGLmMFRKgBqcf 27 | DZCCBF5i3S8KA32SqPvU4CzvR4PbLl31DQFP3iUd4zrYlDcIjMJ68Jq1Lt/K8G2Z 28 | udy6Z54wr5VsgUdTBBF7aJgnx7Y+LV9jX3M9gwiibSG1VxGLeAJ2HX5J1T37g/1A 29 | k4Irj9oJfvZiS+0k8tY5fv8sQB0ZH1TnCxKhkWn7qt0oG/BfAoIBAQDXWoT+X5i8 30 | p0Uu4hwHX8XXdeBV2O9SreaDlkRD9lqXb/q++Sclule1LKCRqFnjZLmATAMIEUKi 31 | pQzTd9d5UGd3pFuctEOLUUgDKkEKMWkToiq7q3hb8MfQdR/uAZ8aa1zouvtL+k67 32 | VPWiJKispOY4fLdtTKvLs7SbufMLQZsgKJx1v3r807ARgF55nLUYbtF8RkQ8EMeg 33 | NRG6Z+/42aHxve0ItFJXMyd57RUBUyj3eX8J18JfM8MjwBIhCq+XDPjots2tRZvq 34 | JbHgOT8c8944hkLXimK2IoBwoc+UOkvWXeHyylFa2X+YSDpvIN5WOeveIF6/Xw+i 35 | 6W88cbIfxVUBAoIBAQDIvYVmHFeql6D/eJDczV3N7H52gisUPXvqj8GLFhbpON5D 36 | W2wYiUZ3ezamc8y0w2cJ8DfDpCqPlkHwxY4g9wG8d8vMAH7NRgkbRJ12DqCu9+p6 37 | AHLHlnoDRXuANaNtA1cREznGJuNd2N4sihKcZm/5RkkzQHSMjWd3g7+uHFt0OV+f 38 | jayhLuVMHvxPK6tnObKBdphX7N3s/wo4zec4gg46fFC0W4yGaatg32ho3+nu387Z 39 | 0RvuUSSLtfOfEvkZW1QcC/tFI2PpaaLn7cT9DX5Coc4PYd8f9IxgxcRMr/NESRrS 40 | 4Vpue1eq62G0wlBEydiB2KbR2z+1BhM0NRHJB5YjAoIBAQCjj1V5GUQY7HYIEKU3 41 | GI9bgGSc7wF9aySrhkJc18ugPuVTjEomRmv852MgnZt/sG2POqwGwY05mF+wcNHP 42 | iri6zrLhxquSMW6fMMVrJ3Hl/oG0PZxRQAOSmJJiowqi9y3+eJ0J7JdFglZ5Cpyt 43 | WySbfGWX9uZ39QnUSJuGThKyjwWeDIstYN3VvQiEFvgYEXq7h2altBzZ2dSYHf7N 44 | owVzZEuWE9aB8hEmcmFEu1Ne+gD5icxPoDGygluCiuonsCuQG98Endy4Ll71rKT5 45 | qWJ6zcYQjENCj9u7L7pHmyskKfPFAdJeTNiy4RC4fF9BYAZ7k1xCvsFSezcH0lZ1 46 | +NsBAoIBAQDkNiaqlybolruVj5vsP3rkv63DTziMpHv+ZXIpgT2f799V4farg2KT 47 | Jw1tUc7r4IG8cRDcILzOY8uw+ACEFIFYcTE7LicENttyzZqhwHsl5A3Grf7PFH6c 48 | cY0a/ihen/ca+g4B7Drw5B4pJm9RQWhh+4yUqXK4NznDGFluFNC8greRxrOAwNn9 49 | ogYK7pu6ZOvQWDqkekzaZvv+KpATJX1dYOMafysAX9ZTc3ymjico3J+7cu6yVedb 50 | ++Wc4zPcLLrEkzar/5ZVErZy2eI4oXrQ/8Ka4nOU2zlDu6HaptiD0thMDFpNfSN/ 51 | 9Mw5TOQhXQQzPO3hvkK7bHLrPMcFPiSV 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Secure Socket API (SSA) 2 | The SSA is a system that allows programmers to easily create secure TLS connections using the standard POSIX socket API. This allows programmers to focus more on the developement of their apps without having to interface with complicated TLS libraries. The SSA also allows system administrtors and other power users to customize TLS settings for all connections on the machines they manage, according to their own needs. 3 | 4 | ## How it Works 5 | The SSA has two components: a kernel module and a userspace daemon. The kernel module intercepts system calls for TLS-configured sockets and redirects them to the daemon, which does the heavy lifting of establishing a secure TLS connection. 6 | 7 | When SSA is installed, application developers can configure POSIX sockets for TLS by using the `IPPROTOTLS` flag in the call to `socket`. They can then use the sockets with the regular socket system calls. 8 | 9 | TLS settings are configured by the system administrator using a config file. SSA shifts the burden of choosing configurations from the application developer to the system administrator running the application. This makes the development process much simpler,and gives the adminstrator control over the security settings for applications running on the system. 