From 9022d3aa73351ba614e2ab13da7f153e72a44d1e Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Wed, 14 May 2025 18:39:49 +0800 Subject: [PATCH 01/11] local_save20250514 Signed-off-by: TaowerfulMAX --- src/common/base.cpp | 17 + src/common/base.h | 2 + src/common/common.h | 1 + src/common/define.h | 1 + src/common/define_enum.h | 7 +- src/common/define_plus.h | 26 + src/common/openssl_client | Bin 0 -> 17184 bytes src/common/openssl_example | Bin 0 -> 16688 bytes src/common/p_main | Bin 0 -> 33544 bytes src/common/p_main_c | Bin 0 -> 33584 bytes src/common/psk.cpp | 242 ++++++++++ src/common/psk.h | 85 ++++ src/common/psk_original.cpp | 624 ++++++++++++++++++++++++ src/common/psk_original_change_1.cpp | 695 +++++++++++++++++++++++++++ src/common/session.cpp | 438 ++++++++++++++++- src/common/session.h | 10 + src/common/ssl_tcp.cpp | 18 + src/common/ssl_tcp.h | 41 ++ src/common/ssl_test.cpp | 78 +++ src/common/tcp.cpp | 435 ++++++++++++++++- src/common/tcp.h | 8 + src/daemon/daemon.cpp | 47 ++ src/host/server.cpp | 51 ++ 23 files changed, 2822 insertions(+), 4 deletions(-) create mode 100755 src/common/openssl_client create mode 100755 src/common/openssl_example create mode 100755 src/common/p_main create mode 100755 src/common/p_main_c create mode 100644 src/common/psk.cpp create mode 100644 src/common/psk.h create mode 100644 src/common/psk_original.cpp create mode 100644 src/common/psk_original_change_1.cpp create mode 100644 src/common/ssl_tcp.cpp create mode 100644 src/common/ssl_tcp.h create mode 100644 src/common/ssl_test.cpp diff --git a/src/common/base.cpp b/src/common/base.cpp index 57d08592..8dd9ef3d 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -18,6 +18,8 @@ #include #include #include +#include +#include // 用于 std::setw 和 std::setfill #include #include #include @@ -2629,5 +2631,20 @@ void CloseOpenFd(void) fileStream.close(); return ret; } + + + std::string toHex(const uint8_t* data, size_t size) { + std::stringstream ss; + ss << std::hex << std::setfill('0'); + for (size_t i = 0; i < size; ++i) { + ss << std::setw(2) << static_cast(data[i]); + if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + ss << "|"; + } + } + return ss.str(); + } + + } // namespace Base } // namespace Hdc diff --git a/src/common/base.h b/src/common/base.h index b528b7b9..fad77d67 100644 --- a/src/common/base.h +++ b/src/common/base.h @@ -285,6 +285,7 @@ namespace Base { bool CanPrintCmd(const uint16_t command); void UpdateEnvCache(); #define FEATURE_HEARTBEAT "heartbeat" + #define FEATURE_PSK "psk" using HdcFeatureSet = std::vector; const HdcFeatureSet& GetSupportFeature(void); std::string FeatureToString(const HdcFeatureSet& feature); @@ -293,6 +294,7 @@ namespace Base { void UpdateHeartbeatSwitchCache(); bool GetheartbeatSwitch(); bool WriteToFile(const std::string& fileName, const std::string &content, std::ios_base::openmode mode); + std::string toHex(const uint8_t* data, size_t size); } // namespace base } // namespace Hdc diff --git a/src/common/common.h b/src/common/common.h index 10e3f948..367e3f75 100644 --- a/src/common/common.h +++ b/src/common/common.h @@ -79,6 +79,7 @@ using std::vector; #include "tcp.h" #include "usb.h" +#include "psk.h" #ifdef HDC_SUPPORT_UART #include "uart.h" #endif diff --git a/src/common/define.h b/src/common/define.h index a6e7497d..8be392b0 100644 --- a/src/common/define.h +++ b/src/common/define.h @@ -62,6 +62,7 @@ constexpr uint16_t BUF_SIZE_MEDIUM = 512; constexpr uint16_t BUF_SIZE_DEFAULT = 1024; constexpr uint16_t BUF_SIZE_DEFAULT2 = BUF_SIZE_DEFAULT * 2; constexpr uint16_t BUF_SIZE_DEFAULT4 = BUF_SIZE_DEFAULT * 4; +constexpr uint32_t BUF_SIZE_DEFAULT64 = BUF_SIZE_DEFAULT * 64; constexpr uint16_t MAX_IP_PORT = 65535; constexpr uint16_t MAX_CONNECTKEY_SIZE = 32; // usb sn/tcp ipport constexpr uint16_t TIME_BASE = 1000; // time unit conversion base value diff --git a/src/common/define_enum.h b/src/common/define_enum.h index a9739217..f128aa6c 100644 --- a/src/common/define_enum.h +++ b/src/common/define_enum.h @@ -22,8 +22,8 @@ enum MessageLevel { MSG_OK, }; -enum ConnType { CONN_USB = 0, CONN_TCP, CONN_SERIAL, CONN_BT, CONN_UNKNOWN }; -const string conTypeDetail[] = { "USB", "TCP", "UART", "BT", "UNKNOWN" }; +enum ConnType { CONN_USB = 0, CONN_TCP, CONN_SERIAL, CONN_BT, CONN_UNKNOWN, CONN_TCP_SSL}; +const string conTypeDetail[] = { "USB", "TCP", "UART", "BT", "UNKNOWN", "TCP_SSL"}; #ifdef HDC_SUPPORT_UART enum UartTimeConst { @@ -125,6 +125,7 @@ enum InnerCtrlCommand { SP_DEATCH_CHANNEL, SP_JDWP_NEWFD, SP_ARK_NEWFD, + SP_RESTART_SESSION, }; enum HdcCommand { @@ -146,6 +147,7 @@ enum HdcCommand { CMD_WAIT_FOR, CMD_SERVER_KILL, // channel kill, not use CMD_SERVICE_START = 17, + CMD_SSL_HANDSHAKE = 20, // One-pass simple commands CMD_UNITY_COMMAND_HEAD = 1000, // not use CMD_UNITY_EXECUTE, @@ -208,6 +210,7 @@ enum HdcCommand { //Heartbeat commands CMD_HEARTBEAT_MSG = 5000, + CMD_PSK_MSG = 5001, }; enum UsbProtocolOption { diff --git a/src/common/define_plus.h b/src/common/define_plus.h index 8fef88ee..919c08c2 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -23,6 +23,7 @@ #include "define_enum.h" #include "uv_status.h" #include "heartbeat.h" +#include "psk.h" namespace Hdc { @@ -166,7 +167,21 @@ struct HdcUSB { std::mutex lockDeviceHandle; std::mutex lockSendUsbBlock; }; +struct HdcSSL { + SSL *ssl; + SSL_CTX *ctx; +}; + +struct SSLStruct { + SSL *ssl; + SSL_CTX *ssl_ctx; + BIO *read_bio; + BIO *write_bio; + uv_tcp_t *tcp; +}; + using HUSB = struct HdcUSB *; +using HSSL = struct HdcSSL *; #ifdef HDC_SUPPORT_UART struct HdcUART { @@ -202,6 +217,8 @@ struct HdcSessionStat { std::atomic dataRecvBytes; }; + + struct HdcSession { bool serverOrDaemon; // instance of daemon or server, true is server, false is daemon bool handshakeOK; // Is an expected peer side @@ -224,6 +241,7 @@ struct HdcSession { int bufSize; // total buffer size int availTailIndex; // buffer available data size uint8_t *ioBuf; + uint8_t *bioBuf; // auth std::list *listKey; // rsa private or publickey list uint8_t authKeyIndex; @@ -233,6 +251,7 @@ struct HdcSession { LoopStatus childLoopStatus; // pipe0 in main thread(hdc server mainloop), pipe1 in work thread uv_poll_t *pollHandle[2]; // control channel + uv_poll_t *pollSSL; // control int ctrlFd[2]; // control channel socketpair // data channel(TCP with socket, USB with thread forward) uv_tcp_t dataPipe[2]; @@ -241,6 +260,12 @@ struct HdcSession { uv_os_sock_t fdChildWorkTCP; // usb handle HUSB hUSB; + SSL *ssl = nullptr; + SSL_CTX *sslContext = nullptr; + BIO *readBIO = nullptr; + BIO *writeBIO = nullptr; + HSSL hssl = nullptr; + uint8_t cntErrorSSL = 0; #ifdef HDC_SUPPORT_UART HUART hUART = nullptr; #endif @@ -252,6 +277,7 @@ struct HdcSession { AuthVerifyType verifyType; bool isSoftReset; // for daemon, Used to record whether a reset command has been received HdcHeartbeat heartbeat; + HdcPsk psk; uv_timer_t heartbeatTimer; HdcSessionStat stat; diff --git a/src/common/openssl_client b/src/common/openssl_client new file mode 100755 index 0000000000000000000000000000000000000000..32ba046ce61a3d2f137ce56de61cab9b177d36af GIT binary patch literal 17184 zcmeHOeQ;FO6~CJhh)PVNAOtH}R2&dl5(vnL=t5X{X#<3iv~+~rc2o$0uciQuEF=HBSLj@>ARXcP!b`2M^vFq~bN;&Qwl9C;U3+>X^o0 zrFddY@JD`iS_d*LM0LAv*$JfgCqcc{tgUXryCB!;)xtaWoQ3^)2pOxnl8(246DnTgn^8etF@C z=hUVx?FtDX`o1Hr&gH5ylbOd#<-)Mt6 zSkRw5n%PW0gcu^iAm@O{&_dr}of4PhP zDHr{_T=1hVI1aE-yVtqke{k^=alx-}@$;~Y{*5mBwu}B9F8Z&y=#RMIT`qoFT=Y9! z^dEH5zsUt}bnyc)^TJOrmjU3_LEv#3D}-+ZywLGApn*d848Si38@=GXTg~P$uU|-L zUSnoc+h#LtC9JMU(zX(9n;WC?nAH~Sh+51vyL#d=Gie7CwrL90f{NR>H=DZ?5!+%| zOLnL1aC~=+GmULK%$T)X2rS#|4705*fi0*PiA8KPnT)cw=Iv%E8nI%w*<;z=@i5m8 z#bYrmWIJ9u6PEDb*wkVKTFox-77O+WjG90&lu9JfS18ikZ6&xpx6Nxel<4oZ<1EnH zYW5}~plu}*@kG+>?1f>6`hsR>Bo>TDZpA3T92b&N=m|z*EEx~oY}u^G>PZ6WP1#8n zipG-`>$c;uBum;5&jjn`9+}k_vB3ufF?6#T>b}|R3`U}ix7o=eG3akF98NH3144ll z=Q6B|?oF~-Tj4}*nXk@Q$2K)Lt#34!`Wl?tvdQXF-*P;?hg zy#Vh4RK^v2I)Omb3SOh&rxkpTf=?*;r3y~h8{YqF6}(F7PXkO2l}l$UIL4ofSHbDt ziLwO>j`u|>bqda(=cHhzf@3VG_!S)cM8!~WiYdxk6dVqiQ+6o$`3}n1E(O0p!Mhb4 zP7J5?D)@yC%2=O*S1R~k1;=xh$~_8RO(4)=1y|?MhZI~s+HudY?;`MF<=jt<{in)}!LoOjFlO8} zYM11W8T(%;f0;L$TmD-gW7*vNw}4dEGSu%zNjCFNE|(kTJWll4%yEau2|k-S?C?0T zXEQ%^c%0C)nMWNSC-Q9OK8ME%Je%3)@Hla2Gq*TAPT1K@(BW~S&SthbJWkNr%sPk1 zi8-68cX+%ZW;62~9w+E*rrP0gV$Nnf4v!OZHgo1IjTa|k7{9~g1PtSMc$|1){0@&3 zE{xydaiWFsJ3LOXFn))}i5150@HnBu_#GZ6QW!t+aC9p8(b>TG@d1AMVmw-t{9=ut zukn{@{7j9n(D*Wq{}i6{)%HHt_zyJxq{hFk@h3F?4UK|@|PH-W9wKH6t?gAgn2U)%fO!Jje*oi*chBLe*t$Fn5Z9p5o+uZ z{!3p4r>9sTvqd1Ui9|eV}m&r=Ik+ zpz|C$ei7M2IQ^ur0O>&B=>9!NS$_?LbJhjI>S4#qgPw;1-10m0sKJVU2t&<<`q=I{tX1)Gln*g4+f5Mb7SC55G(<~;dJetqc*nqnp9ut zwD?V^8G|qu&~3!}Kwu2UH73S&-_^qXQ_!LqmkBz9?MK06Y~WXD^dg9m!+I+S_fL2# z?;qvu4VG<__7TUvRFH6DC`<39PR=7#Oi;iXA9#HC^fM*C3I2soyAHEIf@Gx)N7;K*i8;fS} zQ^hVzH-Xygc=y3mir<@@yAgJ^Sc(xSMxYphVg!m2C`OqX8o6qEO_X6Ds^f92PvbkI{&=Vi# za?b;$caxr5TbZY?%5&-TY30N4w2wHxKYR%EuL8<8OyjRfuY_s?{QThm0ImuytlD_t z>@QYcu)BOOyJ61itCwAQIiTErC(whZb2)B^AQbd#!*2v|Y=;WAh5f9Cezo92BXD8W z-6f3`Q%g6MK$l3ZNQ)6DMxYphVg!m2C`O&jkU?KU(XLE7nM`Y3q<+6;) zN3WbMqVkl>$MK(lupG<4>EIxc(Ji?iU)H8XH%87qoYzVs^?~U+-)1)h(`1akl>UrAvKv4GSgw*&gvU zox;xKbS*q@JRrGO9(b=*z)$3b^zpnZVO4BcO?Xi3mvxo6<*$Dm^e=)QHOYyMzncNW?{ZxAAnN#mwa|Fq zbHS&=yje)U2Jq^V8Ydr9khD{soxTv8%$qmu9!O!2$E+l1hT~>eG~N-6nqeDr z%7dvs7K-=uMlIV4L*jNp4NN$Xn88FM*l)u7-$Xy_Oh9(K8BX=|^n;1QiOhLb6;j7d z+e+HLP%q}MZ){z+Iba61Y{0C26ZXiM0YieuhE`^7`0AE*o0}S$xv6>U`gP6b){Pst z2inZGb?ci0rp!(EQ+hdOlJms&JOmT?F}EKx>;05jFY?k&D;%_gGD|+s$ZXmQiSXe_ z%uFS%Fmz2#w9nHdk9?1SNQT#1;hFg7>>SXPu$Sj<3DA@Z>;cd;M5cdU2jLhd<7Rg- z7KV)y*i3;yAPhSMV9$f*j~{CozP7QzX#n#0x2x&uHGF?b~9hNKL$+*YA1vQJ}f2S zTT>omf-GT0gJ>XYy-}O_@M2>=sQS9%vXZny%x7DDz~cM_+Hrny`>bv`BXz^(6^9c( z#4IK(s18j9dm`XWn8RUVKA01G#HX$TGxfg*;kptYN#I#jl-Y1!z(SPPl>!yIR7ZLR z{BSKt_A8}5(K=L8id=p<$O@>b_WJ(ND;-Tyf!j@9!RKz(o}T-Odh@jL89Kjw1=zpB zT9Eor>t&(~q&lsa_5KGzj%#JIACu!JN(*J|BgUERXS%V@me4o+nD{d1{~R zY5WgL`}NWxy&oV-?-S4-ZFKub0mGP(f9H8mKKIdk6HwtrKmLyZs@i*{9nk|?!0B<4 z=o6a#s9YZtB|XvlG(6R)RZ(KSt7dq8z4~aZD~iefealczL7kjS| zJO8U?`%>M($$pW8hzj-n?d^pf z<>g;3e43lNy&~sfROgeaKAmDsPrPG8&6=KARZl#T?W^jm-B7imCXh)6*2)klE(04~ zQ#*IJ3Ah;}Os7%!2Nci#NOql;lm2hZBJZ#N_?zzp;`>(ZI&ok3k7`bBA{~mGY)FR+ z`O_gvp6V6YNJr+w_Xy#B!pQcl^;Yj)(?i^CNS0Tg0C!CuqL}kV@aK!*XN%w;6~QUW zLhaIl6vFov(a#pae_sTrJQ>)$jlL<3pN7A-wD%FCDt&J^a#!4Tw(q^w^ zcPC?_rKQoVYu#sNGnN^((ssNv9*x+R*%^ml7AC9*#Ga=5-NeTeaofyfdK@8HHl^bS zVRetyuMF#(o6S@@p0G_Told4RW@idPM*AWVCn7!Z2PtOsl&FrmHxf^XPHE98x-2`H zvPH(m(WXU8dJtA$+!nAv%hZ|HQ9YXOPua;?mTDWEK-UGT1Jz<@W5c#Ob8TQ+$GMF_^3Ket8U)Yqwx za~XHxbl>1I;li(G5Om6g&v)T7E_{It=j)d4ZB;*Yo*wkmlM#of2mJKpUgi<)r2s{{UC4OBf7`=9>EVYx{1Fd-$irtne6NSM zJp2I<-{$6n?>7vdy)QiYyYS&ZOf|LE2gic1hle-+5oygW-UQ8yoq>uKkK!P4f`&KW z3nV;T)=cEC8GA8K-Eykq)XmF{SF9Kyz0;aPf3?(Kzmmx6%i+PP@X0@K37?#q6ZX9l zK6}}|4i4VO@R%Hw=f*o_-q@bb@4)6uGwe zhUC9e_BMFm0oXe2ll|la5K^TLc0Z@+Uc$?^m^cnY#S%7g4D85()2uk+s^bc+oHz-2 zc(8sdJcMoVRjChtCVcqNjL5D+O4co)&|aOmlQf6QLWqXgC178oYjomnDX5=$-D!n9 zhX)VM!0F6SNhdtKV4igI7Mb1zgCk=V&x}1fW-p~YVSGsV%a_>YdDPs-zrx#fcu*P- zK;$+a)y791r*Z11(Q{Lh<4d&o>-CbTMkzVV}t^q~<7yTBP;- z8gS#`p-KeTME-{tv^x>JDD&FyG`9t{@X)UDq52Eq;l=kTJvjQ)C%N2U{Y7}sRXmA9 z%^sULh?b@K>!)QOlJ^Mbu0VcErIdkE21*$yWuTOSQU*#HC}p6Ofl>zk*D^r=J=zlV z_sOu6Ml@~V_m6@9Lq;^2u&qA)zLCF~0@1Wn{hHM;+A@(YYol>X#`sEA=Ao+SfvZF& zO2_WIVa_J{cS}R^Gk?kDj)D$M<#MB-BcQK=R)3Jor9hWX=W^qq+d%1O!fsId2Xg{6 z1iJpiT&|tQWGM9Sl#1`cX5s6r^xZK3%JLD&2&bQ&FT(e&q_F);`Mcs~RBNz>5CgR> z7FO<9xa3O}S3gibAhs;qc-y+0R}xJ2U&Zzs^rRtyD1_VC#(*CO^EpHvMHRw|_olrm7tKq&*I43siZ%0MXtr3{oZ@L$OQ&-3DWU3&N;=ZaAP%+p*n zH&5dpDss#~6+IZiuP9k=rU41cQbnBk#5ZW3#vW9bDI$2D8I32Xu>7x=b4lVy^<*rb zdzI1^o^y3h%XyB}9vvUgDO*BLP!=oV?6sLl>G@PV7i>yv=)({^hwFNcSL*;7-=`}a z_c^V{bGf+vSO`5iAn$mPY(-BRNYdWgwn5JI;|BUDPhCA!(HX5tiIjmlO zI&tRn>|vG`@^eaxuXX0jv-aDl_{8uT<5%eFyMs(83W)6pH+&0oo;T3FYkufiLne z6@0z2@G0#lt`97>Y4@5@nwg)0W-MuT^&~qYJ!Z_NS@4l; zpNJ-VQ$3b##V|R&paxBmkDHNnI?``i2|L{{I@6I}%Zz1vd;4MH;?!h(w<@N`o3@p) z1JM-CxZlydbyvMvzk55a3NW!Y#H(YZoiKMc?%B4r(cH6RM@xOH z*}8RGW4-xlGyFrm96-&oS5x*wJlURR*qc@?Vn?tRVGri`$KnZEVGu(Q?nMB3267ER zfrSH}rjWBt((H~TVzlsKf3TJoB*f*K0yCMi63D#U0ArIp97=;#VcpEh-{c3py&P8H&r3V&scy#r`i@c^x6H6`F{6Dhv z#1n)FWcqvUNC&8$R*lIa$KSbqXdC~Bvb1S?@O@nj;8F(FG^JrOd{wN#HS0`imvPz`h?!BQn-MMXgV z?g&t?g?3V2^#Q9}_tWkeyfLSIsJ<VwLQ~nQgRi3uV!ciDsFr4dO`Z{;x7FBXN=y% z-1ht)$kbp(O}+MC2L3m^qjUT`j$yh=+wnNY8-E0H8pE*tIeq+0pQhxZP>fV%dmeAZ zfsqN@^SFsAkCUJxi+0DXxF0ndgRni1JD9H2njAmtF?|?v8q+Y(;~J(ZZBOx2oE*P~ z1--XWPT8KvSxkAH#qF~_AOAPB{Wk58$8AifG*0$p<$ z@z}H5mpu0TUdxof7qGrJe=lo$rx`d>d-a)T`T=Y!T=x8(WM36P6xLJREYJ8Q2$NL&VyOR7VLLwm-vdU6$oBl5B(;XL@sC^)XV3ObuYj@JUWBx2wW8b(J77EJ z>EAJ7+`bV~lFB0Xh7vn_`ff$-Yjp=_``aBvRY;eLoAR}zBx)bh4oCF`L+f+t{hj0I l`_DXJ9J{hq`>7g5BOW2Q%evIvJStMOw^nH^^B8zo@ek1HPuu_i literal 0 HcmV?d00001 diff --git a/src/common/p_main b/src/common/p_main new file mode 100755 index 0000000000000000000000000000000000000000..5bfa9a9958c243541fb2857e0f710b86c07a875c GIT binary patch literal 33544 zcmeHwe|(hHneRzLAS#$(iKQqy3VJ~#k`R6>bRY~2N;DFp_-kK=$%Kp~nQ?w#(8k7w zc$to~O%+_L)eXJ6>+O%bSgS=U7^MRGe0u%LjcRK%7t;@mR?;+7dDcgh10H(SUi z;Mc{@XJf&S;h4yG3xZscjuht75{VaqQn|@=kcXZtV5X?DkSLXNN&{0wj-sqg@Kmmt z4qfzv&A;{CUt z_tkSs?)mmHk|DdP49QR;dD-Ne_u`0TcsvT8EZoH=6%uw8{%Y|z5cp+l#Iwnv-Yy3{e{jGp2R(Zo={YS>T{2>`?Dl9PmdR@PtD=&vuZ%(Lw$j4)K54LC;kVdPW@d{MI23tq$^6 zJJkEEL;UAD*zmA}V9sXX3GWK*O(^MD0x_$pk*!-(Z$$%vE(o9Nny<;`g<*Z1njz^L!NvD(8rLyjU3#_$Q*E@M%Uv1UTv({Bw9#m;XILaD<565nxSds3<_(VNnQZY;5(R-O(ieR&-4+?TZE4 z(ZyQ>tvLNDtIZ$YN)+b_NF$fWup1!}%Cbn6f3xLp-fT7bf-MZ{F`UsI+gv&pC$?te zTj;QoOT`-fvt|)HpV&=)Sfw-l0$){AW6iCYqsIjtgIl#`_3|34s-jvSRb~(8W)G_> z=CPXf>z6HGZB@dW>|wSAxZ@N5=y(k7JIC_8G59S8 zPm)FaxPXm=@Mar6 zI78qiaz3Ht6@Mrs^2r>pIOM+r23~65M+{s&Go$Q517Bjurwx3$fe#yaje(yu@Kpw0 zChezb)#V1R=2ZwGe=ec2)clEXdRC#5nr{)lMuDJeK1cX!16T7o!ml*&Lo{(m8izkQ z)#Lntfuo^yI%43MD(W<7;F#L$ls0gxTcu$GmtBZwoiuQ=NvAe(M3`!OLP`uA9bBg} z13z7(cz$Z&=-@iJ41Bys8Jl6?6AXNgfuCvM3k{skLzUbHK2d?7UIRDp1L_R?3x@o9 z1E=R>Ds3?Eas`4m8~E7<9yahV8hE>bPd4yQ1OJkNZ#QuHD4FN>82CAc{DTHg_ev`D z8u)n%1bxE5&o}Vh2JSNOJqCV(f%h4>c|UZ>z^57V0|q|bz>gUCMFu`-;1?Ts+Q9#Z zfe#zF9NKv9NduQdq$nlF6YBq$7+^ z(Flx2U^D{%u?T!rdfuPBUGJ87lf}Qg2Gh6hzF1*qz}xlHk^@{pX5M|ZjE!V2x*w$U zd`9xklru8)Rwk3_;XF;WM}}U}JWa4ihF;J-O{_`%0Yn~>q@L%&ZVI3JN&^%34M}|K9RQd1X z{9Br*i7EWoJWWX9zvgKo3jZ}v6HxfCd75~_f6dc`6aH(SCYtbH^EAPP|C*f_^)}I*rEOZEd9r5kh+RS15DKD{0HB$I+u^z_*NSqu<^Ip_y!waYvVmO zeu<5rXX9tv_={}(R2yGz<0shoVjKUdH`o6^+W7Zu{4pEg8^6=Wr)+$;jqkAWaU0)i;{!JS78~DS<7;ia$Hp(Q@$+o_Y#V=(jh|}c z%WeDw8((bWKV4;Oe;favjX!4N-?Z_s+4x`B_?K+_J{$kEjsJm-f854DV&iw(_>_(B zHu=i;RwrKh8*k!mZ`aY`x^z4ExQ>o7^*AjvSbBaZ$sLds^0#sMdAAao`I$E{?0w<=FMD4&S>!D^=zZn0 z*d!>pNGd4F3^ws`NtLJZsdGs&hAS4I)!^+~@@u+V^d^qQ#(R@X#-dnyCdRdNBQEv_ zi{HEwPYrKDSzSMsAG%%51R78fvn7`|(Qy)XBpTA&Jtw?L&&h+(NyJ@HK(zFkh7;TC zTy*G7^r!o&%A_Yv$9JMOZ{h`>)zvq7ZwWW&mz1@e2H2Mm@Hv&NsZ7-LAF9O%O(;$l zo27Y8Np}g=(DtYNHIPi{Gj7+mzSx;u9IdoCZEf7kc+8u zT$0ebuand=7;t=wk@rK)Q)S-M$TM;}FyoLpvqU2pQ4FIEp718(y=dHurICW0n1B=+ukIAl-XJD_34xlMjJiul9 z(>EZ*3D0vt`Z+>*9b9{V+9ORsNm+dtk5KvdYjj0-1L^8`j@?y~^gOr7vm-i=S9yFD z^xUmA3VZw0ACc$D@|J9QY7dn3`UkwJ+5vd`pf|z$eLF-c15MoMoi&NaHddVWK|bef z_-UuDCDtT7+gBuNdmLJ%_v1V*a$JCiVDzKYRfx85EBn(+d2`uYVuo;K*K!?-EkL?D zc9h&Mqy8!dn;d$UK2!)c2HL!dl74qd3~z`Jy2smFWGSy0;{rOQXpwo^l;gaX{`6BP zMW@KN$cKa^%co?`_yCB}B0aiAa>Be_hIt~DPZg)9DX%+aRbHX^g=N~m2Y}>hkzWDM zX_0sN_yo^SdXsJ(_ov4rGCAYK-S5)-J8#$c>G*kfjyJLI$OoCsDJ|Abs8Vu0lq9;- zK)UwPFKe&yCbJT$)G)xkT(9Us_xzCxyvqyFFT3jtNzQs7Jh-ixq}lO;9-XgPxMVj$6Q z*zRY)CylOx{?I`6K#Gr4?}$D*?Ct6pX0g(w=P;clbir8kV#kG4;oj>Csnmoe7g8JX zvxe;1g9}sU_#!S!14!*K4hN*b1!ORlrEe`!wjf*fAmYUf*-p9lQ6%e2JsPY%(Qz+) z=`qCi*2y#=M;c!s-G{DTX~KpI*ubkk9P`VYLWazAb&q`M2ruvBr6 z7X6s#^{1Z~q6@R46NG3~iyoGuJA~+jtmxZ>q>69SqPwJMP>8<0R2%SPAkP=T;Ph0| zpY(KM+{KlMl|I9+h?ef?+wS>$;UPKlE$N8wqfDmsnOfvD^dh%UG{Z4!J8FgU%6 zdvr@~w<}9@e3FQt?CSWWAb$DX9nga*PZjJxeYt3eCq;nH;&FHp86PgAjDwgyy^lLU z(tajvG%mvXNrwp3{pe`7m~#skohym>(L}?b=t)pO!vOtt_EHR>?=$k*GmLIs5WfO7 zK7c0;qIZnpR`jP2lWWOx4>y3H3{y~st3mmtFnQ=nQkK=5Y#0`2&D|f8@)KPhCko@@ zGM_5H31;r6mZjQzp!@h1g~Bv^yUtMZVZ8kFd`+M{we+L?8C2lc411Gr8` z#hdIVar92F7!$p6P%Pa>|8ED`G(?iWE{b;d8{oS3(JvId4Of%hR7KZdL3dy2wqKL) zVgQvT&2e<;FliX%8t9kZwKmDw>^O>WeR>W>fliI3JRbe&vE+RMeX5(rTFS!&=0mg( zn)cSqNt!q9mmzk%KDm=r%i2Z8GXN6ZNAcUWkA4edv&BJCe7f>KRsKCZkkXC!6to{7 z*K>SKPo9zeVpNnnj;*JuLn8i|8EK4TT^*0HtzLLit$q5L>;hF}e&RsV^B6)K;10sA z->0Vtx9-P77U@TnC3RcjQn# zB+)=S`nI8!26-zrU`m9dB7Yi>8RVu;)mU>pmh>Z-?sVX)c$(T4d81jlTwrI6b{&ieO<%&l6xp;lV`DZpGA6 z2{^|uOy3gqk%B>QqKpdD|1x0v@dumw)AYFQ_(b4`G&Jvhvf4vKqrN=*xE^zqtGAs> zUYtsMV0_}~AJOm5-T1XNFnSM3h_gq`G2}!-4^lHxkB)pwoKiwki@XkzME3v`b?u|y zg3|7L$(dB~cszR*4N%1+-k<&xxkBec@!2vD=fW`#9)LAA&4=G3>Hc&z8A<2O@6*rn zSd>>SB+a~UjN={%M^feQ(`i5frE=eg@X(bQ(Q;KMcaoW+^bPNl@xKAzwU2%a<1Q7I zRQWDbnMKMzg=!&KWD2&MC*OP${EY||4=*gaPZ(+Q?_BavdriGZxA`*IrLt&f+6I05 zsT-1CM^SDl0wmc@ttv;ajiO4kj#P?9lf4-{qnG_}>v8gz#>_50(6YONatNi#ARpGy zIGuQ?E*fqt9uv8Y#8d644q5}B@D&5DXvc=Zot z)nRTG{T7yP+kpaI`-mwj-S$7JbgK9hJo^`By^W{9WY%|in98SdmUoAfB5*43Uqa=% z^-{6_g(zgvoWLJ~DJlzhj%7ONAt)B3Y0imwgx8mQB6hvYM^xL{mflCAxCs`cUxsWr zb@W?LLj1nw#r?OhHci+ps_IYgfHDkZL9~;b*~8q3_3dp(PvhUXJK8 z`(Re0`(8Nxd@qG-Dlgl;M}$id8LqPQZjsrC%;Zig<4vZdBw_N@zE#w~Gg9UK2#r1| zekEc;!g}8K=VK^|AsX0TeDj+P>UaK)Dk$Gfwu}7zlusV^3quZ3rMM=5u+nW0!G1)8 zIJ)gSy>weLi%_YzP*Vao)hS*sDPzE!`gJHo>pY6qiP0(lES`>vmbsLNu0MT3SksDE zg))-MxiiJHWPAKyXg@v`2IP1*73k1Z+@$bXZL0VVt@u^0sXzU&P&_HCcnHYx#js+7 z7XAk*+$MzI!3#`j#d91feq5S)3q@18hUdd%6n{{Xa{>4*FJ!