10 | 11 | ## Publication 12 | You can read more about the SSA, it's design goals, and features in our [USENIX Security 2018 paper](https://www.usenix.org/conference/usenixsecurity18/presentation/oneill) 13 | 14 | ## Our Vision 15 | The SSA was created by Mark O'Neill for his Ph.D. dissertation, in which he demonstrated a need for an easier way to write secure software. He created the SSA as a prototype solution to meet that need. We are currently working to make this project fully-functional so that it can be adopted in real-world applications. We look forward to collaboration with the open-source community to make this vision a reality. 16 | 17 | ## Status 18 | The SSA is still undergoing large changes as we finalize certificate validation strategies and improve error reporting. As such, it should not yet be used in any mission critical environments. However, we are working toward release as a viable tool for the general public. 19 | 20 | ## Guide to this repository 21 | This repository contains the source code for the userspace daemon. Source code for the kernel module is in a [separate repo](https://github.com/markoneill/ssa). Documentation for both the daemon and the kernel module is found in this repository, in the `docs` directory, as described below: 22 | 23 | * `install-documentation.md` contains installation instructions. 24 | * `user-documentation.md` contains instructions for writing applications that use the SSA 25 | * `admin-documentation.md` contains instructions for managing the config file 26 | * The `developer-documentation` directory contains documentation for developers wanting to contribute to the SSA: 27 | * `general.md` contains an overview of how the system works as well as information that is relevant to both the daemon and the module. 28 | * The `testing` directory contains various testing files 29 | * The `diagrams` directory contains images referenced in the documentation files. 30 | 31 | We will be providing a formal API specicification in this repo and on [owntrust.org](https://owntrust.org) in the very near future. Eager users are encouraged to see our publication (linked above), code, or to contact us directly with questions. 32 | 33 | ## Contributions and Thanks 34 | Thank you to Eliezer Colon for noting a compilation issue 35 | -------------------------------------------------------------------------------- /test_files/manual_tests/https_client.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../../in_tls.h" 10 | 11 | #define MAX_REQUEST_SIZE 2048 12 | #define MAX_RESPONSE_SIZE 2048 13 | 14 | void print_identity(int fd); 15 | 16 | int main(int argc, char* argv[]) { 17 | int sock_fd; 18 | int ret; 19 | char http_request[MAX_REQUEST_SIZE]; 20 | char http_response[MAX_RESPONSE_SIZE]; 21 | struct addrinfo hints; 22 | struct addrinfo* addr_ptr; 23 | struct addrinfo* addr_list; 24 | 25 | if (argc < 3) { 26 | printf("USAGE: %s \n", argv[0]); 27 | return 0; 28 | } 29 | 30 | char* host = argv[1]; 31 | char* port = argv[2]; //use port given to allow for more flexibility while testing 32 | 33 | //set up the connection 34 | memset(&hints, 0, sizeof(hints)); 35 | hints.ai_socktype = SOCK_STREAM; 36 | hints.ai_family = AF_INET; 37 | ret = getaddrinfo(host, port, &hints, &addr_list); 38 | if (ret != 0) { 39 | fprintf(stderr, "Failed in getaddrinfo: %s\n", gai_strerror(ret)); 40 | exit(EXIT_FAILURE); 41 | } 42 | 43 | //connect to the port 44 | for (addr_ptr = addr_list; addr_ptr != NULL; addr_ptr = addr_ptr->ai_next) { 45 | sock_fd = socket(addr_ptr->ai_family, addr_ptr->ai_socktype, IPPROTO_TLS); 46 | if (sock_fd == -1) { 47 | perror("socket"); 48 | continue; 49 | } 50 | 51 | //set the correct hostname for correct handshake 52 | if (setsockopt(sock_fd, IPPROTO_TLS, TLS_REMOTE_HOSTNAME, host, strlen(host)+1) == -1) { 53 | perror("setsockopt: TLS_REMOTE_HOSTNAME"); 54 | close(sock_fd); 55 | continue; 56 | } 57 | 58 | //connect to the socket 59 | if (connect(sock_fd, addr_ptr->ai_addr, addr_ptr->ai_addrlen) == -1) { 60 | perror("connect"); 61 | close(sock_fd); 62 | continue; 63 | } 64 | 65 | print_identity(sock_fd); 66 | break; 67 | } 68 | 69 | freeaddrinfo(addr_list); 70 | if (addr_ptr == NULL) { 71 | fprintf(stderr, "failed to find a suitable address for connection\n"); 72 | exit(EXIT_FAILURE); 73 | } 74 | 75 | //put the HTTP request into the buf 76 | memset(http_request, 0, MAX_REQUEST_SIZE); 77 | sprintf(http_request,"GET / HTTP/1.1\r\nhost: %s\r\n\r\n", argv[1]); 78 | memset(http_response, 0, MAX_RESPONSE_SIZE); 79 | 80 | //send encrypted request 81 | int request_size = strlen(http_request); 82 | int tot_bytes_sent = 0; 83 | while(tot_bytes_sent < request_size) { 84 | int bytes_sent = send(sock_fd, http_request + tot_bytes_sent, request_size - tot_bytes_sent, 0); 85 | tot_bytes_sent += bytes_sent; 86 | } 87 | 88 | // receive decrypted response 89 | // in general, more robust reading will be required 90 | recv(sock_fd, http_response, MAX_RESPONSE_SIZE, 0); 91 | printf("Received:\n%s\n", http_response); 92 | close(sock_fd); 93 | return 0; 94 | } 95 | 96 | 97 | void print_identity(int fd) { 98 | char data[4096]; 99 | socklen_t data_len = sizeof(data); 100 | if (getsockopt(fd, IPPROTO_TLS, TLS_PEER_CERTIFICATE_CHAIN, data, &data_len) == -1) { 101 | perror("TLS_PEER_CERTIFICATE_CHAIN"); 102 | } 103 | printf("Peer certificate:\n%s\n", data); 104 | if (getsockopt(fd, IPPROTO_TLS, TLS_PEER_IDENTITY, data, &data_len) == -1) { 105 | perror("TLS_PEER_IDENTITY"); 106 | } 107 | 108 | printf("Peer identity:\n%s\n", data); 109 | return; 110 | } 111 | 112 | -------------------------------------------------------------------------------- /test_files/combined_personal.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+8RUNX+JBp6YD 3 | rtA6irQBRQDvoBV5Ub3/Yr0aM+PFMuPljPMxrhqXkV90xDmdNdcdI8ACqRFgpkBD 4 | brL4IGyphPpDreTaawlnjnO1El3NjtFaNrNOGAyp3xedq8YudpGXqcNWCiaHRgGc 5 | SEiRbm9sZ5wvTUmgpbAWEaLU3A66u4AkAc+JE1k1hKrniWVosgbujQh7ORXAWPFH 6 | K1A1zJXnvmlCoZ+oe+fhl6o+aICVYJ9eKqFfsUFNCpMwzHk5AlNhRcqkprMvXER+ 7 | gDwq9knK+3qHeAT7kg/yRa8h+Pk86LY26FhnoYxvhHhh3AsupljoSVTmHuRC+XWM 8 | 0mRP68r5AgMBAAECggEAURpbw9OPai3IoVXWkpcpwERMEnxfwqlK17hb9E5IGBH2 9 | pSFKhzaZivmvnwxeIH2nAnSV8UtY20GimEHj+Ork3Nhj6O1rAK9oTjk+wpGrkE1y 10 | dSw42xnx/xGImWtGAaRRUSdFlj03gkvlETnOwR80aspTl+/vLzJRaf5RuLJD+2I+ 11 | miuByXIkVsli1hvQFymO/J4FqErKb4lKIRIUvpXc6tJGX4G4zHT29zQXMMKiS3c5 12 | ivnCLyusyfzZMv9eBiDX30hsYah5e02Vo9HGOJz8UtD9snYASR6Dbzi4dHNa+uLo 13 | os8m4EVgbn+iYfbkAtneIBNqm8qXeCmBJk0fb6x7FQKBgQDwvKrdgUaSZ3ZJ7Vvj 14 | UVY4zul6kOOoEwiiqTG1OQK43c4sBFLN+3kDJxDafPaOxreaF0843AENhAmzq/AP 15 | p6LUOuAhLD3iLDmUOF4xj4zpVcjEEfo3dPHyzY5mj8iuDUv9L8X8iHYQaXrUHqw/ 16 | G6santjkmChr6D71xmeLZG8d8wKBgQDLDDPOcNwzbvC+B/BU+VXrCRIjciH6I8QJ 17 | n1fl0lK86Na+uwmmcSLBTXT1LVkWEVaoWsYP3KC+V1SDObPt/cpgjWvthd12VCMA 18 | dB7NzmBKlNcJ0fIOiLlcrwmYG+y+AoqstRFLE0Pd6UCZsxFIpERkQmFu3jTUFzfQ 19 | xP1LCi9yYwKBgAhD0fHs4Elid/MtzPvO7RDiOa3Vj5tTm/ZJrMU2Advq8YsdUuJz 20 | gcIT80YtCCH6vI7zweqH0xltsQ+UFZfT/4kdxFgfNrivIALwtHsrHIFeSphArcB9 21 | qVjWqc7nnNIs7rDwlPGIldUWafsiWnOINaWiUnv2pVyfCppRh3iHqDD1AoGBAMIT 22 | Qr1SkJa0tnTcf7GotJ+3htfMcn91ih4saMZplt2rq/6YJewp/S9ISr9B/gGixvKZ 23 | +PAWUKo+LLBVCg8zYimRYxSfvAMq/l2joAHU/aKryzI+sp+DvbDCOWhjYJBpO4VC 24 | eGoK2vaTyURfrOiC4j/2VsyypUoHezkX4IbGEH3DAoGAT0PFvXpMB+n4/Qo6XgbU 25 | hwNMDd42uDZWdi3yFZwE3CD9+doRDtto+vhviM2SJEhe5TXc15rMIiwljC9Stu+R 26 | MGaMxYAogYgAquVZGgMF4jNHPxch+2zaXozPUicNhUiusRbPTCtUYoXMNAeRnS+0 27 | 2agp7kjB8/ES5mXe0Lrxs0E= 28 | -----END PRIVATE KEY----- 29 | -----BEGIN CERTIFICATE----- 30 | MIIE/DCCAuSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx 31 | DTALBgNVBAgMBFV0YWgxDjAMBgNVBAcMBVByb3ZvMR0wGwYDVQQKDBRUcnVzdEJh 32 | c2UgQXNzb2NpYXRlczEZMBcGA1UECwwQUHVibGljIFJlbGF0aW9uczEVMBMGA1UE 33 | AwwMb3dudHJ1c3Qub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QG93bnRydXN0 34 | Lm9yZzAeFw0xODAzMTkyMDQ1MDFaFw0xOTAzMTkyMDQ1MDFaMFgxCzAJBgNVBAYT 35 | AlVTMQ0wCwYDVQQIDARVdGFoMQ4wDAYDVQQHDAVQcm92bzEUMBIGA1UECgwLVVMg 36 | Q2l0aXplbnMxFDASBgNVBAMMC01hcmsgT05laWxsMIIBIjANBgkqhkiG9w0BAQEF 37 | AAOCAQ8AMIIBCgKCAQEAvvEVDV/iQaemA67QOoq0AUUA76AVeVG9/2K9GjPjxTLj 38 | 5YzzMa4al5FfdMQ5nTXXHSPAAqkRYKZAQ26y+CBsqYT6Q63k2msJZ45ztRJdzY7R 39 | WjazThgMqd8XnavGLnaRl6nDVgomh0YBnEhIkW5vbGecL01JoKWwFhGi1NwOuruA 40 | JAHPiRNZNYSq54llaLIG7o0IezkVwFjxRytQNcyV575pQqGfqHvn4ZeqPmiAlWCf 41 | XiqhX7FBTQqTMMx5OQJTYUXKpKazL1xEfoA8KvZJyvt6h3gE+5IP8kWvIfj5POi2 42 | NuhYZ6GMb4R4YdwLLqZY6ElU5h7kQvl1jNJkT+vK+QIDAQABo4GFMIGCMB0GA1Ud 43 | DgQWBBQNKZBj2cDBsiYJD7fLb2TYkMCwcTAfBgNVHSMEGDAWgBShFM2qSAsQQ23f 44 | MY+DG26Hxfz49TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAoBglghkgBhvhCAQ0E 45 | GxYZU1NBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEA 46 | gZLnYVwczp7RppW99Z6RHEc5H+FhtV6G/uO9cCfj40OaeWqBMtL0v9yDxRU+vr94 47 | TQwkq4+ymHJxDGf0Y8sHr1drM/VpZjypBHebW0DLbNPkwHkDs5kiT80YYH/Z9l7e 48 | LE/K0kyr0SfO6DJf7OyrAcPDK2k4VJB3lV0CZLqQEp1esCiYNS6gG0vsWNCpyko3 49 | CdrdxclKFcIwJf3RPaj+FxshSxuSpzA0RJbYTdlQzh6KPkYYvzR8V3wKJB7jh4mS 50 | tIwjRysXbAVhqjnC6jktcq9ezAG1f1aYAbfuzLfnsVS9+LIojQGqSByqNdY+O+qD 51 | clnfdogHehqYd2RWQxQoJHmxnp5ckzO4gx9H/5YYLIdDAYq2paGgWlqxX6c8ErSM 52 | CVTvo9h5Hb0GdCsi0MMxtaeOPDTcfx7TMffMhTieMrnVaz7v9/miR+QjwZtPEqhc 53 | zNOywQxw7RfAdrP3Y5lKs/UKsTXz8ezA2axrf5cBGugB7vtODLKZnA8aUFrEYTkj 54 | JyG0kI8o4k+KAa2hkjBTnquAPHV7al5fyBc8LbkMCaD1wRQO2caLGxzYPaAkd5Ka 55 | 5rFvaYygXWBHNPRTo9HeTRdyqp8u0bazUnR/430j5NQBIs9RGBT3Y3OBm8df9h0R 56 | cWfxBKN/0aHHTRhq4Kf+I4fBMU2muJlF+MjUmk52Xb8= 57 | -----END CERTIFICATE----- 58 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/popup-box/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Modal Popup Box 4 | 90 | 91 | 92 | 93 |