*}OqO?mT^&c+)>_n$ z|4=2PaIviaeNs8lV#x~V ziEnY?f886ZZV$$qU1IGGmp{}RZV6x^lN!D}2%`l^TuqTss}z9h#$Z&gUV(*6@PF+2 z|Fd7i*TImLh{aJ{Vr`5HBw7c9R@aajv~B8J8RSUR^N_MJm!Uj|+%ki~18eK4w zuWb?xwJ~Y7)aatRC{9@kS1ja`#YJ!!7Uxj;*`OdUCN85pV@uEnH#Ww%%;d|gEc4V` zl~oI^RW-F%y?0sFy!i}Y6S+1Awz`7R#dOTSETV6USf#IO<6M7rBSS7NIl?9CqMPga z$}u%+i4-6;eDM~Ikd{y+xQP~HsPKowtRd>#6mYp{1qN4?xkQ>hI~18cTX8(k?+S+D zhu^hCHrA!CD2|2qmm(8PV<;92G}3XXN#>vkD>$d<@*|*A@b}y=GMVvs=zaK=Or{$2 z4bU}2U&~}pAphX&nap~0$vMBxWZFU7K=**&2l@u+VbD)NFFlgUoQr3|KLWi1bm>25 zGB<+`{7WW7YyO-7{Wj>MZ)7shfgS~Y19bPBC=Ytm?=zX{cs%$d=nBxEfi}X9j|Vdu zdJ)zBb|&)}=(3}k%puU9;o;T0p!eVbXc_ANIo=CZgW{<+PX%|ZWd-eJ1?P+(SJDGH z!q3Iu;BPV+eDKHEig9?L#n^QGRpal8!_b3z*_mZ4&zyW^=^3||bh0l`S$xUd=@$a! zm&wCtQS)%rO3LLu?X=p|0av$b^ch8ZI*l<>?9EPwaYr zkkzvgd2NWPhkQ`BdZDL!jMj5AWWIqH7~g`3mVrHmNiM>D>V!-aVjMJO3O8^8ib*f> zcO!qPnIF%VC%E8_x;4D@#ywns&j8L*ZRkQCwb%ba`DvhI{vOJdtv6o(;7GtQfD=HzeJ z`Hvxg4bBttL6I=WiWT^jW{e=g(0L8Bv zc6}fD-vb?E88Xzj9ua+l+G-8-T!!=ZIvi*9)M`6gkRL!kUaM#G>x3Ny;k`WlO{_gy z@ULqI^cG7b6f&(OIj!C21&z`c1qeKX|JTaCGC@RK+-`;hb3hf zFrLaJbxAr$Qn#dal5UVRENQ2tJ(BiHx?9pdNe3hylyq29wfJY*g~AS(q;n*7OIj!C z21&z`c1qeKX|JTaCGC@RK+-`;hb3jxr2mq-B%LFvThcm7H%J~d0L47@e!UO1toDwyw`@$ zmAD#rr8r+htN`o24o3w-_EBoUUjarFHSTc`KVQKg)vLyHg>T0}0XtidqYD2=9OSc~ zzH6j2X=fe;xRRu>bM-0^#?CINSqV4w*`nQ~GF>M5(oKhz^VVdQ7z>7vkDyk&_RAs z%2zBF^8A?u4nKB~{~|8z`Rt$NfY&+T5eK{*_{72~%s$@U=OF*TIbO!r%SFuiJv!`v z&O!b);1r+B+``{)3Brmnf6C|A8VCFi2Yd(c3t+!m_mNMMP{(cu`Mrb}PSo>HX%6di zkblzwf5!pO0MECM_e4wt^Z7f?0l$pnWvp7pd73nIrGvcXfZrwc%(+A;*dX=X51iWN zCb}>o-7Wk1UI#sgalX@d=$6;Di$yUu=pa8G4Ux~^`40FB2mA&HJmi2s<$w=3;3E$B zXAbyS9tY{XLB8OCPawPycR?;g7>5AbU#w~HP0Tdtb>p9sxLWrV?(=jII9(U)m&_El2c-)OaATP-4%c)1 z)azgqa5^9VaJf*xpF`ttEZU9YX4l^#_1Nbp_d3-39pEl$n@RRN$iF7_|GV^Sku3CY z4)PxX&$r(}3A%p1I9%X>FXng|>$yZ!xLwwJ18|o-Hc7Js{xt{v4*@4T)q1_E|L=B? zA8^1&9B@|ekHjh~LRkOXw=rnNe47}6Xe{2;RN-gYeHpA+E3LNQ7NC{K8$;Hnme59D zi`5tlMWU83-pc{cuqwd@^NaHpm1SFT-F>#;mnub{muEbKsKdAt(z zu2{>g6*pYHtaf#cuKb#nE9*U2%zxSPH6Ff}zqFxp5p8-A#XbjOAB(^i#LH8+NNq`8^ak43g_Z}~JUlDwo2=GWBend0$6f_) zzB+w&HF@c&e0i;2np*+B9SAbTUKG~qYp{?$me;r9QM`fAdby$sTNOY|?o^>d%G*$E z>T!yn|CwD8?AGV*As}+G@;*r_u}h4t z7^~dn05L+_jXvTOM4Ow)Kwuo(9XkQguv8*HWJbXOZ!p~OP z+@;BWzGh|l06-g_$bbeK5zi{>t>P;U3MiyM|Lz;KV};p>wBLg2(`v&R8DNK&G4_73 zxw_)|ib$ZTBJW-yFkSBI!mlS7XK8N=V;c+|SnMAGVY#sj`AGY;V51b%YOxcBE<$I6 z*bYNO*pLER^!72?$S(4tx$5a_AKHS%*mFY{C2ct;62?E9r&)CiXqy%Uknd-rM#jo2 zIea@^0n~Y5Y!`G&4fV0lzsZR|CrEt5lNt0)P~JvV(6(DC9&g7jwKWYIkwoGSEoXDODLNFZ@P7ScP?8FLQUg8-%!i4uq}=9 zlt!*o_uw&I5WD5%n3(m5<~)DxWbf2{jEw$oL``kIBquv`6%y^9bEea@lMlpvGpQU0 z{^AB{IU5DJ)h;_(59gvfRFpkm`QBCaG1@39rxpr6%|%YRmQaQmL~V_dt)y~3xI4MM$8h%=B?;D)ai z_a)}d?SJB!-lNkaAG{vm$-b|(dXFx%xvV-SO3xed$Vr!X+P|4(DXHg0f@6$cznJCi z`#4Wmf|BC#cTQRj&MdFq%PH#0k*0TCx#@baSeh!N{8!%xD0+ny$KzU_?DqSB;*o~- zUwuEIXdM}cM1YH+e2kLb1iQY}m2fMTl4(~CYN^&NxyenHi5_y6x8OXZhSAtd!Z zgreB$iYFrUF410o7ch#6($8FAD7pAAp5Wvrd;5PI*=Bi{OUNtAzjZZKl*wa7{}H@d ze$I3ups12lDip8iZd-Y`EU&1&!>V$MK5H*OL)4_6zi(F^O&XxeNtQ2xYTAFuEpil9 z-{B~Ed;DHP29;Osuiob=>eCrQgK9se?-#c6>b7M_{}$Qb-KR` zF5CZA`BIdpzOTxw_upYz-Yw%Vhas&`+4Vh?C7)Dz_5ITBTSSd@4(+GvpNzt0dHwu< zgD7w7e!6~<%h-7+OuAJ4?yxMkLC`%aL$J&(sUp*4{c{u`>EsRKV3rLhTPc~;<|5Dc zZs3Hqsy7yrM3b#mi>Pk Cra2@4 literal 0 HcmV?d00001 diff --git a/src/common/p_main_c b/src/common/p_main_c new file mode 100755 index 0000000000000000000000000000000000000000..fc2f76d2e14ff5d12a0a4fbe8d4f2dcd5f67991d GIT binary patch literal 33584 zcmeHQe|%KcmA^>{L`4%;(o*opfM`)9CgHb=2EyP(3C4sd{(KoG6EY>q#Q6b18ylLW zWjf9_T4|}R7I*E|?T-~*wJd@}QIhW3Hrl$fTdmQB?L@SV5w~nrX20kDnmdnq{jBbO z_Mgq=lR58v@44rmbMAfj-S>lgzvN!MDmN#Gsg%dAV8k`d5lDs1D7{l2fK;$0>~#FP z*tu*X_z4^n`4xg7SENI^nY2LSd7xBo8XaVzX9<`osw^Z*<(yK{43VQKD-t}F%cnyZ z{UEvcuco)p6uhElIbL6ll(*6RNdi~YEJv}axmo1bY|NyC(uqe@K%|`%E-Ke7%Qee# zidM*YDyoW;I{I58<7ua*$fKmFy_XQwMgF{UWhL8$mA-%T={tX9_N)DF931&UHXp>#=0VEv*6m$Wp_YYDVPJLYvPSu}6af|78s zq@3qdF&F-*PhGX9o}pR#36o)Dxm|)+`Y3Oz%qRI}tKuae!qjB3movv9Pq0g@EQmF zJO?|A&^X!byaOE|8-Bn+PoaaqH#^7=JH$EUP;a+`p0^$FjShPDILP-n*z>wWeC~J9 zbHV{{a%dN~gPna2@>e^=`7a&xv^(gz%|ZTIhd7+(;McVd@!9Wy&vUTnfCGM~L%m;h z(7)LsK8qdne9@uaZ4UU~I^f$K;`tc|`6dVXuRFy56$d>xIOrL3(DSN899kXZZ*r*j z1&8=w>0r-?4(;+!4*FpxbK%dPW;*D9%0bU6D9ARBZE?WQ2JXV2JzWgIWe36g@Rv>h zbq@H$4!GqIpHlcc3uWx-ddN>QVS-CEg|Fl^$kQt*y2i{UQH`Kse$Lt*x$X3AXvyde^u3nPqKg4Ypa~h&L3mEFqdz zu&!>kwZR{;ni|>K)pb_bAKK&(S*`v^bFh(7=H^f!;^#+|Yu8zA{>}W@>+|{BBm6Kd zN|S6LYz5i^P=?=dvtKBnVkG15uo}G)FE11FdmGucHSRUM6cq`FTX+uH;tz#_A#RSZ zCE#z1nCAF`ZEb#^sF^f3h5Tvjs2X3Oy%`>~ASPTP32~)H^_5jM9(OH=+q|u!JjswX zkk{o%Uwe3?ii*$M(z4#`+sN}(B&eJ(8VZq}qVAK5OD{5tbGtJl;0tYOj|6p8n*AN& zNT_^$w28TEYpwQB02T1agsrA_R#|&v&Dv{)`_WBS#Mf@E541Hh95?!#ywR43)e;Q0 z6CaAU5or&$w1^Ht92E$*`+1J9B^dS-*c52-w*~14Rf|@@F@;hH2HF=`-p0m|Qb3I@ zq(x1#S4j1$slf8Om9#VjMXZ||TWU77g086xwuIdQeiT`3S-y^rva+)B_1<{q7 zZK>t1TZFSiR$p_CP&3~bXcLw!2?WCyiuo5*!PS+b9${o#hr4`w%UDv>5#X z^Lc+ZD}=R%DG01-%3`Z_O`VhXbqlPzh1S|K%Z)0n4ILd;yFU~Tws~6ukuBDyQZo1& z$I_0mTgbyJ~Iu+8gnA zpo_QqTQL++R-3PV3sIaWAdOreLvV;hD9a*MzKxczd85_j4YV+*$IwQ1b@S<1oaCB~ zZlc37E){9?&7Di^B4RiAV3p4F3H++cN^5>esU9P64DPDcRVym3@{$Gms4RUrKYdtU zvXE7-Teo~gl~o37(uXBWMagyRpk2y~aOza0GL;jU2qBW?ojPABr*3HZ$i zPqKOZIEPJw>_k?8Ux7~qm%~m$E*<4cO{dCy(ndN6pNQkrxb$Rjq?2kDc2FLbpTH^I zr{=KV;2KHywJ!YCT(IRd#wN4(fl;FT$Blf~+;-g7=CcoV{scB6^J^eKH4r$Ru~XS8 zkRqM;-SbTx6|gfU{{-hJv2!FJogO%ao{U@wo)UTcqM`3skJ25`X>6gC-}2Igca z$H0rE{WQ(G+`!d53nApsFI1MAPZ3VfG*nXaFT$%82&(3HgkNpoYJNxfH3r^K6L}y$DQV!c3-PQ`1DB5!Iey&0RonB7HldMZ z(ZO{pFz{0~igU%l(ZO|^X5f=GihgY1ryKYj13$ySOAWlxz?T^K6a%j?aPz*vW8h~R z@-+rd&(Ty`XW+#O1Z^NoK74EaF=pKahn27bPQA2RR@41CzY zKX2ek1D|8yqXsUAJf3^pz%Mf7nH*=R|Ian>0t2UeQI(1ee4YY9rx|#Ofx8U+5(A%O z;H3s$YT$HLR%wZW%ORd;RT%huB@F5@@C625W8e!7e4T+WGVlfiUu@vb2EN3=+YNlF zfp-}Ar3T(*;FlTrHUnQ~;C%*urGf7-@CpOpY2eEZ{1F3RVc@$A+-=~y4Sbb>_Z#?C z20nf`9)a-)j7Q-AO9b98Jm*iI?sp12@%(?e7MGvi{zz_W$kY9N!2uqE)WWY-Gd7kw zKMqoOE+hG7${8DZGnGp9ah@j7VvHgcWjY2rIJvRv~t;T;<((>zUd$3|vqo+h|s zBU3bg2Iq4$UQPAGrrh6?^`o+h^NU-LAfh5wqTi7forJWXKXzvgM;3jZ}v6IS@I zd77xgf6dbb75;0UCZ_OT^E4ra|C*%~*E~%y;lJi-VhR5>PZLV`uX&nC!hg-v1QPyho+gg)U-L9! zg#VhSi6Z>hJWUYczvgLT2>&%t6GHf}d722qf6ZUQ`S(6j{?o({?XP*7@WFr0(?k#c zYn~=}@L%&Zv4j7brwJYW*E~(+;J@Z+0tf#!PZKxzuX&oV!GF!uL=FCHo+fDUU-NVW z4*xYz6E*m+d3pc<|20n&HnjhT%Kr+^zo~eP4xQJ~=&+LU@d3QQDwDs}#@E~UY8&si z@yl%dLK{EN#-DHF&$jW!HvV)QpKs$o_GJ3=fsKFH#vifquiN-nZ2Zq{{0laIpN)Ug z#{a~|f8WMGVB@#j_=Jt`weg)cK5FAzZM@&c-)iIQZG5$jciZ@7Hh!UvpJ(IGxAAA& z_+lG>x{c4b@gL(J!R+53*!XvC{1F@fx{ZIu#{b;LzhL9{+4v`I{7-EB_ig+GHh#N} zPuTcg8{cW;qc*Kk> zZVv_(Oh6LLwgT}a^6wzB^mwEgQjH$^fso}zNyGZVUq>#Uk%P+i|$b~07u~E;n zzrWJ+?D0HL&Oy&hCn8g!AYUpdNDVjfc2wnQ{?fJV$kk98om=neUiLWMC3<2n{s(#oyTEEtUkHTeasVgA3q44 zL@IJ}h!#Foe{5Tgiw-@pf#d*H8Fwe?_)gU3i9O4+y8EZ?Dd6V(g0gnefcvupe9k3n zDiSsQw`%c16N;0?W@%niyrO_=xb08bYap4zrz%`M{gE@cJY>IySt$^+K>T|4KfNx&)icTr7Ej{FcgMm>_!M^@z<1OiV=uG>80i)dKL6+(He!l1IhQv^LX* z;mTG#kCHLp1f;w3zJkp%>c663lSBVNA1nkK{cWCD!9Ybp1aF5AR!p|H$Rb`b#szdp z(IWG-DgVT48A$&9anUK#E%F{A@!~%%*Jk_yh|wZ_x-Fvi_6&U6?0R}xZ5Ik23T{Fp)$bB`W9C7Jsl;t=_x+=Q?Lm zg?p@ADs}q8S=4y^tRZ`L&C5iefIcFO%8 zMbf_1p}{(0op-~RF4K`D2EBxPCk5eS6zJ}}JE!pLPjR>M|BhEeLrZQ2RX31)o7Yub ziJJ`R?h-OAk$;aCeU;}8B=-x^X=%~Zg=j>J{#c6MCq&=9LTi1CkVO8?T6C)v4G7Wa z(xN{FvOfm~C(kDRad#KSU0jJ+;ZyALaN&LZ+uYw19+D$lq$Ah8pGp-zRgIkboyhGM z&2WU;4jj4qeRPSZp%yJAfOhI5GF0Wq&_@qpkV~cqxl51Er|##89Z)5%K#8N1(jbrW zA5pUhWl_ahFgSS?_vqHlZdVlR{3sSZ-rf08PV};^ozR0RPdV&=d%0+c$3%d}a5qR- zn?(LgJmVmyPru;UK=KUOXk3J!Asr%6-#|yZ)tptWUhcwi#Ts+MLg zB(q}A#ofom#dte6s`xJ4S<6lw=7#5A&U@8Ba_U&x>TQ`(^kfc!6&L~sF(SpDe4c){ z_v6<*yD+8b-bY!iaNF5%#S`x(ar91)7!y5mP%P}B|JQ?T8Y0PG7e%}GHE`Yg=obp! zf~)afs-k;1r? zB=2MBQ@u3S${ECaXdg7~)t8YpZ`vy%cC;?Oom9)(MaJI%i1i-EZ}&d>&5g_x2YJ!i z%Kt?1kMO`sH{Rbv`_V~#M5oYKwQsta0qip4%I;t4Rl|B4_fIGD2vzcMu|a@n@<7abGHsW{1d@{h+8m_jPW|q zSNDp(IwA~w8BdL*?g5fW)IUM`B=qawQxlN65W*#+yK{&|=K#UggIac_RQ@6=MkDs7 zmEA$gxZFT;4X@gLD9&{s61FZyk^M9^Os1%C%uNFX{^~J+_3fnoCs>%$_Xt=~csSO# zOEJ|{0(W3K~qlt!0kJSP>_e}$VnkZcpy4=mB4*vk?3 zpf3INyWAZbl=Z~mcU;IEU+Ziqu?HvdZb-$Re1d+r@4~OGYoXtggg9@->_$#u^zis7 z@^zah#K|lqwa6{-KGr(~!R~$Zn^V|(H~fXSUz?`9-ND@(NOn=1(pi{)pUlH;#6}Jt zfHgMFwd6Ru_8u<4yY`j5QxxyO^GMlE5*!hZB#M7eCm_Y1%9SH)>$LkLK`ms(Yho9jiDW(*Sv8prme@b*A<)jzyV z{?cgO&4+k)S3nNlG!5kgDjMem9{-DO`UV~Zlc@t_YK(?YJ~E2a`0)(;cfz{(c77oc z^~x$&Q!BhcrrTP9L`5r9ajWP=?%qegxrIIVp@3lW3VXgvrSUvQo8^&am2wM;V|aWm zyTe_=CKdSaQ5VXnm%O>qh;FDB4^T#o;~6L7ZM?qB6S4apK9<|g zwqzxV;`UpNyS-$?$>Z*C3FdcH&porbmb=}DmosE_9?#uPth2LUf^>=XDF?6gV34Lbbrk; zYC8Qqiw4nc6G+Lv4m`B5x8PPP5$o+kmT1I&3Vp112LTPRHu+o{;JM9i743prCsn{bCA5|6^8GqX&>C zhzsR|5Nyy$jLsF!kJ56yP9;g|7wERUJSzWwjKw5VzzIUUL{C~oHy z5f_c`iTtPV^iOoGi_1lzrt)4>+=^FY()IO(B=R57qB&A@gkpj_oOrLQ;#H~?MF}&Lo~2G_{umP)HytW#V_Htq0E1V^2x($ zVaOm=ifaN0E9|)+_9Gg^(GBORg+1{!LZvpKrWkJL6TDnp#(+2VEl`Noc@V7=p*hdu zDO3@i^7m5pD13*o=2v*BDO+ZcBl-96*bXEE(0=r67?9!JHx6UaIUBb}d_JAXKTc0= zxZq z0Mq2XXLsjewxt^N-=*unn^!oHj8OeF+8#zoen492s`^Iq7Gc+ucm*t@^Ftuw9=C|Z z68TkH*_Be+=S88ebfGAaK2Mws6YoU%Hx~M<3N+_<8jrwu1jZvU9)a-)j7MNR0^<=F zkHB~Y#v?Euf$<3ZA4Y)w-!>&IuHkC-wl#*Ey&L_ma1<+ugu^zJ{>!|-@lqG7_51vR zP5clGZD1t{mspO%*BoeRto27AA{LvFIP^z1x$r;jjVd+=BF!$b_J+$BY;AAxV?piPezU(MIPkd=tVQCwm@j1nYT`+`>2kQuaA z02Zp?Ic4RGxr#D&vd_W>R4L2x^*0(_Fp{rr5(u_2X|~kpqPi%4X$e;(=#s@n&=^+q zQ2FVgATA~@qdsR-zza9lM>k!_mswfvuCvO@msnR-R$FzR<>d<(F?>bj+UVcn3g9iH z`l5)wC1PdX^7Zq53mO@6X~_{TQ4`)+$5)Q2R7<1)spN~dXoR!`LxByn00Y)X@V0I6 zV;urtdpoNSdpG!9E?R!U6=p7x=FJO+=FL+a&-1wg?O5l>wM;hJ#jY@pMHDVZ9+<{p zB;s$R<6x7_p}v`3L_wm0E`` zTl#7$)dAWDx*POf(APj;1pNr~;zOy_S$H!01nA|USNv-#bqnawZ&Il*f*u3?F6e`= zrBZuA4}-o2y6bh62fg`?RBARJ(me*c67(NI8)3&Ehf^tf9n|qwD)lhv(|9g52)Yu_ z-QEFZct~A@`rUZ%vH%oM$9c-Rqn71#6y?mAJgJ}$a)jfn0yg~XR0<#bLBS+ER$^>6 z{_q@~ZF@15a-m*!M$xJ>rd?fl+U9~TcIEU-FPcAl7EoUP7SOIC)JK3!q&I@U4#KIt zOjH-W7`*Mbsnk5O(|tzKS8^*)pO`m02PSb_=#|1o__;MBzk}zykoO|}!T(D5rOUg! z^YRwvk_tvLqxd_D*u)S+Epr`Yf_YkID)iUjS=!TPJ*4L+yeh6|3G$M7$m%8^l&v1f zESRA6+ya?X@S^0~5YaNwlN;wE+@~(cG$FGA~U+)=Zd zx89`hyoo+KL$#p`dDLEihw|rvPWT>_DO+z!>zIIekqllsr}Nv>`LmHfi2MdKKlcW0 z<4WWgp#N{n$p4bgZ$y4O@?)r8*Pqv=+qDPz|BCbGo{ao$I{#thuf};oKIrm>{m&!6 z2KhfU^K&24^&ckv$X{jVcc%TDKz-p~QYq>`T7T{VEScVMsi3dcV zptf2KJ(u9Ty&lJDJ=NNd7UcVpkJtR^{2E~gL3le(e^aUt=X^Pj?as}AH|)7nUsCJQ1i z!Z@b?(n_guxuASZ#GzV`Xoi6K8cK9Xb1zD2{UI7}DdDot(+4L~K|0t)V>yznmaU`z zTZ=SN5H>3FPnCSL%#dOXA0F|9&lWP0EXE#b6)-L-JWZ43Xm$XaLK1p{u6XYWFMt^{N-R&QR5#6@$*IeQN3zhSNJv@ZvdYKJFmo7Y?SzYALz5d<g2M+K^gQi=&qqJb=I;szyb5>` zuDa9OMZM~`#zFoT2mE!MNG`g1+w}M$KZPu+5t`L?DZ=#>u`wCv^JK-{4*C-g_@fT^ z$G~SPXAC+G24suRTnD_G<3(&isZc`qhLma@tb(K&`?esA=2zM5@jBpNcfkJ^_)OTZ)_LTUDAe(SgZwWE&z+*@r_vnuii7-^ z1OAZ%J{1$fZ0mSm06d$&OC0c(94}&PWt`8GhTiNTA929HA@$T;Bos7AJ&ypVcDa)- zSV&uCKmVnJo;Pv6(>SU2=ea->V;?xkFGWLS^YnOmzy}@hBM$f^?w54N zAZI$@GaT?a4)`p>b8(mCGL+-65;&cA_Hp=H2R%NAI9m?#U*>obd+uUU?>(}8AE$aT z4^iu!s&(TBC9c*vMYwqS4RE?%*vI)K$7itPa$X_D*}K5AwfiF6m{I?kC9ij@WPw_a ztI}!ecfh~ofbVp`_c-7OffpeT_V~Z-Apai@cmZxO$*-#~6t)MX3#&Pv_D3DHNO}8p z@J`@#KK5KLB>D4a92TP8vgyB9>aovT9&)Jnr@&px2!sC0LH=#2|1%c};ia<7hYs=u z=;GP-J2)G7*8bptU(4|#woBH#P1f56+$E1q(&>PI%R&F6z{yUvKCkNkFF42_alj|x zK}R;fSe-8vDJuzL&2R7efEDp>U;x6AXj4;(kEQozup+G%-te{gX|?gjptYeTxE^o7 z8Y96_*z!g@n0hzah_$@4O7Q&@EN>{}-C|*zfzTG#6vDOzR%5iam6jYgII;hNDeC;% zjaJNGy~MHtLB2A-b<=_}zI=HEOYRdApoP-C5xkDH@Y)vJ3SiyysE_ld0W8&j)#__k zEMJWx(e+l9h2`fLc^ZB6-ml!f{?9CA@3?$Bt!uxkc6qhia<5rQn^suZqRMi6B2XAv8H<3o3cexlYWnDQ zl)Us*zQtB=&n-XS7er=eZc1TQU5gdmVU*y~DOgF$%eE1-`CmMpbj*+{Zh^=F6#ZVpX zoRAR|b^2v)o?F7JY~qr%<4cqM z+)c~!!GKOy8Bl*C;#rP(N}d7==}*252W?$pHX?1jp!&4hg+>P0p=FE>VQj9hyrCrI zZz{>UX$VZ0+q>|K48~mAq{7$_LkAWcNkCY9bi;k54O_5difOgj5PD3vHgJ)h(v|S`a|Kv56Wb%gW_Y?sPR! z=Yg?@&`CAaMLzj%C%%jz@tsdH5QN0ook#A9Q<1Sj2XzLV$^R?nG-p&!{gt<++|VW? zllQ^Q-I8o3z;-$z_!I)i;fUA@D81v4eM=OfpYK;Qh^Ky z{_L)489N45sO@&r9?nN~s0aZxH?gXV(2h|VwNUVBE^^Yfgfhe+YHO5qC1s1yC7J>o zq9LPie4-8A_?~Si>8H-Gd%E1~=cGN~Y^78uqHB=fX-bVXH+#d)tfX;E z8>$dA5)wJs$SzFZQgSiLSjY?cTf9_29<{ebSP37#N^n@RAqbWZ!hRnsp)-?}(0+E1 z4)S?wiN9IiaW!KnG|izJY}w@RpndUhGf128ajoLMP3Ta^sNCBcfO?@2XCN!VU0^Hj zQOrBuPj^i3-RTh!UL){i-~U>@cbC~*Rvi^5KP|s=>*AJhIpJb7lBR;E!Ue%hL-%B=y~c`rbj+Z}`ouWUm zm9LmB1Qb_^H?veyl~eQ|Y~|H+ctvw5Xhu@y6to`)X8r2> z97WZ4J4)Ub4)%g9ui9U|-&1s}&JY?@`zd`tx0P4#e-(XA2})|O|2MYs4Ru0LQ8f-I zHTL?C*vh{n-&ZSY3m=b_(na)-_&WoC^0e3Q-_`!^_IRuM70pBN3yt#XeSgEv0FjiO z;L^Op={Yd zKA=IAQsbP`p~@-#926!@)nCyr%QXnPTV)8ARYL*zw+x8U^WwhFm|Yg6E@d&0;zgMEisServer = isServer; + this->InitSSL(); +} + + +HdcPsk::~HdcPsk() +{ + SSL_CTX_free(ctx); +} + +void HdcPsk::InitSSL() +{ +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) + { + return; + } + ERR_clear_error(); + +#else + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); +#endif + ctx = this->CreateContext(); + if (ctx == nullptr) { + // WRITE_LOG(LOG_FATAL, "create context failed"); + return; + } + ConfigureContext(); +} + +SSL_CTX* HdcPsk::GetContext() +{ + return this->ctx; +} + +// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) +// { + // RSA *rsa = nullptr; + // EVP_PKEY *evp = nullptr; + // string prikeyFileName; + // bool signResult = false; + + // if (!GetUserKeyPath(prikeyFileName)) { + // WRITE_LOG(LOG_FATAL, "get key path failed"); + // return false; + // } + // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { + // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); + // return false; + // } + // if (type == AuthVerifyType::RSA_3072_SHA512) { + // signResult = RsaSign(buf, evp); + // } else { + // signResult = RsaEncrypt(buf, rsa); + // } + // if (rsa != nullptr) { + // RSA_free(rsa); + // } + // if (evp != nullptr) { + // EVP_PKEY_free(evp); + // } +// } + +void HdcPsk::ConfigureContext() +{ + SSL_CTX_set_ex_data(ctx, 0, this); + if (this->isServer) { + SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); + } else { + SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); + } + SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); +} + +// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) +// { +// std::vector encryptPwd; +// Hdc::HdcPassword pwd(); + +// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { +// return nullptr; +// } +// if (!pwd.DecryptPwd(encryptPwd)) { +// return nullptr; +// } +// std::pair plainPwd = pwd.GetPassword(); +// if (plainPwd.first == nullptr) { +// return nullptr; +// } +// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; +// if (localPwd == nullptr) { +// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); +// return nullptr; +// } +// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); +// localPwd[plainPwd.second] = '\0'; +// return localPwd; +// } + + +unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // thisClass->psk_key[8] = '\0'; + // 动态加载 + // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); + if (strcmp(identity, STR_PSK_IDENTITY) != 0) { + return 0; + } + + unsigned char key_bin[32]; + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + return keyLen; +} + + +unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); + if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { + return 0; + } + strcpy(identity, STR_PSK_IDENTITY); + unsigned char key_bin[32]; + + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + return keyLen; +} + + + +void HdcPsk::HandShake(bool isServer) +{ + if (isServer) { + SSL_accept(ssl); + } else { + SSL_connect(ssl); + } + // int ret = SSL_connect(ssl); + // if (ret == 1) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); + // } else { + // int err = SSL_get_error(ssl, ret); + // if (err == SSL_ERROR_WANT_READ) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); + // } else if (err == SSL_ERROR_WANT_WRITE) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); + // } else { + // WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); + // return; + // } + // } +} + +void HdcPsk::Event() +{ + int fd = SSL_get_fd(ssl); + if (fd < 0) { + return; + } + char buf[4096]; + int ret = SSL_read(ssl, buf, sizeof(buf)); + if (ret > 0) { + buf[ret] = '\0'; + } +} + +SSL_CTX* HdcPsk::CreateContext() +{ + const SSL_METHOD *method; + SSL_CTX *ctx_t = nullptr; + if (this->isServer) { // TODO: 待重构子类,先按照样例实现 + method = TLS_server_method(); + } else { + method = TLS_client_method(); + } + ctx_t = SSL_CTX_new(method); + return ctx_t; +} + +int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) +{ + long len = 0; + unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); + if (!tmp || len > static_cast(outLen)) { + OPENSSL_free(tmp); + return -1; + } + memcpy(out, tmp, len); + OPENSSL_free(tmp); + return static_cast(len); +} + +void HdcPsk::SetSupportPsk(bool isSupport) +{ + this->isSupportPsk = isSupport; +} + +} \ No newline at end of file diff --git a/src/common/psk.h b/src/common/psk.h new file mode 100644 index 00000000..86d26f8a --- /dev/null +++ b/src/common/psk.h @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef HDC_PSK_H +#define HDC_PSK_H +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +namespace Hdc { +class HdcPsk { +public: + HdcPsk(); + HdcPsk(bool isServer); + SSL_CTX* CreateContext(); + ~HdcPsk(); + void InitSSL(); + // bool EncryptPsk(string &buf, AuthVerifyType type); + // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); + static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); + static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen); + void HandShake(bool isServer); + void Event(); + // void Dispatch(); + static int HexToBin(const char *hex, unsigned char *bin, int outLen); + + bool environmentSupportPsk = false; + SSL* GetSSL(); + SSL_CTX* GetContext(); + void SetSupportPsk(bool pskStatus); + + +protected: + SSL *ssl; + SSL_CTX *ctx; + static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; + constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; + void ConfigureContext(); + // char *clientPskIdentity; + // char *serverPskIdentity; + // char* psk_key; + + bool isServer; + // unsigned int maxIdentityLen; + +private: + bool isSupportPsk; +}; + +class HdcPskClient: public HdcPsk { +public: + HdcPskClient() { + isServer = false; + InitSSL(); + } +}; + +class HdcPskServer: public HdcPsk { + public: + HdcPskServer() { + isServer = true; + InitSSL(); + } + }; +} +#endif diff --git a/src/common/psk_original.cpp b/src/common/psk_original.cpp new file mode 100644 index 00000000..814688c4 --- /dev/null +++ b/src/common/psk_original.cpp @@ -0,0 +1,624 @@ +#include +#include +#include +#include +#include +#include +#include +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#else +#include +#endif +#include + +// #define STR_PSK_IDENTITY "psk_identity" +// #define STR_PSK_KEY "1a2b3c4d" + +#define server_port 21111 +class HdcPsk { + public: + HdcPsk(bool isServer, std::string& inputKey); + HdcPsk(bool isServer); + SSL_CTX* CreateContext(); + ~HdcPsk(); + void InitSSL(); + // bool EncryptPsk(string &buf, AuthVerifyType type); + // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); + static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); + static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen); + void HandShake(); + void Event(); + // void Dispatch(); + static int HexToBin(const char *hex, unsigned char *bin, int outLen); + + bool environmentSupportPsk = false; + void run(); + private: + static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; + constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; + bool serverRunning = true; + typedef struct { + uv_poll_t poll; + SSL *ssl; + } ssl_handshake_t; + + typedef struct { + uv_poll_t poll; + SSL *ssl; + uv_tcp_t *client; + int fd; + } ssl_uv_client_t; + void ConfigureContext(); + // char *clientPskIdentity; + // char *serverPskIdentity; + SSL_CTX *ctx; + SSL *ssl_cls; + char psk_key[8]; + + bool isServer; + // unsigned int maxIdentityLen; + +static int create_socket(bool isServer) +{ + int s; + int optval = 1; + struct sockaddr_in addr; + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) { + perror("socket"); + exit(EXIT_FAILURE); + } + if (isServer) { + addr.sin_family + = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + addr.sin_port = htons(server_port); + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + &optval, sizeof(optval)) < 0) { + perror("setsockopt(SO_REUSEADDR) failed"); + exit(EXIT_FAILURE); + } + if (bind(s, (struct sockaddr *)&addr, + sizeof(addr)) < 0) { + perror("bind"); + exit(EXIT_FAILURE); + } + if (listen(s, 5) < 0) { + perror("listen"); + exit(EXIT_FAILURE); + } + } +} + +static void on_ssl_handshake(uv_poll_t *handle, int status, int events) +{ + ssl_handshake_t *hs = static_cast(handle->data); + int ret = SSL_connect(hs->ssl); + if (ret == 1) { + std::cout << "SSL handshake success" << std::endl; + uv_poll_stop(&hs->poll); + } else { + int err = SSL_get_error(hs->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); + } else { + std::cout << "SSL handshake failed: " << err << std::endl; + ERR_print_errors_fp(stderr); + uv_poll_stop(&hs->poll); + } + } +} + +static void on_ssl_event(uv_poll_t *handle, int status, int events) +{ + if (status < 0) { + return; + } + SSL *ssl = static_cast(handle->data); + if (ssl == NULL) { + return; + } + int fd = SSL_get_fd(ssl); + if (fd < 0) { + return; + } + char buf[4096]; + if (events & UV_READABLE) { + int ret = SSL_read(ssl, buf, sizeof(buf)); + if (ret > 0) { + buf[ret] = '\0'; + std::cout << "Received: " << buf << std::endl; + } else { + int err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(handle, UV_WRITABLE, on_ssl_event); + } + } + + } +} + +static void on_new_connection(uv_stream_t *server_stream, int status) { + if (status < 0) { + std::cerr<<"newcon error"<loop; + uv_tcp_t *client = new uv_tcp_t; + uv_tcp_init(loop, client); + + if (uv_accept(server_stream, (uv_stream_t *)client) == 0) { + uv_os_fd_t client_fd; + uv_fileno((const uv_handle_t *)client, &client_fd); + SSL_CTX *ctx_tmp = (SSL_CTX *)server_stream->data; + if (!ctx_tmp) { + std::cout<ssl = ssl; + ssl_client->client = client; + ssl_client->fd = client_fd; + uv_poll_init(loop, &ssl_client->poll, client_fd); + ssl_client->poll.data = ssl_client; + on_ssl_server_event(&ssl_client->poll, 0, UV_READABLE); + } else { + uv_close((uv_handle_t *)client, NULL); + } +} + +static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { + ssl_uv_client_t *ssl_client = static_cast(handle->data); + if (!SSL_is_init_finished(ssl_client->ssl)) { + int ret = SSL_accept(ssl_client->ssl); + if (ret == 1) { + std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; + uv_poll_start(handle, UV_READABLE, on_ssl_server_event); + } else { + int err = SSL_get_error(ssl_client->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(handle, UV_READABLE, on_ssl_server_event); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(handle, UV_WRITABLE, on_ssl_server_event); + } else { + uv_poll_stop(handle); + SSL_free(ssl_client->ssl); + uv_close((uv_handle_t *)ssl_client->client, NULL); + delete ssl_client; + } + } + return; + } + + if (events & UV_READABLE) { + char buf[4096]; + int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); + if (ret > 0) { + buf[ret] = '\0'; + std::cout << "read from client: " << buf; + SSL_write(ssl_client->ssl, buf, ret); + } else { + int err = SSL_get_error(ssl_client->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + + } else if (err == SSL_ERROR_WANT_WRITE) { + + } else { + std::cout<<"disconnected"<ssl); + uv_close((uv_handle_t *)ssl_client->client, NULL); + delete ssl_client; + } + } + } +} + +void runServer() +{ + uv_loop_t *loop = uv_default_loop(); + uv_tcp_t *server = new uv_tcp_t; + uv_tcp_init(loop, server); + + struct sockaddr_in addr; + uv_ip4_addr("0.0.0.0", server_port, &addr); + uv_tcp_bind(server, (const struct sockaddr *)&addr, 0); + server->data = ctx; + + int r = uv_listen((uv_stream_t *)server, 128, on_new_connection); + if (r) { + std::cerr << "Listen error" << uv_strerror(r) << std::endl; + return; + } + std::cout << "server listen...." << std::endl; + while (serverRunning) { + std::cout << "uv_run" << std::endl; + uv_run(loop, UV_RUN_ONCE); + } + uv_stop(loop); + std::cout << "server exiting...." << std::endl; + +} + +// void runRawClient() +// { +// uv_loop_t *loop = uv_default_loop(); +// uv_tcp_t *tcp_client = new uv_tcp_t; +// uv_connect_t *connect_req = new uv_connect_t; +// uv_tcp_init(loop, tcp_client); + +// struct sockaddr_in dest; +// uv_ip4_addr("127.0.0.1", server_port, &dest); + +// int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); +// if (uv_status < 0) { +// return; +// } +// uv_run(loop, UV_RUN_DEFAULT); + +// uv_os_fd_t uv_fd; +// uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); + +// uv_poll_t *poll_handle = new uv_poll_t; +// poll_handle->data = tcp_client; +// uv_loop_t *loop = uv_default_loop(); +// uv_poll_init(loop, poll_handle, uv_fd); +// uv_poll_start(poll_handle, UV_READABLE, on_tcp_event); + +// uv_run(loop, UV_RUN_NOWAIT); +// // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 + +// char buffer[1024]; +// while (true) { +// memset(buffer, 0, sizeof(buffer)); +// char *txbuf = fgets(buffer, sizeof(buffer), stdin); + +// if (txbuf == NULL) { +// break; +// } +// if (txbuf[0] == '\n') { +// break; +// } +// if ((write(uv_fd, txbuf, strlen(txbuf)) <= 0)) { +// std::cout << "server closed connection" << std::endl; +// break; +// } +// uv_run(loop, UV_RUN_NOWAIT); +// } +// std::cout << "client exiting ..." << std::endl; + +// uv_close((uv_handle_t *)tcp_client, NULL); +// } + +void runClient() +{ + uv_loop_t *loop = uv_default_loop(); + uv_tcp_t *tcp_client = new uv_tcp_t; + uv_connect_t *connect_req = new uv_connect_t; + uv_tcp_init(loop, tcp_client); + + struct sockaddr_in dest; + uv_ip4_addr("127.0.0.1", server_port, &dest); + + int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); + if (uv_status < 0) { + return; + } + uv_run(loop, UV_RUN_DEFAULT); + uv_os_fd_t uv_fd; + + uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); + SSL *ssl = SSL_new(ctx); + SSL_set_fd(ssl, uv_fd); + + ssl_handshake_t *hs = new ssl_handshake_t; + hs->ssl = ssl; + uv_poll_init(loop, &hs->poll, uv_fd); + hs->poll.data = hs; + + on_ssl_handshake(&hs->poll, 0, UV_WRITABLE); + uv_run(loop, UV_RUN_DEFAULT); + + if (SSL_is_init_finished(ssl)) { + std::cout << "handshake success" << std::endl; + std::cout << "Cipher: " << SSL_get_cipher_name(ssl) << std::endl; + + int fd = SSL_get_fd(ssl); + uv_poll_t *poll_handle = new uv_poll_t; + poll_handle->data = ssl; + uv_loop_t *loop = uv_default_loop(); + uv_poll_init(loop, poll_handle, fd); + uv_poll_start(poll_handle, UV_READABLE, on_ssl_event); + + uv_run(loop, UV_RUN_NOWAIT); + // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 + + char buffer[1024]; + while (true) { + memset(buffer, 0, sizeof(buffer)); + char *txbuf = fgets(buffer, sizeof(buffer), stdin); + + if (txbuf == NULL) { + break; + } + if (txbuf[0] == '\n') { + break; + } + if ((SSL_write(ssl, txbuf, strlen(txbuf)) <= 0)) { + std::cout << "server closed connection" << std::endl; + ERR_print_errors_fp(stderr); + break; + } + uv_run(loop, UV_RUN_NOWAIT); + } + std::cout << "client exiting ..." << std::endl; + } else { + std::cout << "SSL connection to server failed" << std::endl; + ERR_print_errors_fp(stderr); + } + SSL_free(ssl); +} + +static void on_tcp_connected(uv_connect_t *req, int status) +{ + if (status < 0) { + std::cout << "tcp connect error" << uv_strerror(status) <isServer = isServer; + this->InitSSL(); + strncpy(this->psk_key, inputKey.c_str(), 8); +} + +HdcPsk::HdcPsk(bool isServer) +{ + this->isServer = isServer; + this->InitSSL(); +} + + + +HdcPsk::~HdcPsk() +{ + SSL_CTX_free(ctx); +} + +void HdcPsk::run() +{ + if (isServer) { + runServer(); + } else { + runClient(); + } +} + + + +void HdcPsk::InitSSL() +{ + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + ctx = CreateContext(); + // if (ctx == nullptr) { + // // WRITE_LOG(LOG_FATAL, "create context failed"); + // return; + // } + ConfigureContext(); +} + + +// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) +// { + // RSA *rsa = nullptr; + // EVP_PKEY *evp = nullptr; + // string prikeyFileName; + // bool signResult = false; + + // if (!GetUserKeyPath(prikeyFileName)) { + // WRITE_LOG(LOG_FATAL, "get key path failed"); + // return false; + // } + // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { + // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); + // return false; + // } + // if (type == AuthVerifyType::RSA_3072_SHA512) { + // signResult = RsaSign(buf, evp); + // } else { + // signResult = RsaEncrypt(buf, rsa); + // } + // if (rsa != nullptr) { + // RSA_free(rsa); + // } + // if (evp != nullptr) { + // EVP_PKEY_free(evp); + // } +// } + +void HdcPsk::ConfigureContext() +{ + SSL_CTX_set_ex_data(ctx, 0, this); + if (this->isServer) { + SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); + } else { + SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); + } + SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); +} + +// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) +// { +// std::vector encryptPwd; +// Hdc::HdcPassword pwd(); + +// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { +// return nullptr; +// } +// if (!pwd.DecryptPwd(encryptPwd)) { +// return nullptr; +// } +// std::pair plainPwd = pwd.GetPassword(); +// if (plainPwd.first == nullptr) { +// return nullptr; +// } +// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; +// if (localPwd == nullptr) { +// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); +// return nullptr; +// } +// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); +// localPwd[plainPwd.second] = '\0'; +// return localPwd; +// } + + +unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + thisClass->psk_key[8] = '\0'; + std::cout<< "psk key is:" << thisClass->psk_key << std::endl; + // 动态加载 + // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); + if (strcmp(identity, STR_PSK_IDENTITY) != 0) { + return 0; + } + + unsigned char key_bin[32]; + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + std::cout<< "key_bin is:" << key_bin << std::endl; + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + std::cout << "PskServerCallback" << std::endl; + memcpy(psk, key_bin, keyLen); + return keyLen; +} + + +unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); + std::cout<< "psk key is:" << thisClass->psk_key << std::endl; + if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { + return 0; + } + strcpy(identity, STR_PSK_IDENTITY); + unsigned char key_bin[32]; + + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + std::cout<< "key_bin is:" << key_bin << std::endl; + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + std::cout << "PskClientCallback" << std::endl; + return keyLen; +} + + +void HdcPsk::HandShake() +{ + SSL_connect(ssl_cls); + int ret = SSL_connect(ssl); + if (ret == 1) { + WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); + } else { + int err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); + } else if (err == SSL_ERROR_WANT_WRITE) { + WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); + } else { + WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); + return; + } + } +} + +void HdcPsk::Event() +{ + int fd = SSL_get_fd(ssl_cls); + if (fd < 0) { + return; + } + char buf[4096]; + int ret = SSL_read(ssl_cls, buf, sizeof(buf)); + if (ret > 0) { + buf[ret] = '\0'; + } +} + +SSL_CTX* HdcPsk::CreateContext() +{ + const SSL_METHOD *method; + SSL_CTX *ctx_t; + if (this->isServer) { // TODO: 待重构子类,先按照样例实现 + method = TLS_server_method(); + } else { + method = TLS_client_method(); + } + ctx_t = SSL_CTX_new(method); + return ctx_t; +} + +int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) +{ + long len = 0; + unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); + if (!tmp || len > static_cast(outLen)) { + OPENSSL_free(tmp); + return -1; + } + memcpy(out, tmp, len); + OPENSSL_free(tmp); + return static_cast(len); +} + + + +int main(int argc, char **argv) { + bool isServer; + std::string inputKey; + if (argc < 2) { + std::cout << "Usage main s" << std::endl; + std::cout << " --or--" << std::endl; + std::cout << " main c ip" << std::endl; + std::cout << "c = client, s = server, ip = dotted ip of server" << std::endl; + exit(EXIT_FAILURE); + } + isServer = (argv[1][0] == 's'); + std::getline(std::cin, inputKey); + HdcPsk psk(isServer, inputKey); + // HdcPsk psk(isServer); + psk.run(); + return 0; +} \ No newline at end of file diff --git a/src/common/psk_original_change_1.cpp b/src/common/psk_original_change_1.cpp new file mode 100644 index 00000000..cd78069b --- /dev/null +++ b/src/common/psk_original_change_1.cpp @@ -0,0 +1,695 @@ +#include +#include +#include +#include +#include +#include +#include +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#else +#include +#endif +#include + +// #define STR_PSK_IDENTITY "psk_identity" +// #define STR_PSK_KEY "1a2b3c4d" + +#define server_port 21111 +class HdcPsk { + public: + HdcPsk(bool isServer, std::string& inputKey); + HdcPsk(bool isServer); + SSL_CTX* CreateContext(); + ~HdcPsk(); + void InitSSL(); + // bool EncryptPsk(string &buf, AuthVerifyType type); + // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); + static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); + static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen); + void HandShake(); + void Event(); + // void Dispatch(); + static int HexToBin(const char *hex, unsigned char *bin, int outLen); + + bool environmentSupportPsk = false; + void run(); + private: + static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; + constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; + bool serverRunning = true; + typedef struct { + uv_poll_t poll; + SSL *ssl; + BIO *write_bio; + BIO *read_bio; + } ssl_handshake_t; + + typedef struct { + uv_poll_t poll; + SSL *ssl; + uv_tcp_t *client; + int fd; + } ssl_uv_client_t; + void ConfigureContext(); + // char *clientPskIdentity; + // char *serverPskIdentity; + SSL_CTX *ctx; + // BIO *read_bio; + // BIO *write_bio; + SSL *ssl_cls; + char psk_key[8]; + + bool isServer; + // unsigned int maxIdentityLen; + +static int create_socket(bool isServer) +{ + int s; + int optval = 1; + struct sockaddr_in addr; + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) { + perror("socket"); + exit(EXIT_FAILURE); + } + if (isServer) { + addr.sin_family + = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + addr.sin_port = htons(server_port); + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + &optval, sizeof(optval)) < 