Modal Popup Box Login Form

94 | 95 | 97 | 98 | 119 | 120 | 130 | 131 | 132 | 133 | -------------------------------------------------------------------------------- /test_files/webserver-event/www4/header.php: -------------------------------------------------------------------------------- 1 | ', $key ,''; 13 | } 14 | else if ($key == 'Commanders') { 15 | 16 | } 17 | else { 18 | echo '
  • ', $key ,'
    • '; 19 | } 20 | } 21 | } 22 | ?> 23 | 24 | 25 | 26 | 27 | 28 | PayMore 29 | 30 | 31 | 32 | 33 | 34 | 90 | 91 | 92 | 93 | 99 | 100 | 131 | -------------------------------------------------------------------------------- /extras/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "../in_tls.h" 9 | 10 | #define SOCKET_PATH "\0tls_upgrade" 11 | 12 | int upgrade_sock(int fd); 13 | int SSA_send_fd(int fd, unsigned long id, int is_accepting); 14 | ssize_t send_fd_to(int fd, void* iobuf, size_t nbytes, int sendfd, struct sockaddr_un* addr, int addr_len); 15 | 16 | int main() { 17 | int fd = socket(PF_INET, SOCK_STREAM, 0); 18 | struct sockaddr_in addr = { 19 | .sin_family = AF_INET, 20 | .sin_port = htons(8080), 21 | .sin_addr.s_addr = htonl(INADDR_LOOPBACK) 22 | }; 23 | connect(fd, (struct sockaddr*)&addr, sizeof(addr)); 24 | 25 | /* Some chochface calls SSL_set_fd(ssl, fd) or something */ 26 | 27 | /* Oh noes! Upgrade to use TLS via SSA! */ 28 | upgrade_sock(fd); 29 | send(fd, "It worked!\n", sizeof("It worked!\n"), 0); 30 | return 0; 31 | } 32 | 33 | 34 | int upgrade_sock(int fd) { 35 | unsigned long id; 36 | int id_len = sizeof(id); 37 | 38 | /* This is the address of the SSA daemon */ 39 | struct sockaddr_in addr = { 40 | .sin_family = AF_INET, 41 | .sin_port = htons(8443), 42 | .sin_addr.s_addr = htonl(INADDR_LOOPBACK) 43 | }; 44 | int new_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS); 45 | if (getsockopt(new_fd, IPPROTO_TLS, TLS_ID, &id, &id_len) == -1) { 46 | perror("getsockopt: TLS_ID"); 47 | exit(EXIT_FAILURE); 48 | } 49 | printf("socket ID is %lu\n", id); 50 | SSA_send_fd(fd, id, 0); 51 | connect(new_fd, (struct sockaddr*)&addr, sizeof(addr)); 52 | dup2(new_fd, fd); 53 | return 0; 54 | } 55 | 56 | int SSA_send_fd(int fd, unsigned long id, int is_accepting) 57 | { 58 | struct sockaddr_un addr; 59 | struct sockaddr_un self; 60 | int addrlen; 61 | int ret; 62 | char buffer[1024]; 63 | int bytes_to_send; 64 | int con = socket(PF_UNIX, SOCK_DGRAM, 0); 65 | if (con == -1) { 66 | perror("Socket error\n"); 67 | return -1; 68 | } 69 | 70 | memset(&addr, 0, sizeof(addr)); 71 | addr.sun_family = AF_UNIX; 72 | memcpy(addr.sun_path, SOCKET_PATH, sizeof(SOCKET_PATH)); 73 | addrlen = sizeof(SOCKET_PATH) + sizeof(sa_family_t); 74 | 75 | /*if (connect(con, (struct sockaddr*)&addr, addrlen)) { 76 | perror("Connect error\n"); 77 | return -1; 78 | }*/ 79 | self.sun_family = AF_UNIX; 80 | 81 | bytes_to_send = sprintf(buffer, "%d:%lu", is_accepting, id); 82 | if (bind(con, (struct sockaddr*)&self, sizeof(sa_family_t)) == -1) { 83 | perror("bind"); 84 | } 85 | ret = send_fd_to(con, buffer, bytes_to_send + 1, fd, &addr, addrlen); 86 | /* Wait for a confirmation to prevent race condition */ 87 | recv(con, buffer, 1024, 0); 88 | close(con); 89 | 90 | return ret; 91 | } 92 | 93 | ssize_t send_fd_to(int fd, void* iobuf, size_t nbytes, int sendfd, 94 | struct sockaddr_un* addr, int addr_len) { 95 | struct msghdr msg = {0}; 96 | struct iovec iov[1]; 97 | 98 | // should have an ifdef here to be thurough, check for HAVE_MSGHDR_MSG_CONTROL 99 | union { 100 | struct cmsghdr cm; 101 | char control[CMSG_SPACE(sizeof(int))]; 102 | } control_un; 103 | struct cmsghdr* cmptr; 104 | 105 | msg.msg_control = control_un.control; 106 | msg.msg_controllen = sizeof(control_un.control); 107 | 108 | cmptr = CMSG_FIRSTHDR(&msg); 109 | cmptr->cmsg_len = CMSG_LEN(sizeof(int)); 110 | cmptr->cmsg_level = SOL_SOCKET; 111 | cmptr->cmsg_type = SCM_RIGHTS; 112 | 113 | *((int*) CMSG_DATA(cmptr)) = sendfd; 114 | 115 | msg.msg_name = addr; 116 | msg.msg_namelen = addr_len; 117 | 118 | iov[0].iov_base = iobuf; 119 | iov[0].iov_len = nbytes; 120 | 121 | msg.msg_iov = iov; 122 | msg.msg_iovlen = 1; 123 | 124 | return sendmsg(fd, &msg, 0); 125 | } 126 | -------------------------------------------------------------------------------- /self_sign.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | static int add_ext(X509* cert, int nid, char* value); 11 | 12 | int generate_rsa_key(EVP_PKEY** key_out, int bits) { 13 | unsigned long e; 14 | BIGNUM* bn_e; 15 | RSA* rsa; 16 | EVP_PKEY* keypair; 17 | 18 | e = RSA_F4; 19 | 20 | bn_e = BN_new(); 21 | if (bn_e == NULL) { 22 | return 0; 23 | } 24 | if (BN_set_word(bn_e, e) != 1) { 25 | BN_free(bn_e); 26 | return 0; 27 | } 28 | 29 | rsa = RSA_new(); 30 | if (rsa == NULL) { 31 | BN_free(bn_e); 32 | return 0; 33 | } 34 | 35 | if (RSA_generate_key_ex(rsa, bits, bn_e, NULL) != 1) { 36 | BN_free(bn_e); 37 | RSA_free(rsa); 38 | return 0; 39 | } 40 | 41 | keypair = EVP_PKEY_new(); 42 | if (keypair == NULL) { 43 | RSA_free(rsa); 44 | BN_free(bn_e); 45 | return 0; 46 | } 47 | 48 | if (EVP_PKEY_assign_RSA(keypair, rsa) != 1) { 49 | RSA_free(rsa); 50 | BN_free(bn_e); 51 | return 0; 52 | } 53 | 54 | *key_out = keypair; 55 | /*RSA_free(rsa); // apparently this gets freed with the key */ 56 | BN_free(bn_e); 57 | return 1; 58 | } 59 | 60 | X509* generate_self_signed_certificate(EVP_PKEY* key, int serial, int days) { 61 | X509* new_cert; 62 | X509_NAME* name; 63 | STACK_OF(X509_EXTENSION)* exts; 64 | const unsigned char country[] = "US"; 65 | const unsigned char org[] = "SSA"; 66 | const unsigned char cn_name[] = "SSA Client Authentication"; 67 | 68 | new_cert = X509_new(); 69 | if (new_cert == NULL) { 70 | return NULL; 71 | } 72 | 73 | /* Version */ 74 | X509_set_version(new_cert, 2); 75 | /* Serial Number */ 76 | ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial); 77 | /* Validity dates */ 78 | X509_gmtime_adj(X509_get_notBefore(new_cert), 0); 79 | X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60 * 60 * 24 * days); 80 | 81 | /* Subject */ 82 | if ((name = X509_get_subject_name(new_cert)) == NULL) { 83 | return NULL; 84 | } 85 | /* Country */ 86 | if (X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, 87 | country, -1, -1, 0) != 1) { 88 | return NULL; 89 | } 90 | /* Organization */ 91 | if (X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, 92 | org, -1, -1, 0) != 1) { 93 | return NULL; 94 | } 95 | /* Common Name */ 96 | if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, 97 | cn_name, -1, -1, 0) != 1) { 98 | return NULL; 99 | } 100 | 101 | /* Issuer */ 102 | X509_set_issuer_name(new_cert, name); 103 | 104 | exts = sk_X509_EXTENSION_new_null(); 105 | if (exts == NULL) { 106 | return NULL; 107 | } 108 | 109 | 110 | /* Public key */ 111 | if (X509_set_pubkey(new_cert, key) != 1) { 112 | return NULL; 113 | } 114 | 115 | /* Extensions */ 116 | 117 | /* SAN */ 118 | add_ext(new_cert, NID_subject_alt_name, "email:mto@byu.edu"); 119 | 120 | 121 | /* Basic constraints */ 122 | add_ext(new_cert, NID_basic_constraints, "critical,CA:FALSE"); 123 | 124 | /* Key Usage */ 125 | add_ext(new_cert, NID_key_usage, "critical,digitalSignature,keyEncipherment"); 126 | 127 | /* Signature */ 128 | if (X509_sign(new_cert, key, EVP_sha256()) == 0) { 129 | return NULL; 130 | } 131 | 132 | return new_cert; 133 | 134 | } 135 | 136 | int add_ext(X509* cert, int nid, char* value) { 137 | X509_EXTENSION *ex; 138 | X509V3_CTX ctx; 139 | /* This sets the 'context' of the extensions. */ 140 | /* No configuration database */ 141 | X509V3_set_ctx_nodb(&ctx); 142 | /* Issuer and subject certs: both the target since it is self signed, 143 | * no request and no CRL 144 | */ 145 | X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0); 146 | ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value); 147 | if (ex == NULL) { 148 | return 0; 149 | } 150 | X509_add_ext(cert, ex, -1); 151 | X509_EXTENSION_free(ex); 152 | return 1; 153 | } 154 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CXXFLAGS=-Wall -Wno-deprecated-declarations 3 | CXX_DEBUG_FLAGS=-g 4 | CXX_RELEASE_FLAGS=-O3 -DNO_LOG 5 | CXX_CLIENTAUTH_FLAGS= -g -DCLIENT_AUTH 6 | 7 | EXEC = tls_wrapper 8 | SOURCES = $(wildcard *.c) 9 | OBJECTS = $(SOURCES:.c=.o) 10 | STD_INCLUDES = `pkg-config --cflags libnl-3.0` 11 | NEW_INCLUDES = \ 12 | `pkg-config --cflags libnl-3.0` \ 13 | -Iopenssl/include \ 14 | -Ilibevent/include 15 | LIBS = -lpthread \ 16 | `pkg-config --libs \ 17 | libconfig \ 18 | libevent_openssl \ 19 | libnl-genl-3.0 \ 20 | avahi-client \ 21 | openssl \ 22 | ` 23 | LIBS_EX = \ 24 | -Llibevent/lib \ 25 | -Lopenssl/lib \ 26 | -Wl,-rpath \ 27 | -Wl,libevent/lib \ 28 | -Wl,-rpath \ 29 | -Wl,openssl/lib \ 30 | -lpthread \ 31 | `pkg-config --libs \ 32 | libconfig \ 33 | libevent_openssl \ 34 | libnl-genl-3.0 \ 35 | libnotify \ 36 | avahi-client \ 37 | openssl \ 38 | ` 39 | 40 | INCLUDES= \ 41 | `pkg-config --cflags libnotify` 42 | 43 | PRELOAD_PATH=$(PWD)/extras 44 | QRVIEWR_PATH=./qrdisplay 45 | BASHRC=$(HOME)/.bashrc 46 | 47 | .PHONY: clean qrwindow sharedobject hostname-support preload hostname-support-remove 48 | 49 | all: CXXFLAGS+=$(CXX_DEBUG_FLAGS) 50 | all: INCLUDES=$(STD_INCLUDES) 51 | all: $(EXEC) 52 | 53 | release: CXXFLAGS+=$(CXX_RELEASE_FLAGS) 54 | release: INCLUDES+=$(STD_INCLUDES) 55 | release: $(EXEC) 56 | 57 | hostname-support: sharedobject 58 | hostname-support: preload 59 | hostname-support: all 60 | 61 | hostname-support-release: sharedobject 62 | hostname-support-release: preload 63 | hostname-support-release: release 64 | 65 | clientauth: CXXFLAGS+=$(CXX_CLIENTAUTH_FLAGS) 66 | clientauth: INCLUDES+=$(NEW_INCLUDES) 67 | clientauth: qrwindow 68 | clientauth: $(OBJECTS) 69 | $(CC) $(OBJECTS) -o $(EXEC) $(LIBS_EX) 70 | 71 | # Main target 72 | $(EXEC): $(OBJECTS) 73 | $(CC) $(OBJECTS) -o $(EXEC) $(LIBS) 74 | 75 | # To obtain object files 76 | %.o: %.c 77 | $(CC) -c $(CXXFLAGS) $< $(INCLUDES) -o $@ 78 | 79 | # To remove generated files 80 | clean: 81 | rm -f $(EXEC) $(OBJECTS) 82 | $(MAKE) -C $(QRVIEWR_PATH) clean 83 | 84 | qrwindow: 85 | $(MAKE) -C $(QRVIEWR_PATH) 86 | 87 | sharedobject: 88 | $(MAKE) -C $(PRELOAD_PATH) 89 | 90 | preload: 91 | ifeq (0, $(shell grep -c addons.so $(BASHRC))) 92 | @test -z $(LD_PRELOAD) && EMPTY_PRELOAD=1 || EMPTY_PRELOAD=0 93 | ifneq (0, $(shell grep -c LD_PRELOAD $(BASHRC))) 94 | @echo "adding addons.so to LD_PRELOAD" 95 | $(shell test -e $(BASHRC) || echo "# .bashrc" > $(BASHRC)) 96 | ifneq (1,$(EMPTY_PRELOAD)) 97 | # LD_PRELOAD in .bashrc only 98 | @sed -i -e "s|^\(export LD_PRELOAD=\)\([.:\/a-zA-z0-9 ]*\)|\0\n\1$(PRELOAD_PATH)/addons.so:\2|g" $(BASHRC) 99 | else 100 | # LD_PRELOAD is in bash & .bashrc 101 | ifeq (1, $(shell grep -c "LD_PRELOAD=$(LD_PRELOAD)" $(BASHRC))) 102 | # LD_PRELOAD in bash matches .bashrc 103 | @echo "amending ~/.bashrc to include .so in LD_PRELOAD." 104 | @sed -i -e "\$$aexport LD_PRELOAD=$(PRELOAD_PATH)/addons.so:$(LD_PRELOAD)" $(BASHRC) 105 | else 106 | # LD_PRELOAD in bash is differant than in .bashrc 107 | @echo "amending ~/.bashrc to include .so in LD_PRELOAD(along with this sessions LD_PRELOAD)." 108 | @sed -i -e "\$$aexport LD_PRELOAD=$(PRELOAD_PATH)/addons.so:$(LD_PRELOAD)" $(BASHRC) 109 | endif # $(shell grep -c "LD_PRELOAD=$(LD_PRELOAD)" $(BASHRC)) 110 | @echo "please source your .bashrc file to import the updated LD_PRELOAD variable" 111 | endif # $(EMPTY_PRELOAD) 112 | else # $(shell grep -c LD_PRELOAD $(BASHRC)) 113 | ifneq (1,$(EMPTY_PRELOAD)) 114 | # LD_PRELOAD absent from bash and .bashrc 115 | @echo "LD_PRELOAD was absent. Adding .so to LD_PRELOAD in ~/.bashrc" 116 | @sed -i -e "\$$aexport LD_PRELOAD=$(PRELOAD_PATH)/addons.so" $(BASHRC) 117 | else 118 | # LD_PRELOAD is in bash only 119 | @echo "LD_PRELOAD is set in bash. Adding .so and saving to ~/.bashrc" 120 | @sed -i -e "\$$aexport LD_PRELOAD=$(PRELOAD_PATH)/addons.so:$(LD_PRELOAD)" $(BASHRC) 121 | endif # $(EMPTY_PRELOAD) 122 | endif # $(shell grep -c LD_PRELOAD $(BASHRC)) 123 | @echo -e "\nLD_PRELOAD modifyed!\nplease source your .bashrc file\n\n" 124 | endif 125 | 126 | hostname-support-remove: 127 | ifneq (0, $(shell grep -c addons.so $(BASHRC))) 128 | @echo "removing addons.so from LD_PRELOAD" 129 | @sed -i -e ':a;N;$$!ba;s|\nexport LD_PRELOAD=$(PRELOAD_PATH)/addons\.so\(:.*\)*||g' $(BASHRC) 130 | endif 131 | 132 | --------------------------------------------------------------------------------