0) { + perror("setsockopt(SO_REUSEADDR) failed"); + exit(EXIT_FAILURE); + } + if (bind(s, (struct sockaddr *)&addr, + sizeof(addr)) < 0) { + perror("bind"); + exit(EXIT_FAILURE); + } + if (listen(s, 5) < 0) { + perror("listen"); + exit(EXIT_FAILURE); + } + } +} + +static void on_ssl_handshake(uv_poll_t *handle, int status, int events) +{ + ssl_handshake_t *hs = static_cast(handle->data); + int ret = SSL_connect(hs->ssl); + if (ret == 1) { + std::cout << "SSL handshake success" << std::endl; + uv_poll_stop(&hs->poll); + } else { + int err = SSL_get_error(hs->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); + } else { + std::cout << "SSL handshake failed: " << err << std::endl; + ERR_print_errors_fp(stderr); + uv_poll_stop(&hs->poll); + } + } +} + +static void on_ssl_handshake_bio(uv_poll_t *handle, int status, int events) +{ + ssl_handshake_t *hs = static_cast(handle->data); + int ret = SSL_connect(hs->ssl); + handle->data = hs; + write_bio_to_socket(handle); + if (ret == 1) { + std::cout << "SSL handshake success" << std::endl; + uv_poll_stop(&hs->poll); + } else { + int err = SSL_get_error(hs->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); + } else { + std::cout << "SSL handshake failed: " << err << std::endl; + ERR_print_errors_fp(stderr); + uv_poll_stop(&hs->poll); + } + } +} + +static void write_bio_to_socket(uv_poll_t *handle) +{ + ssl_handshake_t *hs = static_cast(handle->data); + + char buf[16 * 4096]; + int len = BIO_read(hs->write_bio, buf, sizeof(buf)); + if (len > 0) { + uv_buf_t wbuf = uv_buf_init(buf, len); + uv_write_t *reqWrite = new uv_write_t(); + if (!reqWrite) { + std::cout << "uv_write_t allocation failed" << std::endl; + } + ssize_t n = uv_write(reqWrite, (uv_stream_t*)handle, &wbuf, 1, NULL); + if (n < 0) { + std::cout << "uv_write error: " << uv_strerror(n) << std::endl; + } + } else { + std::cout << "BIO_read error: " << uv_strerror(len) << std::endl; + } + + +} + +static void on_ssl_event(uv_poll_t *handle, int status, int events) +{ + if (status < 0) { + return; + } + SSL *ssl = static_cast(handle->data); + if (ssl == NULL) { + return; + } + int fd = SSL_get_fd(ssl); + if (fd < 0) { + return; + } + char buf[4096]; + if (events & UV_READABLE) { + int ret = SSL_read(ssl, buf, sizeof(buf)); + if (ret > 0) { + buf[ret] = '\0'; + std::cout << "Received: " << buf << std::endl; + } else { + int err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(handle, UV_WRITABLE, on_ssl_event); + } + } + + } +} + +static void on_new_connection(uv_stream_t *server_stream, int status) { + if (status < 0) { + std::cerr<<"newcon error"<loop; + uv_tcp_t *client = new uv_tcp_t; + uv_tcp_init(loop, client); + + // constexpr uint8_t GLOBAL_TIMEOUT = 30; + // uv_tcp_keepalive(client, 1, GLOBAL_TIMEOUT); + // int bufMaxSize = 511 * 1024 * 2; + // uv_recv_buffer_size((uv_handle_t *)client, &bufMaxSize); + // uv_send_buffer_size((uv_handle_t *)client, &bufMaxSize); + if (uv_accept(server_stream, (uv_stream_t *)client) == 0) { + uv_os_sock_t fdChildWorkTCP; + int childRet = uv_tcp_open(client, fdChildWorkTCP); + std::cout << "childRet: " << childRet << std::endl; + uv_os_fd_t client_fd; + uv_fileno((const uv_handle_t *)client, &client_fd); + SSL_CTX *ctx_tmp = (SSL_CTX *)server_stream->data; + if (!ctx_tmp) { + std::cout<ssl = ssl; + ssl_client->client = client; + ssl_client->fd = client_fd; + uv_poll_init(loop, &ssl_client->poll, client_fd); + ssl_client->poll.data = ssl_client; + on_ssl_server_event(&ssl_client->poll, 0, UV_READABLE); + } else { + std::cout << "accept error" << std::endl; + uv_close((uv_handle_t *)client, NULL); + } +} + +static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { + ssl_uv_client_t *ssl_client = static_cast(handle->data); + if (!SSL_is_init_finished(ssl_client->ssl)) { + int ret = SSL_accept(ssl_client->ssl); + if (ret == 1) { + std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; + uv_poll_start(handle, UV_READABLE, on_ssl_server_event); + } else { + int err = SSL_get_error(ssl_client->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(handle, UV_READABLE, on_ssl_server_event); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(handle, UV_WRITABLE, on_ssl_server_event); + } else { + uv_poll_stop(handle); + SSL_free(ssl_client->ssl); + uv_close((uv_handle_t *)ssl_client->client, NULL); + delete ssl_client; + } + } + return; + } + + if (events & UV_READABLE) { + char buf[4096]; + int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); + if (ret > 0) { + buf[ret] = '\0'; + std::cout << "read from client: " << buf; + SSL_write(ssl_client->ssl, buf, ret); + } else { + int err = SSL_get_error(ssl_client->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + + } else if (err == SSL_ERROR_WANT_WRITE) { + + } else { + std::cout<<"disconnected"<ssl); + uv_close((uv_handle_t *)ssl_client->client, NULL); + delete ssl_client; + } + } + } +} + +void runServer() +{ + uv_loop_t *loop = uv_default_loop(); + uv_tcp_t *server = new uv_tcp_t; + uv_tcp_init(loop, server); + + struct sockaddr_in addr; + uv_ip4_addr("0.0.0.0", server_port, &addr); + uv_tcp_bind(server, (const struct sockaddr *)&addr, 0); + server->data = ctx; + + int r = uv_listen((uv_stream_t *)server, 128, on_new_connection); + if (r) { + std::cerr << "Listen error" << uv_strerror(r) << std::endl; + return; + } + std::cout << "server listen...." << std::endl; + while (serverRunning) { + std::cout << "uv_run" << std::endl; + uv_run(loop, UV_RUN_ONCE); + } + uv_stop(loop); + std::cout << "server exiting...." << std::endl; + +} + +// void runRawClient() +// { +// uv_loop_t *loop = uv_default_loop(); +// uv_tcp_t *tcp_client = new uv_tcp_t; +// uv_connect_t *connect_req = new uv_connect_t; +// uv_tcp_init(loop, tcp_client); + +// struct sockaddr_in dest; +// uv_ip4_addr("127.0.0.1", server_port, &dest); + +// int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); +// if (uv_status < 0) { +// return; +// } +// uv_run(loop, UV_RUN_DEFAULT); + +// uv_os_fd_t uv_fd; +// uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); + +// uv_poll_t *poll_handle = new uv_poll_t; +// poll_handle->data = tcp_client; +// uv_loop_t *loop = uv_default_loop(); +// uv_poll_init(loop, poll_handle, uv_fd); +// uv_poll_start(poll_handle, UV_READABLE, on_tcp_event); + +// uv_run(loop, UV_RUN_NOWAIT); +// // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 + +// char buffer[1024]; +// while (true) { +// memset(buffer, 0, sizeof(buffer)); +// char *txbuf = fgets(buffer, sizeof(buffer), stdin); + +// if (txbuf == NULL) { +// break; +// } +// if (txbuf[0] == '\n') { +// break; +// } +// if ((write(uv_fd, txbuf, strlen(txbuf)) <= 0)) { +// std::cout << "server closed connection" << std::endl; +// break; +// } +// uv_run(loop, UV_RUN_NOWAIT); +// } +// std::cout << "client exiting ..." << std::endl; + +// uv_close((uv_handle_t *)tcp_client, NULL); +// } + +void runClient() +{ + uv_loop_t *loop = uv_default_loop(); + uv_tcp_t *tcp_client = new uv_tcp_t; + uv_connect_t *connect_req = new uv_connect_t; + uv_tcp_init(loop, tcp_client); + + struct sockaddr_in dest; + uv_ip4_addr("127.0.0.1", server_port, &dest); + + int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); + if (uv_status < 0) { + return; + } + uv_run(loop, UV_RUN_DEFAULT); + uv_os_fd_t uv_fd; + + uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); + SSL *ssl = SSL_new(ctx); + SSL_set_fd(ssl, uv_fd); + + ssl_handshake_t *hs = new ssl_handshake_t; + hs->ssl = ssl; + uv_poll_init(loop, &hs->poll, uv_fd); + hs->poll.data = hs; + + on_ssl_handshake(&hs->poll, 0, UV_WRITABLE); + uv_run(loop, UV_RUN_DEFAULT); + + if (SSL_is_init_finished(ssl)) { + std::cout << "handshake success" << std::endl; + std::cout << "Cipher: " << SSL_get_cipher_name(ssl) << std::endl; + + int fd = SSL_get_fd(ssl); + uv_poll_t *poll_handle = new uv_poll_t; + poll_handle->data = ssl; + uv_loop_t *loop = uv_default_loop(); + uv_poll_init(loop, poll_handle, fd); + uv_poll_start(poll_handle, UV_READABLE, on_ssl_event); + + uv_run(loop, UV_RUN_NOWAIT); + // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 + + char buffer[1024]; + while (true) { + memset(buffer, 0, sizeof(buffer)); + char *txbuf = fgets(buffer, sizeof(buffer), stdin); + + if (txbuf == NULL) { + break; + } + if (txbuf[0] == '\n') { + break; + } + if ((SSL_write(ssl, txbuf, strlen(txbuf)) <= 0)) { + std::cout << "server closed connection" << std::endl; + ERR_print_errors_fp(stderr); + break; + } + uv_run(loop, UV_RUN_NOWAIT); + } + std::cout << "client exiting ..." << std::endl; + } else { + std::cout << "SSL connection to server failed" << std::endl; + ERR_print_errors_fp(stderr); + } + SSL_free(ssl); +} + +static void on_tcp_connected(uv_connect_t *req, int status) +{ + if (status < 0) { + std::cout << "tcp connect error" << uv_strerror(status) <isServer = isServer; + this->InitSSL(); + strncpy(this->psk_key, inputKey.c_str(), 8); +} + +HdcPsk::HdcPsk(bool isServer) +{ + this->isServer = isServer; + this->InitSSL(); +} + + + +HdcPsk::~HdcPsk() +{ + SSL_CTX_free(ctx); +} + +void HdcPsk::run() +{ + if (isServer) { + runServer(); + } else { + runClient(); + } +} + + + +void HdcPsk::InitSSL() +{ + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + ctx = CreateContext(); + // if (ctx == nullptr) { + // // WRITE_LOG(LOG_FATAL, "create context failed"); + // return; + // } + ConfigureContext(); +} + + +// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) +// { + // RSA *rsa = nullptr; + // EVP_PKEY *evp = nullptr; + // string prikeyFileName; + // bool signResult = false; + + // if (!GetUserKeyPath(prikeyFileName)) { + // WRITE_LOG(LOG_FATAL, "get key path failed"); + // return false; + // } + // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { + // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); + // return false; + // } + // if (type == AuthVerifyType::RSA_3072_SHA512) { + // signResult = RsaSign(buf, evp); + // } else { + // signResult = RsaEncrypt(buf, rsa); + // } + // if (rsa != nullptr) { + // RSA_free(rsa); + // } + // if (evp != nullptr) { + // EVP_PKEY_free(evp); + // } +// } + +void HdcPsk::ConfigureContext() +{ + SSL_CTX_set_ex_data(ctx, 0, this); + if (this->isServer) { + SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); + } else { + SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); + } + SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); +} + +// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) +// { +// std::vector encryptPwd; +// Hdc::HdcPassword pwd(); + +// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { +// return nullptr; +// } +// if (!pwd.DecryptPwd(encryptPwd)) { +// return nullptr; +// } +// std::pair plainPwd = pwd.GetPassword(); +// if (plainPwd.first == nullptr) { +// return nullptr; +// } +// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; +// if (localPwd == nullptr) { +// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); +// return nullptr; +// } +// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); +// localPwd[plainPwd.second] = '\0'; +// return localPwd; +// } + + +unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + thisClass->psk_key[8] = '\0'; + std::cout<< "psk key is:" << thisClass->psk_key << std::endl; + // 动态加载 + // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); + if (strcmp(identity, STR_PSK_IDENTITY) != 0) { + return 0; + } + + unsigned char key_bin[32]; + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + std::cout<< "key_bin is:" << key_bin << std::endl; + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + std::cout << "PskServerCallback" << std::endl; + memcpy(psk, key_bin, keyLen); + return keyLen; +} + + +unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); + std::cout<< "psk key is:" << thisClass->psk_key << std::endl; + if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { + return 0; + } + strcpy(identity, STR_PSK_IDENTITY); + unsigned char key_bin[32]; + + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); + std::cout<< "key_bin is:" << key_bin << std::endl; + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + std::cout << "PskClientCallback" << std::endl; + return keyLen; +} + + +void HdcPsk::HandShake() +{ + SSL_connect(ssl_cls); + // int ret = SSL_connect(ssl); + // if (ret == 1) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); + // } else { + // int err = SSL_get_error(ssl, ret); + // if (err == SSL_ERROR_WANT_READ) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); + // } else if (err == SSL_ERROR_WANT_WRITE) { + // WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); + // } else { + // WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); + // return; + // } + // } +} + +void HdcPsk::Event() +{ + int fd = SSL_get_fd(ssl_cls); + if (fd < 0) { + return; + } + char buf[4096]; + int ret = SSL_read(ssl_cls, buf, sizeof(buf)); + if (ret > 0) { + buf[ret] = '\0'; + } +} + +SSL_CTX* HdcPsk::CreateContext() +{ + const SSL_METHOD *method; + SSL_CTX *ctx_t; + if (this->isServer) { // TODO: 待重构子类,先按照样例实现 + method = TLS_server_method(); + } else { + method = TLS_client_method(); + } + ctx_t = SSL_CTX_new(method); + return ctx_t; +} + +int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) +{ + long len = 0; + unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); + if (!tmp || len > static_cast(outLen)) { + OPENSSL_free(tmp); + return -1; + } + memcpy(out, tmp, len); + OPENSSL_free(tmp); + return static_cast(len); +} + + + +int main(int argc, char **argv) { + bool isServer; + bool isBIO; + std::string inputKey; + if (argc < 2) { + std::cout << "Usage main s" << std::endl; + std::cout << " --or--" << std::endl; + std::cout << " main c ip" << std::endl; + std::cout << "c = client, s = server, ip = dotted ip of server" << std::endl; + exit(EXIT_FAILURE); + } + isServer = (argv[1][0] == 's'); + isBIO = (argv[1][0] == 'b'); + + std::getline(std::cin, inputKey); + HdcPsk psk(isServer, inputKey); + // HdcPsk psk(isServer); + psk.run(); + return 0; +} + +/** + * + * L0 用例1 + * data输入加密接口, + * 从解密接口输出data + * 校验data一致 + * + **/ diff --git a/src/common/session.cpp b/src/common/session.cpp index f4e6b4b4..94dc94f4 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -616,6 +616,10 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) delete[] hSession->ioBuf; hSession->ioBuf = nullptr; } + if (hSession->bioBuf) { + delete[] hSession->bioBuf; + hSession->bioBuf = nullptr; + } Base::TryCloseHandle((uv_handle_t *)hSession->pollHandle[STREAM_MAIN], true, closeSessionTCPHandle); Base::TryCloseHandle((uv_handle_t *)&hSession->dataPipe[STREAM_MAIN], true, closeSessionTCPHandle); FreeSessionByConnectType(hSession); @@ -627,6 +631,12 @@ void HdcSessionBase::FreeSessionOpeate(uv_timer_t *handle) { StartTraceScope("HdcSessionBase::FreeSessionOpeate"); HSession hSession = (HSession)handle->data; + if (hSession->connType == CONN_TCP) { + SSL_shutdown(hSession->ssl); + SSL_free(hSession->ssl); + SSL_CTX_free(hSession->sslContext); + WRITE_LOG(LOG_DEBUG, "goodbye"); + } #ifdef HDC_HOST if (hSession->hUSB != nullptr && (!hSession->hUSB->hostBulkIn.isShutdown || !hSession->hUSB->hostBulkOut.isShutdown)) { @@ -812,6 +822,8 @@ HTaskInfo HdcSessionBase::AdminTask(const uint8_t op, HSession hSession, const u int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo) { StartTraceScope("HdcSessionBase::SendByProtocol"); + WRITE_LOG(LOG_DEBUG, "SendByProtocol buf:%s bufLen:%u", + Base::toHex(reinterpret_cast(bufPtr), bufLen).c_str(), bufLen); if (hSession->isDead) { delete[] bufPtr; WRITE_LOG(LOG_WARN, "SendByProtocol session dead error"); @@ -821,6 +833,12 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int switch (hSession->connType) { case CONN_TCP: { HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); + // int hs_cnt = 0; + if (hSession->handshakeOK && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { + int retSLL = SSL_write(hSession->ssl, bufPtr, bufLen); + int retBIO = BIO_read(hSession->writeBIO, bufPtr, bufLen); + WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,return SSL:%d,BIO:%d", retSLL, retBIO); + } if (echo && !hSession->serverOrDaemon) { ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); } else { @@ -942,8 +960,19 @@ int HdcSessionBase::DecryptPayload(HSession hSession, PayloadHead *payloadHeadBe return RET_SUCCESS; } + +// std::string toHex(const uint8_t* data, size_t size) { +// std::stringstream ss; +// ss << std::hex << std::setfill('0'); +// for (size_t i = 0; i < size; ++i) { +// ss << std::setw(2) << static_cast(data[i]); +// } +// return ss.str(); +// } + int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) { + WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, bufLen).c_str(), bufLen); int ret = ERR_GENERIC; StartTraceScope("HdcSessionBase::OnRead"); if (memcmp(bufPtr, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { @@ -973,6 +1002,151 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) return ret; } + + +unsigned int HdcSessionBase::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // thisClass->psk_key[8] = '\0'; + // 动态加载 + // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); + if (strcmp(identity, "Client_identity") != 0) { + return 0; + } + + unsigned char key_bin[32]; + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + return keyLen; +} + +unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); + if (sizeof("Client_identity") >= maxIdentityLen) { + return 0; + } + strcpy(identity, "Client_identity"); + unsigned char key_bin[32]; + + // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); + int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); + if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + return 0; + } + memcpy(psk, key_bin, keyLen); + return keyLen; +} + +int HdcSessionBase::FetchSSLIOBuf(HSession hSession, uint8_t *ioBuf, int read) +{ + WRITE_LOG(LOG_DEBUG, "hdc tester SSL FetchSSLIOBuf"); + HdcSessionBase *ptrConnect = (HdcSessionBase *)hSession->classInstance; + int indexBuf = 0; + int childRet = 0; + StartTraceScope("HdcSessionBase::FetchIOBuf"); + if (read < 0) { + constexpr int bufSize = 1024; + char buf[bufSize] = { 0 }; + uv_strerror_r(read, buf, bufSize); + WRITE_LOG(LOG_FATAL, "FetchIOBuf read io failed,%s", buf); + return ERR_IO_FAIL; + } + if (hSession->heartbeat.GetSupportHeartbeat() && !hSession->heartbeat.HandleMessageCount()) { + WRITE_LOG(LOG_FATAL, "Rehandshake is required because no heartbeat message is received for a long time"); + FreeSession(hSession->sessionId); + return ERR_IO_FAIL; + } + hSession->stat.dataRecvBytes += read; + hSession->availTailIndex += read; + SSL *ssl = hSession->ssl; + while (!hSession->isDead && hSession->availTailIndex > static_cast(sizeof(PayloadHead))) { + + // HdcPsk::OnClientEvent(hSession, ioBuf, read); + WRITE_LOG(LOG_DEBUG, "hdc tester SSL check SSL_is_init_finished"); + if (ssl != nullptr) { + WRITE_LOG(LOG_DEBUG, "SSl accept check begin"); + BIO_read(hSession->writeBIO, ioBuf, read); + if ( !SSL_is_init_finished(ssl) ) { + int ret_hs = SSL_do_handshake(ssl); + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret %d", ret_hs); + if (ret_hs < 0) { + childRet = ptrConnect->OnRead(hSession, ioBuf + indexBuf, hSession->availTailIndex); + } else { + uint8_t bioData[4096]; + int bioLen = SSL_read(ssl, bioData, sizeof(bioData)); + if (bioLen > 0) { + childRet = ptrConnect->OnRead(hSession, bioData + indexBuf, hSession->availTailIndex); + } + } + } else { + uint8_t bioData[4096]; + int bioLen = SSL_read(ssl, bioData, sizeof(bioData)); + if (bioLen > 0) { + childRet = ptrConnect->OnRead(hSession, bioData + indexBuf, hSession->availTailIndex); + } + } + + // if (!SSL_is_init_finished(ssl)) { + // if (hSession->serverOrDaemon) { + // // is hdc server also ssl client, only connect + // int ret = SSL_connect(ssl); + // WRITE_LOG(LOG_DEBUG, "SSL_connect ret %d", ret); + // } else { + // // is hdc daemon also ssl server, only accept + // int ret = SSL_accept(ssl); + // WRITE_LOG(LOG_DEBUG, "SSL_accept ret %d", ret); + // } + // } else { + // WRITE_LOG(LOG_DEBUG, "SSL_read"); + // int ret = SSL_read(ssl, ioBuf + indexBuf, read); + // // int ret = SSL_read(ssl, ioBuf, read); + // WRITE_LOG(LOG_DEBUG, "SSL_read ret:%d", ret); + // if (ret > 0) { + // WRITE_LOG(LOG_DEBUG, "SSL_read ret:%d, %s", ret, ioBuf); + // } else { + // int err = SSL_get_error(ssl, ret); + // WRITE_LOG(LOG_FATAL, "SSL_read error:%d, %s", err, ioBuf); + // break; + // } + // } + } else { + childRet = ptrConnect->OnRead(hSession, ioBuf + indexBuf, hSession->availTailIndex); + } + + if (childRet > 0) { + hSession->availTailIndex -= childRet; + indexBuf += childRet; + } else if (childRet == 0) { + // Not enough a IO + break; + } else { // <0 + WRITE_LOG(LOG_FATAL, "FetchIOBuf error childRet:%d sessionId:%u", childRet, hSession->sessionId); + hSession->availTailIndex = 0; // Preventing malicious data packages + indexBuf = ERR_BUF_SIZE; + break; + } + // It may be multi-time IO to merge in a BUF, need to loop processing + } + if (indexBuf > 0 && hSession->availTailIndex > 0) { + if (memmove_s(hSession->ioBuf, hSession->bufSize, hSession->ioBuf + indexBuf, hSession->availTailIndex) + != EOK) { + return ERR_BUF_COPY; + }; + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf + hSession->availTailIndex); + Base::ZeroBuf(bufToZero, hSession->bufSize - hSession->availTailIndex); + } + return indexBuf; +} + // Returns <0 error;> 0 receives the number of bytes; 0 untreated int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) { @@ -1021,8 +1195,10 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) return indexBuf; } +// HSession->ioBuf是读到的buffer存放首地址指针。 void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) { + WRITE_LOG(LOG_DEBUG, "before uv time--3, sizeWanted:%u", sizeWanted); HSession context = (HSession)handle->data; Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); buf->base = (char *)context->ioBuf + context->availTailIndex; @@ -1030,6 +1206,26 @@ void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_bu buf->len = std::min(size, static_cast(sizeWanted)); } +void HdcSessionBase::AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) +{ + WRITE_LOG(LOG_DEBUG, "before uv time--5, sizeWanted:%u", sizeWanted); + HSession context = (HSession)handle->data; + Base::ReallocBuf(&context->bioBuf, &context->bufSize, sizeWanted); + Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); + buf->base = (char *)context->bioBuf; + // int size = context->bufSize - context->availTailIndex; + // buf->len = std::min(size, static_cast(sizeWanted)); + buf->len = sizeWanted; +} + +void HdcSessionBase::AllocBeforeRead(HSession& context, uv_buf_t *buf) +{ + Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); + buf->base = (char *)context->ioBuf + context->availTailIndex; + int size = context->bufSize - context->availTailIndex; + buf->len = size; +} + void HdcSessionBase::FinishWriteSessionTCP(uv_write_t *req, int status) { HSession hSession = (HSession)req->handle->data; @@ -1121,11 +1317,240 @@ void HdcSessionBase::WorkThreadInitSession(HSession hSession, SessionHandShake & hSessionBase->SetHeartbeatFeature(handshake); } +// void HdcSessionBase::OnSSLReadEvent(uv_poll_t *poll, int status, int events) +// { +// WRITE_LOG(LOG_INFO, "OnSSLReadEvent"); +// HSession hSession = (HSession)poll->data; +// if (!SSL_is_init_finished(hSession->ssl)) { +// return; +// } +// HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; + +// char rawBuf[16384]; +// uv_buf_t buf = uv_buf_init(static_cast(rawBuf), sizeof(rawBuf)); +// // while(true) { +// if (events & UV_READABLE) { +// WRITE_LOG(LOG_DEBUG, "OnSSLReadEvent read memset"); +// memset(rawBuf, 0, sizeof(rawBuf)); +// AllocBeforeRead(hSession, &buf); +// int ret = SSL_read(hSession->ssl, buf.base, buf.len); +// if (ret > 0) { +// WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf.base), ret).c_str()); +// pTCPBase->ReadStreamFromSSL(hSession, ret, &buf); +// } else { +// int err = SSL_get_error(hSession->ssl, ret); +// WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); +// uv_sleep(100); +// } +// } +// // } +// } + +// void HdcSessionBase::StartSSLPoll(HSession hSession) { +// WRITE_LOG(LOG_DEBUG, "before uv time--5"); +// uv_loop_t* loop = uv_default_loop(); +// uv_poll_t* poll_handle = (uv_poll_t*)malloc(sizeof(uv_poll_t)); +// poll_handle->data = hSession; + +// int fd = SSL_get_fd(hSession->ssl); +// int result = uv_poll_init(loop, poll_handle, fd); +// if (result != 0) { +// fprintf(stderr, "uv_poll_init error: %s\n", uv_strerror(result)); +// free(poll_handle); +// return; +// } + +// result = uv_poll_start(poll_handle, UV_READABLE, OnSSLReadEvent); +// if (result != 0) { +// fprintf(stderr, "uv_poll_start error: %s\n", uv_strerror(result)); +// free(poll_handle); +// return; +// } +// } + +void HdcSessionBase::on_ssl_handshake(uv_poll_t *handle, int status, int events) +{ + HSession hs = (HSession)(handle->data); + int ret = SSL_connect(hs->ssl); + if (ret == 1) { + WRITE_LOG(LOG_DEBUG, "SSL handshake success"); + uv_poll_stop(hs->pollHandle[STREAM_WORK]); + } else { + int err = SSL_get_error(hs->ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + uv_poll_start(hs->pollHandle[STREAM_WORK], UV_READABLE, HdcSessionBase::on_ssl_handshake); + } else if (err == SSL_ERROR_WANT_WRITE) { + uv_poll_start(hs->pollHandle[STREAM_WORK], UV_WRITABLE, HdcSessionBase::on_ssl_handshake); + } else { + WRITE_LOG(LOG_DEBUG, "SSL handshake failed"); + uv_poll_stop(hs->pollHandle[STREAM_WORK]); + } + } +} + +// TODO: Init Failed return false +// TODO: put it into a class, not only a function.(~class will auto SSL_free,which is convient.) +void HdcSessionBase::InitSSL(HSession& hSession) +{ + + // if (hSession->ssl == nullptr) { + WRITE_LOG(LOG_DEBUG, "handshakeOK"); + #if OPENSSL_VERSION_NUMBER >= 0x10100003L + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) + { + WRITE_LOG(LOG_FATAL, "OPENSSL_init_ssl"); + } + ERR_clear_error(); + +#else + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); +#endif + if (hSession->serverOrDaemon) { + // server only connect to , is ssl client + + const SSL_METHOD *method; + WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); + method = TLS_client_method(); + WRITE_LOG(LOG_DEBUG, "TLS_client_method"); + hSession->sslContext = SSL_CTX_new(method); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcSessionBase::PskClientCallback); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); + hSession->sslContext = hSession->sslContext; + + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + + WRITE_LOG(LOG_DEBUG, "ctx = ctx"); + hSession->ssl = SSL_new(hSession->sslContext); + + SSL_set_connect_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + + // WRITE_LOG(LOG_DEBUG, "SSL_new"); + // HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; + // pTCPBase->SSLHandshake((uv_stream_t *)&hSession->hChildWorkTCP); + + // uv_os_fd_t client_fd; + // uv_fileno(reinterpret_cast(&hSession->hChildWorkTCP), &client_fd); +// #ifdef _WIN32 +// int fd = (uv_os_sock_t)client_fd; +// #else +// int fd = reinterpret_cast(client_fd); +// #endif + // SSL_set_fd(hSession->ssl, hSession->fdChildWorkTCP); + + // while(!SSL_is_init_finished(hSession->ssl)) { + // int ret= SSL_connect(hSession->ssl); + // if (ret != 1) { + // int err = SSL_get_error(hSession->ssl, ret); + // WRITE_LOG(LOG_DEBUG, "SSL connect %d,errno %d", ret, err); + // uv_sleep(100); + // } + // } + // WRITE_LOG(LOG_DEBUG, "SSL_connect!!!"); + // pollHandle->data = hSession; + // uv_poll_init(pollHandle->loop, pollHandle, hSession->fdChildWorkTCP); + // WRITE_LOG(LOG_DEBUG, "before uv time--1"); + // uv_poll_start(pollHandle, UV_READABLE, OnSSLReadEvent); + } else { + + const SSL_METHOD *method; + WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); + method = TLS_server_method(); + WRITE_LOG(LOG_DEBUG, "TLS_server_method"); + hSession->sslContext = SSL_CTX_new(method); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcSessionBase::PskServerCallback); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); + hSession->sslContext = hSession->sslContext; + + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + + WRITE_LOG(LOG_DEBUG, "ctx = ctx"); + hSession->ssl = SSL_new(hSession->sslContext); + WRITE_LOG(LOG_DEBUG, "SSL_new"); + + SSL_set_accept_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + // uv_os_fd_t client_fd; + // uv_fileno(reinterpret_cast(&hSession->hChildWorkTCP), &client_fd); + // SSL_set_fd(hSession->ssl, hSession->fdChildWorkTCP); + + // WRITE_LOG(LOG_DEBUG, "SSL_set_fd"); + + // while(!SSL_is_init_finished(hSession->ssl)) { + // int ret = SSL_accept(hSession->ssl); + // if(ret != 1) { + // int err = SSL_get_error(hSession->ssl, ret); + // WRITE_LOG(LOG_DEBUG, "SSL_accept %d,errno:%d", ret, err); + // uv_sleep(100); + // } + // } + // WRITE_LOG(LOG_DEBUG, "SSL_accept!!!"); + + + + +// #ifdef _WIN32 +// int fd = (uv_os_sock_t)client_fd; +// #else +// int fd = reinterpret_cast(client_fd); +// #endif + // pollHandle->data = hSession; + + // uv_poll_init(pollHandle->loop, pollHandle, hSession->fdChildWorkTCP); + + // char rawBuf[16384]; + // uv_buf_t buf = uv_buf_init(static_cast(rawBuf), sizeof(rawBuf)); + // // while(true) { + // AllocBeforeRead(hSession, &buf); + // int ret = SSL_read(hSession->ssl, buf.base, buf.len); + // if (ret > 0) { + // WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf.base), ret).c_str()); + // pTCPBase->ReadStreamFromSSL(hSession, ret, &buf); + // } else { + // int err = SSL_get_error(hSession->ssl, ret); + // WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); + // } + // } + + // int ret = SSL_read(hSession->ssl, buf, sizeof(buf)); + // if (ret > 0) { + // WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf), ret).c_str()); + + // pTCPBase->ReadStreamFromSSL(hSession, ret, reinterpret_cast(buf)); + // } else { + // int err = SSL_get_error(hSession->ssl, ret); + // WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); + // } + // WRITE_LOG(LOG_DEBUG, "before uv time--1"); + // uv_poll_start(pollHandle, UV_READABLE, OnSSLReadEvent); + } + + // poll_handle->data = hSession; + // StartSSLPoll(hSession); + + // uv_run(loop, UV_RUN_DEFAULT); + // HdcTCPBase::SSLHandshake(); +} + +/// @brief +/// @param hSession +/// @return bool HdcSessionBase::WorkThreadStartSession(HSession hSession) { bool regOK = false; int childRet = 0; if (hSession->connType == CONN_TCP) { + // 建立通道 HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; hSession->hChildWorkTCP.data = hSession; if (uv_tcp_init(&hSession->childLoop, &hSession->hChildWorkTCP) < 0) { @@ -1142,7 +1567,13 @@ bool HdcSessionBase::WorkThreadStartSession(HSession hSession) return false; } Base::SetTcpOptions((uv_tcp_t *)&hSession->hChildWorkTCP); - uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStream); + // uv_poll_t *pollHandle = hSession->pollHandle[STREAM_WORK]; + WRITE_LOG(LOG_DEBUG, "check hs = %d", hSession->handshakeOK); + // InitSSL(hSession); + // pTCPBase->SSLHandshake((uv_stream_t *)&hSession->hChildWorkTCP); + uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamAutoBIO); + // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStream); + // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamFromSSL); regOK = true; #ifdef HDC_SUPPORT_UART } else if (hSession->connType == CONN_SERIAL) { // UART @@ -1260,6 +1691,7 @@ bool HdcSessionBase::DispatchMainThreadCommand(HSession hSession, const CtrlStru void HdcSessionBase::ReadCtrlFromMain(uv_poll_t *poll, int status, int events) { HSession hSession = (HSession)poll->data; + // hSession->pollMain = poll; CALLSTAT_GUARD(hSession->childLoopStatus, poll->loop, "HdcSessionBase::ReadCtrlFromMain"); HdcSessionBase *hSessionBase = (HdcSessionBase *)hSession->classInstance; int formatCommandSize = sizeof(CtrlStruct); @@ -1267,6 +1699,8 @@ void HdcSessionBase::ReadCtrlFromMain(uv_poll_t *poll, int status, int events) const int size = Base::GetMaxBufSizeStable(); char *buf = reinterpret_cast(new uint8_t[size]()); ssize_t nread = Base::ReadFromFd(hSession->ctrlFd[STREAM_WORK], buf, size); + // 此处接收主进程的ctrl控制字,非dataFd + WRITE_LOG(LOG_DEBUG, "ReadCtrlFromMain nread=%d, buf=%s", nread, Base::toHex(reinterpret_cast(buf), nread).c_str()); while (true) { if (nread < 0) { constexpr int bufSize = 1024; @@ -1375,6 +1809,7 @@ void HdcSessionBase::SessionWorkThread(uv_work_t *arg) _exit(0); } uv_poll_start(pollHandle, UV_READABLE, ReadCtrlFromMain); + // 这里通过回调设置后面uv_run 需要跑的任务,READABLE // start heartbeat rimer HdcSessionBase *hSessionBase = (HdcSessionBase *)hSession->classInstance; hSessionBase->StartHeartbeatWork(hSession); @@ -1521,6 +1956,7 @@ void HdcSessionBase::ParsePeerSupportFeatures(HSession &hSession, std::mapsessionId); Base::SplitString(tlvMap[TAG_SUPPORT_FEATURE], ",", features); hSession->heartbeat.SetSupportHeartbeat(Base::IsSupportFeature(features, FEATURE_HEARTBEAT)); + hSession->psk.SetSupportPsk(Base::IsSupportFeature(features, FEATURE_PSK)); } } } // namespace Hdc diff --git a/src/common/session.h b/src/common/session.h index 3e0f898a..254a8580 100755 --- a/src/common/session.h +++ b/src/common/session.h @@ -85,7 +85,13 @@ public: void ReMainLoopForInstanceClear(); // server, Two parameters in front of call can be empty void LogMsg(const uint32_t sessionId, const uint32_t channelId, MessageLevel level, const char *msg, ...); + static void AllocBeforeRead(HSession& context, uv_buf_t *buf); + static void OnSSLReadEvent(uv_poll_t *poll, int status, int events); + static void StartSSLPoll(HSession hSession); + static void on_ssl_handshake(uv_poll_t *handle, int status, int events); static void AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); + static void AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); + static void InitSSL(HSession& hSession); static void MainAsyncCallback(uv_async_t *handle); static void FinishWriteSessionTCP(uv_write_t *req, int status); static void SessionWorkThread(uv_work_t *arg); @@ -103,6 +109,10 @@ public: int SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo = false); virtual HSession AdminSession(const uint8_t op, const uint32_t sessionId, HSession hInput); virtual int FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read); + virtual int FetchSSLIOBuf(HSession hSession, uint8_t *ioBuf, int read); + static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); + static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen); virtual void PushAsyncMessage(const uint32_t sessionId, const uint8_t method, const void *data, const int dataSize); HTaskInfo AdminTask(const uint8_t op, HSession hSession, const uint32_t channelId, HTaskInfo hInput); bool DispatchTaskData(HSession hSession, const uint32_t channelId, const uint16_t command, uint8_t *payload, diff --git a/src/common/ssl_tcp.cpp b/src/common/ssl_tcp.cpp new file mode 100644 index 00000000..945c0929 --- /dev/null +++ b/src/common/ssl_tcp.cpp @@ -0,0 +1,18 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ssl_tcp.h" + + diff --git a/src/common/ssl_tcp.h b/src/common/ssl_tcp.h new file mode 100644 index 00000000..8f12184f --- /dev/null +++ b/src/common/ssl_tcp.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef HDC_SSL_TCP_H +#define HDC_SSL_TCP_H +#include "common.h" + +namespace Hdc { +class HdcSSLTCPBase : public HdcTCPBase { + public: + HdcSSLTCPBase(const bool serverOrDaemonIn, void *ptrMainBase); + virtual ~HdcSSLTCPBase(); + + static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) override; + int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size, HSession hSession) override; + + private: + SSL_CTX *sslCtx; + SSL *ssl; + // 其他 SSL 相关的成员变量... + + void InitializeSSL(); + void CleanupSSL(); + void PerformSSLHandshake(); + int ReadSSLData(uv_stream_t *tcp, uint8_t *buf, int size); + int WriteSSLData(uv_tcp_t *tcp, uint8_t *buf, int size); + void HandleSSLError(int sslError); + }; +} + \ No newline at end of file diff --git a/src/common/ssl_test.cpp b/src/common/ssl_test.cpp new file mode 100644 index 00000000..3098e3f0 --- /dev/null +++ b/src/common/ssl_test.cpp @@ -0,0 +1,78 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#define SERVER_PORT 4433 +#define BUFFER_SIZE 1024 +#define CERT_FILE "server.crt" +#define KEY_FILE "server.key" + +void initialize_openssl() { + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); +} + +void cleanup_openssl() { + EVP_cleanup(); +} + +SSL_CTX *create_context() { + const SSL_METHOD *method; + SSL_CTX *ctx; + + method = SSLv23_server_method(); + ctx = SSL_CTX_new(method); + if (!ctx) { + perror("Unable to create SSL context"); + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } + + return ctx; +} + +void configure_context(SSL_CTX *ctx) { + SSL_CTX_set_ecdh_auto(ctx, 1); + + if (SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } + + if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0 ) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } +} + +int main(int argc, char **argv) { + int sock; + SSL_CTX *ctx; + int opt; + + initialize_openssl(); + ctx = create_context(); + + while ((opt = getopt(argc, argv, "sc")) != -1) { + switch (opt) { + case 's': + configure_context(ctx); + // Server code here + break; + case 'c': + // Client code here + break; + default: + fprintf(stderr, "Usage: %s [-s|-c]\n", argv[0]); + exit(EXIT_FAILURE); + } + } + + cleanup_openssl(); + return 0; +} diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index d6c7ca7f..6d1cffe8 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -69,9 +69,394 @@ void HdcTCPBase::SendUDPFinish(uv_udp_send_t *req, int status) delete req; } + +// static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { +// ssl_uv_client_t *ssl_client = static_cast(handle->data); +// if (!SSL_is_init_finished(ssl_client->ssl)) { +// int ret = SSL_accept(ssl_client->ssl); +// if (ret == 1) { +// std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; +// continue; +// } else { +// int err = SSL_get_error(ssl_client->ssl, ret); +// if (err == SSL_ERROR_WANT_READ) { +// continue; +// } else if (err == SSL_ERROR_WANT_WRITE) { +// continue; +// } else { +// break; +// SSL_free(ssl_client->ssl); +// uv_close((uv_handle_t *)ssl_client->client, NULL); +// delete ssl_client; +// } +// } +// return; +// } + +// if (events & UV_READABLE) { +// char buf[4096]; +// int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); +// if (ret > 0) { +// buf[ret] = '\0'; +// std::cout << "read from client: " << buf; +// SSL_write(ssl_client->ssl, buf, ret); +// } else { +// int err = SSL_get_error(ssl_client->ssl, ret); +// if (err == SSL_ERROR_WANT_READ) { + +// } else if (err == SSL_ERROR_WANT_WRITE) { + +// } else { +// std::cout<<"disconnected"<ssl); +// uv_close((uv_handle_t *)ssl_client->client, NULL); +// delete ssl_client; +// } +// } +// } +// } + +// @brief: if hs ok then SSL_write of SSL_read +bool HdcTCPBase::SSLHandshake(uv_stream_t *tcp) +{ + bool ret = false; + HSession hSession = (HSession)tcp->data; + // HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; + // HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; + int sslRet = 0; + SSL_do_handshake(hSession->ssl); + WRITE_LOG(LOG_DEBUG, "SSLHandshake, sslRet = %d", sslRet); + WriteBIOToSocket(tcp); + if (sslRet == 1) { + ret = true; + } else { + int err = SSL_get_error(hSession->ssl, sslRet); + if (err == SSL_ERROR_WANT_READ) { + WRITE_LOG(LOG_DEBUG, "SSLHandshake, SSL_ERROR_WANT_READ"); + // 一般不会走到这里,因为在此之前有BIO_read + } else if (err == SSL_ERROR_WANT_WRITE) { // 将Write BIO的数据发出去 + WRITE_LOG(LOG_DEBUG, "SSLHandshake, SSL_ERROR_WANT_WRITE"); + WriteBIOToSocket(tcp); + } + } + return ret; +} + +int HdcTCPBase::WriteBIOToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax) +{ + if (buf == nullptr) { + return 0; + } + HSession hSession = (HSession)tcp->data; + if (hSession->writeBIO == nullptr) { + return 0; + } + int retRead = 0; + retRead = BIO_read(hSession->writeBIO, buf, lenMax); + if (retRead <= 0) { + WRITE_LOG(LOG_WARN, "BIO ret read fail"); + + } + return retRead; +} + +int HdcTCPBase::HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax) +{ + if (buf == nullptr) { + return 0; + } + HSession hSession = (HSession)tcp->data; + if (hSession->ssl == nullptr) { + return 0; + } + SSL_do_handshake(hSession->ssl); + int ret = WriteBIOToBuffer(tcp, buf, lenMax); + return ret; +} + +int HdcTCPBase::WriteBIOToSocket(uv_stream_t *tcp) +{ + HSession hSession = (HSession)tcp->data; + int retRead = 0; + WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket, "); + + uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); + if (buf == nullptr) { + WRITE_LOG(LOG_WARN, "send allocmem err"); + return -1; + } + retRead = BIO_read(hSession->writeBIO, buf, 16 * 4096); + if (retRead < 0) { + WRITE_LOG(LOG_WARN, "retRead fail"); + delete[] buf; + return retRead; + } + buf[retRead] = '\0'; + HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); + int retWrite = 0; + // if (hSession->hWorkThread == uv_thread_self()) { + // retWrite = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, buf, retRead); + // } else { + WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket00, retRead = %d", retRead); + retWrite = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, retRead); + // } + WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket01, retWrite = %d", retWrite); + return retWrite; +} + +int HdcTCPBase::SendAfterHandshake(uv_stream_t *tcp) +{ + HSession hSession = (HSession)tcp->data; + if (hSession->writeBIO == nullptr) { + return 0; + } + string buf = "Open SSL\n "; + int ret = SSL_write(hSession->ssl, buf.c_str(), buf.size()); + if (ret > 0) { + WriteBIOToSocket(tcp); + } else { + WRITE_LOG(LOG_WARN, "SSL_write fail"); + } + + return ret; +} + +void HdcTCPBase::ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) +{ + WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----5 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); + HSession hSession = (HSession)tcp->data; + HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; + HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; + // CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); + bool ret = false; + while (true) { + if (nread == UV_ENOBUFS) { + WRITE_LOG(LOG_WARN, "Session IOBuf max, sid:%u", hSession->sessionId); + break; + } else if (nread < 0) { + // I originally in the IO main thread, no need to send asynchronous messages, close the socket as soon as + // possible + constexpr int bufSize = 1024; + char buffer[bufSize] = { 0 }; + uv_strerror_r(static_cast(nread), buffer, bufSize); + WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); + break; + } + // 将buf->base的nread数据拷贝到新的buffer中 + uint8_t *newBuf = new uint8_t[nread]; + memcpy(newBuf, buf->base, nread); + int retBio = BIO_write(hSession->readBIO, newBuf, nread); + if (retBio <= 0) { + WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream BIO_write failed:%s sid:%u", + ERR_error_string(ERR_get_error(), NULL), hSession->sessionId); + // BIO_free(hSession->readBIO); + break; + } + WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); + + // 将读到的SSL密文写入到BIO对象 + // 这里直接用buf->base是可以的。当然,用hSession->bioBuf也是可以的,只是后面的指针需要注意生命周期。 + if (!SSL_is_init_finished(hSession->ssl)) { + bool hs_ret = SSLHandshake(tcp); + WRITE_LOG(LOG_INFO, "SSLHandshake continue sid:%u", hSession->sessionId); + ret = true; + if (!hs_ret) { + break; + } + } + // 读取SSL密文 + int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, nread); + WRITE_LOG(LOG_DEBUG, "nSSLRead is %d", nSSLRead); + if (nSSLRead < 0) { + int err = SSL_get_error(hSession->ssl, nSSLRead); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); + } + ret = hSession->cntErrorSSL < 3; + hSession->cntErrorSSL++; + WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", + ERR_error_string(err, NULL), hSession->cntErrorSSL); + break; + } + + // 采用直接解密的方案,检测到首字母不是"HW" 直接触发握手、解析。 + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nread) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + break; + } + ret = true; + break; + } + if (!ret) { + // The first time is closed first, prevent the write function from continuing to write + hSessionBase->FreeSession(hSession->sessionId); + } +} + +// SSLPSK server +// 首先,此处一定会多次调用,需要注意的是TcpBase有哪些公用变量可以共享同对象,对象析构如何保障不crash +// 其次,需要注意,此处数据已经是从socket读到buffer包括TLS握手Client Hello的数据,需要回一道Server Hello +// TODO:通过SSL转换为私有明文数据 + +void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) +{ + WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); + + HSession hSession = (HSession)tcp->data; + // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 + HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; + HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; + CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); + + bool ret = false; + while (true) { + if (nread == UV_ENOBUFS) { + WRITE_LOG(LOG_WARN, "Session IOBuf max, sid:%u", hSession->sessionId); + break; + } else if (nread < 0) { + // I originally in the IO main thread, no need to send asynchronous messages, close the socket as soon as + // possible + constexpr int bufSize = 1024; + char buffer[bufSize] = { 0 }; + uv_strerror_r(static_cast(nread), buffer, bufSize); + WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); + break; + } + + if (hSession->handshakeOK) { + if (hSession->ssl == nullptr) { + HdcSessionBase::InitSSL(hSession); + if (hSession->serverOrDaemon) { + // server as the ssl client first send the client hello to ssl server. + // session handshake 4 + SSL_do_handshake(hSession->ssl); + WriteBIOToSocket(tcp); + } + // tcp->data = hSession; + } + + if (memcmp(hSession->ioBuf, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { + // ****************welcom to ssl world******************* + WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream memcmp != 48 57, sid:%u", + hSession->sessionId); + if (hSession->ssl == nullptr) { + WRITE_LOG(LOG_DEBUG, "hSession->ssl == nullptr WARNING !!!!!!!!!!!!!!!!!!!!!!!!!"); + HdcSessionBase::InitSSL(hSession); + } + // if (SSL_get_state(hSession->ssl) == TLS_ST_OK) { + if (SSL_is_init_finished(hSession->ssl)) { + WRITE_LOG(LOG_DEBUG, "SSL_get_state result is TLS_ST_OK"); + // ******************TLS handshake ok******************************// + int retBio = BIO_write(hSession->readBIO, buf->base, nread); + // if (retBio <= 0) { + // WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream BIO_write failed:%s sid:%u", + // ERR_error_string(ERR_get_error(), NULL), hSession->sessionId); + // // BIO_free(hSession->readBIO); + // break; + // } + WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); + uint8_t *buffer = new(std::nothrow) uint8_t[16 * 4096](); + int nSSLRead = SSL_read(hSession->ssl, buffer, 16 * 4096); + if (nSSLRead < 0) { + int err = SSL_get_error(hSession->ssl, nSSLRead); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); + } + ret = hSession->cntErrorSSL < 3; + hSession->cntErrorSSL++; + WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", + ERR_error_string(err, NULL), hSession->cntErrorSSL); + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + Base::ZeroBuf(bufToZero, hSession->bufSize); + // SSL解密失败,注意清理这段数据。 + delete[] buffer; + break; + } else { + WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, + Base::toHex(const_cast(buffer), nSSLRead).c_str()); + if (!memcpy_s(hSession->ioBuf, nread, buffer, nSSLRead)) { + WRITE_LOG(LOG_DEBUG, "after SSL_read memcpy failed, source buf len: %d, target buf len: %d", + nSSLRead, nread); + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + Base::ZeroBuf(bufToZero, hSession->bufSize); + ret = true; + delete[] buffer; + break; + // 内存拷贝失败,直接break掉,记得先清理这段数据 + } else { + // 如果这里拷贝ok,那么就继续往下走到FetchIOBuf了。 + } + } + } else { + // *****TLS handshake NOT ok continue handle handshake data*******// + int retBio = BIO_write(hSession->readBIO, buf->base, nread); + WRITE_LOG(LOG_DEBUG, "BIO_write ret: %d", retBio); + int retHs = SSL_do_handshake(hSession->ssl); + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret: %d", retHs); + WriteBIOToSocket(tcp); + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + Base::ZeroBuf(bufToZero, hSession->bufSize); + ret = true; + break; + } + + + + // // 将读到的SSL密文写入到BIO对象 + // // 这里直接用buf->base是可以的。当然,用hSession->bioBuf也是可以的,只是后面的指针需要注意生命周期。 + // if (!SSL_is_init_finished(hSession->ssl)) { + // bool hs_ret = SSLHandshake(tcp); + // WRITE_LOG(LOG_INFO, "SSLHandshake continue sid:%u", hSession->sessionId); + // ret = true; + // if (!hs_ret) { + // break; + // } + // } + // // 读取SSL密文 + // uint8_t *buffer = new(std::nothrow) uint8_t[16 * 4096](); + // int nSSLRead = SSL_read(hSession->ssl, buffer, 16 * 4096); + // if (nSSLRead < 0) { + // int err = SSL_get_error(hSession->ssl, nSSLRead); + // if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + // WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); + // } + // ret = hSession->cntErrorSSL < 3; + // hSession->cntErrorSSL++; + // WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", + // ERR_error_string(err, NULL), hSession->cntErrorSSL); + // // uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); + // } else { + // WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, Base::toHex(const_cast(buffer), nSSLRead).c_str()); + // } + // ret = true; + // break; + + + } + } // leave the world + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nread) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + break; + } + ret = true; + break; + } + if (!ret) { + // The first time is closed first, prevent the write function from continuing to write + Base::TryCloseHandle(reinterpret_cast(tcp)); + hSessionBase->FreeSession(hSession->sessionId); + } +} + void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { + WRITE_LOG(LOG_DEBUG, "ReadStreamFrom ----4 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); + HSession hSession = (HSession)tcp->data; + // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); @@ -103,25 +488,73 @@ void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf } } +// int HdcTCPBase::WriteBIOToBuf(uv_stream_t *tcp) +// { +// HSession *hs = (HSession)tcp->data; +// int len = BIO_read(hs->writeBIO, hs->ioBuf, ); +// if (len > 0) { +// uv_buf_t wbuf = uv_buf_init(buf, len); +// if (!reqWrite) { +// WRITE_LOG(LOG_DEBUG,"new uv_write_t error"); +// return; +// } +// if (n < 0) { +// WRITE_LOG(LOG_DEBUG,"uv_write error"); +// } +// } else { +// WRITE_LOG(LOG_FATAL,"BIO_read error"); +// } +// return +// } + +// SSLPSK client ? int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) { std::lock_guard lock(writeTCPMutex); + // HSession hSession = (HSession)tcp->data; uint8_t *data = buf; int cnt = size; uv_os_fd_t uvfd; uv_fileno(reinterpret_cast(tcp), &uvfd); + // if (this->enablePSK) { + // SSL *ssl = SSL_new(hSessionBase->GetSSLContext()); + // if (ssl == nullptr) { + + // } + // } + #ifdef _WIN32 int fd = (uv_os_sock_t)uvfd; #else int fd = reinterpret_cast(uvfd); #endif + + // SSL *ssl = hSession->ssl; + // if (hSession->handshakeOK && hSession->connType == CONN_TCP && ssl != nullptr) { + + // WRITE_LOG(LOG_DEBUG, "SSL_set_fd"); + // if ( !SSL_is_init_finished(ssl) ) { + // int ret_hs = SSL_do_handshake(ssl); + // WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret %d", ret_hs); + // } + // } + constexpr int intrmax = 60000; int intrcnt = 0; while (cnt > 0) { #ifdef HDC_EMULATOR int rc = write(fd, reinterpret_cast(data), cnt); #else - int rc = send(fd, reinterpret_cast(data), cnt, 0); + WRITE_LOG(LOG_DEBUG, "WriteUvTcpFd fd:%d, buf %s, size %d", fd, Base::toHex(data, cnt).c_str(), size); + int rc = 0; + // if (ssl != nullptr && SSL_is_init_finished(ssl)) { + // if (false) { + // SSL_set_fd(ssl, fd); + // rc = SSL_write(ssl, reinterpret_cast(data), cnt); + // WRITE_LOG(LOG_DEBUG, "SSL_write ret %d", rc); + // } else { + rc = send(fd, reinterpret_cast(data), cnt, 0); + // } #endif if (rc < 0) { #ifdef _WIN32 diff --git a/src/common/tcp.h b/src/common/tcp.h index 53353b99..7d6ade0d 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -22,6 +22,13 @@ public: HdcTCPBase(const bool serverOrDaemonIn, void *ptrMainBase); virtual ~HdcTCPBase(); static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); + static bool SSLHandshake(uv_stream_t *tcp); + static int WriteBIOToSocket(const uint32_t sessionId); + static int SendAfterHandshake(uv_stream_t *tcp); + static int HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); + static int WriteBIOToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); + static void ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); + static void ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size); protected: @@ -35,6 +42,7 @@ protected: void *clsMainBase; bool serverOrDaemon; + bool enablePSK; std::mutex writeTCPMutex; private: diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 7a3c93e1..7d62b022 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -466,6 +466,7 @@ bool HdcDaemon::HandDaemonAuthInit(HSession hSession, const uint32_t channelId, WRITE_LOG(LOG_INFO, "client support RSA_3072_SHA512 auth for %u session", hSession->sessionId); } string bufString = SerialStruct::SerializeToString(handshake); + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp HandDaemonAuthInit send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, channelId, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); @@ -788,6 +789,34 @@ void HdcDaemon::DaemonSessionHandshakeInit(HSession &hSession, SessionHandShake GetServerCapability(hSession, handshake); } +bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize) +{ + if (hSession->ssl == nullptr) { + return false; + } + BIO_write(hSession->sslBio, payload, payloadSize); + + if (!SSL_is_init_finished(hSession->ssl)) { + uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); + int len = BIO_read(hSession->writeBIO, buf, 16 * 4096); + if (len > 0) { + Send(hSession->sessionId, channelId, CMD_SSL_HANDSHAKE, buf, len); + } + } else { + hSession->sslHandshake = true; + } + + return true; +} + +bool HdcDaemon::DaemonSessionPSK(hSession, channelId, payload, payloadSize); +{ + if (payload[0] == 1) { + HdcSessionBase::InitSSL(hSession); + } + return true; +} + bool HdcDaemon::DaemonSessionHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize) { StartTraceScope("HdcDaemon::DaemonSessionHandshake"); @@ -837,6 +866,7 @@ bool HdcDaemon::DaemonSessionHandshake(HSession hSession, const uint32_t channel WRITE_LOG(LOG_INFO, "session %u handshakeOK send back CMD_KERNEL_HANDSHAKE", hSession->sessionId); #endif hSession->handshakeOK = true; + WRITE_LOG(LOG_INFO, "session %u handshakeOK true", hSession->sessionId); return true; } @@ -906,6 +936,7 @@ bool HdcDaemon::CheckAuthStatus(HSession hSession, const uint32_t channelId, con LogMsg(hSession->sessionId, channelId, MSG_FAIL, authmsg.c_str()); } uint8_t count = 1; + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp CheckAuthStatus send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); return false; } @@ -937,6 +968,7 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const ClearOwnTasks(hSession, channelId); if (*payload != 0) { --(*payload); + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, payload, 1); } ret = true; @@ -948,6 +980,16 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const WRITE_LOG(LOG_INFO, "recv %s for session %u", str.c_str(), hSession->sessionId); break; } + case CMD_PSK_MSG: { + // 收到了就直接起SSL然后握手好吧 + ret = DaemonSessionPSK(hSession, channelId, payload, payloadSize); + break; + } + case CMD_SSL_HANDSHAKE: { + // session handshake ssl step ? + ret = DaemonSessionSSLHandshake(hSession, channelId, payload, payloadSize); + break; + } default: ret = true; if (CheckControl(command)) { @@ -955,6 +997,7 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const } else { LogMsg(hSession->sessionId, channelId, MSG_FAIL, "debugging is not allowed"); uint8_t count = 1; + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp HandDaemonAuthInit send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } break; @@ -997,6 +1040,7 @@ bool HdcDaemon::RemoveInstanceTask(const uint8_t op, HTaskInfo hTask) bool HdcDaemon::ServerCommand(const uint32_t sessionId, const uint32_t channelId, const uint16_t command, uint8_t *bufPtr, const int size) { + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp ServerCommand send command"); return Send(sessionId, channelId, command, reinterpret_cast(bufPtr), size) > 0; } @@ -1158,9 +1202,11 @@ void HdcDaemon::SendAuthOkMsg(SessionHandShake &handshake, uint32_t channelid, handshake.authType = AUTH_OK; string bufString = SerialStruct::SerializeToString(handshake); + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthOkMsg send CMD_KERNEL_HANDSHAKE"); Send(sessionid, channelid, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); uint8_t count = 1; + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthOkMsg send CMD_KERNEL_CHANNEL_CLOSE"); Send(sessionid, channelid, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, @@ -1170,6 +1216,7 @@ void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, handshake.authType = AUTH_SIGNATURE; handshake.buf = token; string bufString = SerialStruct::SerializeToString(handshake); + WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthSignMsg send CMD_KERNEL_HANDSHAKE"); Send(sessionid, channelId, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); } diff --git a/src/host/server.cpp b/src/host/server.cpp index f327e4c7..cc8f5e00 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -473,6 +473,7 @@ bool HdcServer::HandServerAuth(HSession hSession, SessionHandShake &handshake) } handshake.authType = AUTH_PUBLICKEY; bufString = SerialStruct::SerializeToString(handshake); + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp HandServerAuth 1send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, 0, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); @@ -487,6 +488,7 @@ bool HdcServer::HandServerAuth(HSession hSession, SessionHandShake &handshake) } handshake.authType = AUTH_SIGNATURE; bufString = SerialStruct::SerializeToString(handshake); + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp HandServerAuth 2send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, 0, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); WRITE_LOG(LOG_INFO, "response auth signture success"); @@ -547,6 +549,40 @@ void HdcServer::UpdateHdiInfo(Hdc::HdcSessionBase::SessionHandShake &handshake, AdminDaemonMap(OP_UPDATE, hSession->connectKey, hdiNew); } +bool HdcServer::ServerSessionSSLHandshake(HSession hSession, uint8_t *payload, int payloadSize) +{ + if (hSession->ssl == nullptr) { + return false; + } + BIO_write(hSession->sslBio, payload, payloadSize); + + if (!SSL_is_init_finished(hSession->ssl)) { + uint8_t *buf = new(std::nothrow) uint8_t[BUF_SIZE_DEFAULT64](); + int len = BIO_read(hSession->writeBIO, buf, BUF_SIZE_DEFAULT64); + if (len > 0) { + Send(hSession->sessionId, 0, CMD_SSL_HANDSHAKE, buf, len); + } + } else { + hSession->sslHandshake = true; + } + + return true; +} + +bool HdcDaemon::DaemonSessionPSK(hSession, channelId, payload, payloadSize); +{ + + // 取payload + + // 取prikey + + // 解密,获得32位PSK + // char *psk = "xxx1xxx2xxx3xxx4xxx5xxx6xxx7xxx8"; + + // HdcSessionBase::InitSSL(hSession, psk); + return true; +} + bool HdcServer::ServerSessionHandshake(HSession hSession, uint8_t *payload, int payloadSize) { // session handshake step3 @@ -576,6 +612,7 @@ bool HdcServer::ServerSessionHandshake(HSession hSession, uint8_t *payload, int // handshake auth OK UpdateHdiInfo(handshake, hSession); hSession->handshakeOK = true; + WRITE_LOG(LOG_INFO, "hs ok true"); return true; } @@ -591,6 +628,16 @@ bool HdcServer::FetchCommand(HSession hSession, const uint32_t channelId, const hSession->connType, hSession->sessionId); return ret; } + if (command == CMD_SSL_HANDSHAKE) { + ret = true; + WRITE_LOG(LOG_INFO, "Session get ssl handshake, sid:%u", hSession->sessionId); + return ret; + } + if (command == CMD_PSK_MSG) { + ret = true; + WRITE_LOG(LOG_INFO, "Session get psk message, sid:%u", hSession->sessionId); + return ret; + } if (command == CMD_HEARTBEAT_MSG) { // heartbeat msg std::string str = hSession->heartbeat.HandleRecvHeartbeatMsg(payload, payloadSize); @@ -609,6 +656,7 @@ bool HdcServer::FetchCommand(HSession hSession, const uint32_t channelId, const WRITE_LOG(LOG_DEBUG, "channelId :%lu die", channelId); } uint8_t flag = 0; + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &flag, 1); return ret; } @@ -638,6 +686,7 @@ bool HdcServer::FetchCommand(HSession hSession, const uint32_t channelId, const sfc->PushAsyncMessage(channelId, ASYNC_FREE_CHANNEL, nullptr, 0); if (*payload != 0) { --(*payload); + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, payload, 1); } break; @@ -960,6 +1009,7 @@ void HdcServer::DeatchChannel(HSession hSession, const uint32_t channelId) if (!hChannel) { ClearOwnTasks(hSession, channelId); uint8_t count = 0; + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp DeatchChannel send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); WRITE_LOG(LOG_WARN, "DeatchChannel hChannel null channelId:%u", channelId); return; @@ -971,6 +1021,7 @@ void HdcServer::DeatchChannel(HSession hSession, const uint32_t channelId) // The own task for this channel must be clear before free channel ClearOwnTasks(hSession, channelId); uint8_t count = 0; + WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp DeatchChannel send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, hChannel->channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); WRITE_LOG(LOG_DEBUG, "Childchannel begin close, cid:%u, sid:%u", hChannel->channelId, hSession->sessionId); if (uv_is_closing((const uv_handle_t *)&hChannel->hChildWorkTCP)) { -- Gitee From c40bdac9cd5b49eba9ccb89f6e72248656669fe9 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Fri, 16 May 2025 21:17:18 +0800 Subject: [PATCH 02/11] handshake ok Signed-off-by: TaowerfulMAX --- src/common/define_plus.h | 11 +- src/common/psk.cpp | 10 ++ src/common/psk.h | 2 + src/common/psk_original_change_1.cpp | 101 +++++++------ src/common/session.cpp | 121 +++++++++++----- src/common/tcp.cpp | 51 ++++--- src/common/tcp.h | 2 +- src/common/test01.cpp | 40 ++++++ src/common/test02.cpp | 204 +++++++++++++++++++++++++++ src/common/testbio | Bin 0 -> 29232 bytes src/common/testrand | Bin 0 -> 19664 bytes src/daemon/daemon.cpp | 92 ++++++++++-- src/daemon/daemon.h | 2 + src/host/server.cpp | 194 ++++++++++++++++++++++--- src/host/server.h | 3 + 15 files changed, 699 insertions(+), 134 deletions(-) create mode 100644 src/common/test01.cpp create mode 100644 src/common/test02.cpp create mode 100755 src/common/testbio create mode 100755 src/common/testrand diff --git a/src/common/define_plus.h b/src/common/define_plus.h index 919c08c2..d032bd76 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -221,7 +221,7 @@ struct HdcSessionStat { struct HdcSession { bool serverOrDaemon; // instance of daemon or server, true is server, false is daemon - bool handshakeOK; // Is an expected peer side + bool handshakeOK = false; // Is an expected peer side bool isDead; bool voteReset; bool isCheck = false; @@ -266,6 +266,10 @@ struct HdcSession { BIO *writeBIO = nullptr; HSSL hssl = nullptr; uint8_t cntErrorSSL = 0; + + bool isSetSSL = false; + bool sslHandshake = false; + unsigned char preSharedKey[32]; // pre-shared key for TLS 1.3, TLS_AES_128_GCM_SHA256(password) #ifdef HDC_SUPPORT_UART HUART hUART = nullptr; #endif @@ -350,6 +354,11 @@ enum class RemoteType { REMOTE_APP = 2, }; +struct PskInfo { + unsigned char *bin; + size_t len; +}; +using HPreSharedKey = struct PskInfo *; struct HdcChannel { void *clsChannel; // ptr Class of serverForClient or client uint32_t channelId; diff --git a/src/common/psk.cpp b/src/common/psk.cpp index bb5e93b9..0414075e 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -170,6 +170,16 @@ unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identit return keyLen; } +bool HdcPsk::GenerateRandomBytes(unsigned char *buf, int len) +{ + if (!buf || len <= 0) { + return false; + } + if (RAND_bytes(buf, len) != 1) { + return false; + } + return true; +} void HdcPsk::HandShake(bool isServer) diff --git a/src/common/psk.h b/src/common/psk.h index 86d26f8a..da458d10 100644 --- a/src/common/psk.h +++ b/src/common/psk.h @@ -22,6 +22,7 @@ #include #include #include +#include #include @@ -47,6 +48,7 @@ public: SSL* GetSSL(); SSL_CTX* GetContext(); void SetSupportPsk(bool pskStatus); + static bool GenerateRandomBytes(unsigned char *buf, int len); protected: diff --git a/src/common/psk_original_change_1.cpp b/src/common/psk_original_change_1.cpp index cd78069b..0b787bd5 100644 --- a/src/common/psk_original_change_1.cpp +++ b/src/common/psk_original_change_1.cpp @@ -554,54 +554,73 @@ void HdcPsk::ConfigureContext() // } -unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +// unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +// { +// SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); +// HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); +// thisClass->psk_key[8] = '\0'; +// std::cout<< "psk key is:" << thisClass->psk_key << std::endl; +// // 动态加载 +// // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); +// if (strcmp(identity, STR_PSK_IDENTITY) != 0) { +// return 0; +// } + +// unsigned char key_bin[32]; +// int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); +// // int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); +// std::cout<< "key_bin is:" << key_bin << std::endl; +// if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { +// return 0; +// } +// std::cout << "PskServerCallback" << std::endl; +// memcpy(psk, key_bin, keyLen); +// return keyLen; +// } + +unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) { SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - thisClass->psk_key[8] = '\0'; - std::cout<< "psk key is:" << thisClass->psk_key << std::endl; - // 动态加载 - // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); - if (strcmp(identity, STR_PSK_IDENTITY) != 0) { - return 0; - } - - unsigned char key_bin[32]; - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - std::cout<< "key_bin is:" << key_bin << std::endl; - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { - return 0; - } - std::cout << "PskServerCallback" << std::endl; - memcpy(psk, key_bin, keyLen); - return keyLen; -} + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; -unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) +unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) { SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); - std::cout<< "psk key is:" << thisClass->psk_key << std::endl; - if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { - return 0; - } - strcpy(identity, STR_PSK_IDENTITY); - unsigned char key_bin[32]; + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; + + + +// unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, +// unsigned char *psk, unsigned int maxPskLen) +// { +// SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); +// HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); +// // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); +// std::cout<< "psk key is:" << thisClass->psk_key << std::endl; +// if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { +// return 0; +// } +// strcpy(identity, STR_PSK_IDENTITY); +// unsigned char key_bin[32]; - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - std::cout<< "key_bin is:" << key_bin << std::endl; - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { - return 0; - } - memcpy(psk, key_bin, keyLen); - std::cout << "PskClientCallback" << std::endl; - return keyLen; -} +// int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); +// // int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); +// std::cout<< "key_bin is:" << key_bin << std::endl; +// if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { +// return 0; +// } +// memcpy(psk, key_bin, keyLen); +// std::cout << "PskClientCallback" << std::endl; +// return keyLen; +// } void HdcPsk::HandShake() diff --git a/src/common/session.cpp b/src/common/session.cpp index 94dc94f4..d2a17bae 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -833,11 +833,30 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int switch (hSession->connType) { case CONN_TCP: { HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); - // int hs_cnt = 0; - if (hSession->handshakeOK && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { + if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { + if (BIO_pending(hSession->writeBIO) > 0) { + BIO_reset(hSession->writeBIO); + } int retSLL = SSL_write(hSession->ssl, bufPtr, bufLen); - int retBIO = BIO_read(hSession->writeBIO, bufPtr, bufLen); + int sslBufLen = BIO_pending(hSession->writeBIO); + uint8_t *buf = new uint8_t[sslBufLen]; + int retBIO = BIO_read(hSession->writeBIO, buf, sslBufLen); WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,return SSL:%d,BIO:%d", retSLL, retBIO); + // ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); + if (echo && !hSession->serverOrDaemon) { + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); + delete[] bufPtr; + } else { + if (hSession->hWorkThread == uv_thread_self()) { + ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, bufLen); + } else { + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); + delete[] bufPtr; + } + } + + + break; } if (echo && !hSession->serverOrDaemon) { ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); @@ -876,6 +895,7 @@ int HdcSessionBase::Send(const uint32_t sessionId, const uint32_t channelId, con { StartTraceScope("HdcSessionBase::Send"); HSession hSession = AdminSession(OP_QUERY_REF, sessionId, nullptr); + WRITE_LOG(LOG_DEBUG, "check ssl ok is %d", hSession->sslHandshake); if (!hSession) { WRITE_LOG(LOG_WARN, "Send to offline device, drop it, sessionId:%u", sessionId); return ERR_SESSION_NOFOUND; @@ -1003,46 +1023,68 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) } - unsigned int HdcSessionBase::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) { - // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // HSession hSession = (HSession)SSL_CTX_get_ex_data(sslctx, 0); + unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // HPreSharedKey hpsk = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); // thisClass->psk_key[8] = '\0'; // 动态加载 // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); if (strcmp(identity, "Client_identity") != 0) { + WRITE_LOG(LOG_FATAL, "identity not same"); return 0; } - - unsigned char key_bin[32]; + // WRITE_LOG(LOG_DEBUG, "hdc psk len = %d", hpsk->len); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hpsk->bin), hpsk->len).c_str()); + + // unsigned char key_bin[32]; // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + // int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); + unsigned int keyLen = 32; + WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", + Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); + if (keyLen <= 0 || keyLen > maxPskLen) { + return 0; + } + if (memcpy_s(psk, keyLen, pskInput, keyLen) != EOK) { + WRITE_LOG(LOG_FATAL, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); return 0; } - memcpy(psk, key_bin, keyLen); return keyLen; } unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, unsigned char *psk, unsigned int maxPskLen) { - // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + // HPreSharedKey hpsk = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); if (sizeof("Client_identity") >= maxIdentityLen) { + WRITE_LOG + (LOG_FATAL, "Client identity buffer too small, maxIdentityLen = %d", maxIdentityLen); return 0; } strcpy(identity, "Client_identity"); - unsigned char key_bin[32]; - - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + int keyLen = 32; + WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", + Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); + // unsigned char key_bin[32]; + // unsigned char *keyBin = + // int keyLen = HdcPsk::HexToBin(const_cast(hpsk->psk), key_bin, sizeof(key_bin)); + // int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); + if (keyLen <= 0 || keyLen > maxPskLen) { + WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); return 0; } - memcpy(psk, key_bin, keyLen); + if (memcpy_s(psk, keyLen, pskInput, keyLen) != EOK) { + WRITE_LOG(LOG_INFO, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); + return 0; + } + return keyLen; } @@ -1394,7 +1436,7 @@ void HdcSessionBase::InitSSL(HSession& hSession) { // if (hSession->ssl == nullptr) { - WRITE_LOG(LOG_DEBUG, "handshakeOK"); + WRITE_LOG(LOG_DEBUG, "InitSSL start !!!!!!!!!!!!!!"); #if OPENSSL_VERSION_NUMBER >= 0x10100003L if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) { @@ -1411,25 +1453,26 @@ void HdcSessionBase::InitSSL(HSession& hSession) // server only connect to , is ssl client const SSL_METHOD *method; - WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); + // WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); method = TLS_client_method(); - WRITE_LOG(LOG_DEBUG, "TLS_client_method"); + // WRITE_LOG(LOG_DEBUG, "TLS_client_method"); hSession->sslContext = SSL_CTX_new(method); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcSessionBase::PskClientCallback); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); - hSession->sslContext = hSession->sslContext; + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); hSession->readBIO = BIO_new(BIO_s_mem()); hSession->writeBIO = BIO_new(BIO_s_mem()); - WRITE_LOG(LOG_DEBUG, "ctx = ctx"); + // WRITE_LOG(LOG_DEBUG, "ctx = ctx"); hSession->ssl = SSL_new(hSession->sslContext); - SSL_set_connect_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + // SSL_set_connect_state(hSession->ssl); + // SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); // WRITE_LOG(LOG_DEBUG, "SSL_new"); // HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; @@ -1460,32 +1503,32 @@ void HdcSessionBase::InitSSL(HSession& hSession) } else { const SSL_METHOD *method; - WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); + // WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); method = TLS_server_method(); - WRITE_LOG(LOG_DEBUG, "TLS_server_method"); + // WRITE_LOG(LOG_DEBUG, "TLS_server_method"); hSession->sslContext = SSL_CTX_new(method); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcSessionBase::PskServerCallback); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); - hSession->sslContext = hSession->sslContext; + // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); hSession->readBIO = BIO_new(BIO_s_mem()); hSession->writeBIO = BIO_new(BIO_s_mem()); - WRITE_LOG(LOG_DEBUG, "ctx = ctx"); + // WRITE_LOG(LOG_DEBUG, "ctx = ctx"); hSession->ssl = SSL_new(hSession->sslContext); - WRITE_LOG(LOG_DEBUG, "SSL_new"); + // WRITE_LOG(LOG_DEBUG, "SSL_new"); - SSL_set_accept_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + // SSL_set_accept_state(hSession->ssl); + // SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); // uv_os_fd_t client_fd; // uv_fileno(reinterpret_cast(&hSession->hChildWorkTCP), &client_fd); // SSL_set_fd(hSession->ssl, hSession->fdChildWorkTCP); // WRITE_LOG(LOG_DEBUG, "SSL_set_fd"); - // while(!SSL_is_init_finished(hSession->ssl)) { // int ret = SSL_accept(hSession->ssl); // if(ret != 1) { diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 6d1cffe8..1b1accd4 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -326,30 +326,30 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf break; } - if (hSession->handshakeOK) { + if (hSession->sslHandshake) { if (hSession->ssl == nullptr) { - HdcSessionBase::InitSSL(hSession); - if (hSession->serverOrDaemon) { - // server as the ssl client first send the client hello to ssl server. - // session handshake 4 - SSL_do_handshake(hSession->ssl); - WriteBIOToSocket(tcp); - } - // tcp->data = hSession; + WRITE_LOG(LOG_DEBUG, "hsession ssl is null"); + break; } if (memcmp(hSession->ioBuf, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { - // ****************welcom to ssl world******************* + // ****************welcom to ssl area******************* WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream memcmp != 48 57, sid:%u", hSession->sessionId); if (hSession->ssl == nullptr) { WRITE_LOG(LOG_DEBUG, "hSession->ssl == nullptr WARNING !!!!!!!!!!!!!!!!!!!!!!!!!"); - HdcSessionBase::InitSSL(hSession); + // HdcSessionBase::InitSSL(hSession); + break; } // if (SSL_get_state(hSession->ssl) == TLS_ST_OK) { if (SSL_is_init_finished(hSession->ssl)) { WRITE_LOG(LOG_DEBUG, "SSL_get_state result is TLS_ST_OK"); // ******************TLS handshake ok******************************// + if (BIO_wpending(hSession->readBIO) > 0) { + WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_wpending > 0"); + BIO_reset(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_wpending reset %d", BIO_wpending(hSession->readBIO)); + } int retBio = BIO_write(hSession->readBIO, buf->base, nread); // if (retBio <= 0) { // WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream BIO_write failed:%s sid:%u", @@ -358,8 +358,8 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf // break; // } WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); - uint8_t *buffer = new(std::nothrow) uint8_t[16 * 4096](); - int nSSLRead = SSL_read(hSession->ssl, buffer, 16 * 4096); + uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); + int nSSLRead = SSL_read(hSession->ssl, buffer, retBio); if (nSSLRead < 0) { int err = SSL_get_error(hSession->ssl, nSSLRead); if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { @@ -377,7 +377,7 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf } else { WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, Base::toHex(const_cast(buffer), nSSLRead).c_str()); - if (!memcpy_s(hSession->ioBuf, nread, buffer, nSSLRead)) { + if (memcpy_s(hSession->ioBuf, nSSLRead, buffer, nSSLRead) != EOK) { WRITE_LOG(LOG_DEBUG, "after SSL_read memcpy failed, source buf len: %d, target buf len: %d", nSSLRead, nread); uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); @@ -387,19 +387,26 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf break; // 内存拷贝失败,直接break掉,记得先清理这段数据 } else { + memset(hSession->ioBuf + nSSLRead, 0, nread - nSSLRead); // 如果这里拷贝ok,那么就继续往下走到FetchIOBuf了。 + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + break; + } + ret = true; + break; } } } else { // *****TLS handshake NOT ok continue handle handshake data*******// - int retBio = BIO_write(hSession->readBIO, buf->base, nread); - WRITE_LOG(LOG_DEBUG, "BIO_write ret: %d", retBio); - int retHs = SSL_do_handshake(hSession->ssl); - WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret: %d", retHs); - WriteBIOToSocket(tcp); - uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - Base::ZeroBuf(bufToZero, hSession->bufSize); - ret = true; + // int retBio = BIO_write(hSession->readBIO, buf->base, nread); + // WRITE_LOG(LOG_DEBUG, "BIO_write ret: %d", retBio); + // int retHs = SSL_do_handshake(hSession->ssl); + // WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret: %d", retHs); + // WriteBIOToSocket(tcp); + // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + // Base::ZeroBuf(bufToZero, hSession->bufSize); + // ret = false; break; } diff --git a/src/common/tcp.h b/src/common/tcp.h index 7d6ade0d..6de49da2 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -23,7 +23,7 @@ public: virtual ~HdcTCPBase(); static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); static bool SSLHandshake(uv_stream_t *tcp); - static int WriteBIOToSocket(const uint32_t sessionId); + static int WriteBIOToSocket(uv_stream_t *tcp); static int SendAfterHandshake(uv_stream_t *tcp); static int HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); static int WriteBIOToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); diff --git a/src/common/test01.cpp b/src/common/test01.cpp new file mode 100644 index 00000000..40a2a6d4 --- /dev/null +++ b/src/common/test01.cpp @@ -0,0 +1,40 @@ +#include +#include + +struct PskInfo { + unsigned char bin[32]; + size_t len = 32; +}; +using HPreSharedKey = struct PskInfo *; + +std::string toHex(const uint8_t* data, size_t size) { + std::stringstream ss; + ss << std::hex << std::setfill('0'); + for (size_t i = 0; i < size; ++i) { + ss << std::setw(2) << static_cast(data[i]); + if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + ss << "|"; + } + } + return ss.str(); +} + + +int main() { + + HPreSharedKey psk = new PskInfo; + unsigned char* buf = psk->bin; + RAND_bytes(buf, sizeof(psk->bin)); + + std::cout << psk->len << std::endl; + // to hex + std::cout << toHex(psk->bin, psk->len) << std::endl; + memset(psk->bin, 0, psk->len); + RAND_bytes(buf, sizeof(psk->bin)); + std::cout << toHex(psk->bin, psk->len) << std::endl; + RAND_bytes(buf, sizeof(psk->bin)); + std::cout << toHex(psk->bin, psk->len) << std::endl; + // delete[] psk->bin; + delete psk; + return 0; +} \ No newline at end of file diff --git a/src/common/test02.cpp b/src/common/test02.cpp new file mode 100644 index 00000000..ab3432cc --- /dev/null +++ b/src/common/test02.cpp @@ -0,0 +1,204 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#else +#include +#endif +#include +static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; +unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + strcpy(identity, STR_PSK_IDENTITY); + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; + + +unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; + +std::string toHex(const uint8_t* data, size_t size) { + std::stringstream ss; + ss << std::hex << std::setfill('0'); + for (size_t i = 0; i < size; ++i) { + ss << std::setw(2) << static_cast(data[i]); + if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + ss << "|"; + } + } + return ss.str(); +} + + +int main() { + + +// #if OPENSSL_VERSION_NUMBER >= 0x10100003L +// if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) +// { +// } +// ERR_clear_error(); +// std::cout << "sss" << std::endl; + +// #else +// SSL_library_init(); +// OpenSSL_add_all_algorithms(); +// SSL_load_error_strings(); +// #endif + + + const SSL_METHOD *c_method; + c_method = TLS_client_method(); + + SSL_CTX *c_ctx = SSL_CTX_new(c_method); + + unsigned char word[32] = "0xxx1xxx2xxx3xxx4xxx5xxx6xxx7xx"; + RAND_bytes(word, 32); + // unsigned char *p = word; + SSL_CTX_set_ex_data(c_ctx, 0, word); + SSL_CTX_set_psk_client_callback(c_ctx, PskClientCallback); + + SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); + + + BIO *readBIO_c = BIO_new(BIO_s_mem()); + BIO *writeBIO_c = BIO_new(BIO_s_mem()); + + + SSL *ssl_c = SSL_new(c_ctx); + + SSL_set_connect_state(ssl_c); + SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); + + + + const SSL_METHOD *s_method; + + s_method = TLS_server_method(); + SSL_CTX *s_ctx = SSL_CTX_new(s_method); + SSL_CTX_set_ex_data(s_ctx, 0, word); + SSL_CTX_set_psk_server_callback(s_ctx, PskServerCallback); + SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); + BIO *readBIO_s = BIO_new(BIO_s_mem()); + BIO *writeBIO_s = BIO_new(BIO_s_mem()); + SSL *ssl_s = SSL_new(s_ctx); + SSL_set_accept_state(ssl_s); + SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); + + if (SSL_is_init_finished(ssl_s)) { + std::cout << "s okkkkk" << std::endl; + } + if (SSL_is_init_finished(ssl_c)) { + std::cout << "c okkkkk" << std::endl; + } + uint8_t *buf = new(std::nothrow) uint8_t[1024](); + memset(buf, 0, 1024); + int ret = 0; + int nread = 0; + int nr = 0; + int nw = 0; + // cliend hs + if (!SSL_is_init_finished(ssl_s)) { + ret = SSL_do_handshake(ssl_c); + if (ret!=1 && SSL_get_error(ssl_c, ret) == SSL_ERROR_WANT_READ){ + std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; + } + + nread = BIO_pending(writeBIO_c); + int nr = BIO_read(writeBIO_c, buf, nread); + std::cout << "ret is"< s + nw = BIO_write(readBIO_s, buf, nr); + } + + + // server hs + + // int nwrite = BIO_wpending(readBIO_s); + // std::cout << "ret is"< c + // client hs + sleep(1); + nw = BIO_write(readBIO_c, buf, nr); + ret = SSL_do_handshake(ssl_c); + if (ret!=1 && SSL_get_error(ssl_s, ret) == SSL_ERROR_WANT_READ){ + std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; + } + memset(buf, 0, 1024); + nread = BIO_pending(writeBIO_c); + nr = BIO_read(writeBIO_c, buf, nread); + std::cout << "ret is"<6CMX^B4gd_&PI(!V=NPw7+inVYvOa?M_G81Pe5Uf~i zOzU)v3#(M#t6h&SZPi!%q_z5ZyjFu&L;GwOwzjpa_K8;Q#E%wITVspP`|a~_=gi4m zthRr=w_XlwvhV(#z4zH?pL5T>=iZskXZ?*Uii?VvDihdcjJWo>0`bX;BVl;};$!vf zB>X*#dDscyCvr^G`vgI)D9;t=(^82~042SdbWnhvAz-Gc@{lO$xt00~QKKj;7d+{e z(4mL^pm_LShaR0Sctv$R-kwj&8+4s?Mp0dlVpHBI^vXY#PfMkq#hoHSQBUC_y?Uuv zFZC3ylJQhj#goj@r(VX>q*bV+qNu6YDfLXcT&OWcsSPSEuOvG@OnXgI?`a=5!%TXQ zfSIDIy(^$cars+|3@2-r?YWJ^5!r7=X`WEIAQIkKS93w6V__s5?de_ETVJ=ZuBI{( ztE}er!R7ibDrJstIJND za^fBLlMMMyIwV7d{v%((e5( ze*VnGKAq=H|;|p=-!N)8QyZCb^ z1U;rO_ysQb3gCst>pmBJ*u~Euz@ItLG0Q{fz{zYTtCH6}>JJqQ@+aeNz}L=MR<0`S zhSt?~M<^cJ98M%d@z&MLBC%+wHLx)fVz#}xD;BjA$v`}5+l-4A6l`s5u@j;AmQdX8 z3MD&Z9jv9L5lGSw#-hdTC7g?zGquiX(y2Dsp6v=NHOV{t}41S8>4G->(}2nIvlx(npk#&C=q=!n^!foMmf zGjL7LKW^1%g?a=J99PLmcj6k=?_eMj*%%03!|PQyl*c3|eRJfNHmtSdp+EBh5?JEVnmqqY#l;Fd2_9`;#rn3!|}QXFRr*Gm%6?uqEmB20H_BI~fmz zlK}kwW?+jp1`^?*9ZMw9R98c*-CAY)Tk7nVWUbv2N*+(YC2)Kr7uwCM*1!|n4)*qX zz20ik6j};LH#fA@*e$hotJn7X;p3W?SR~;Ob8l-x(T>Omc9w4%8s)?#ySS83h)KrJnTE7X>~xwqHu#_Wzo1CelY zo4ut94nzZ8%`m-Kj-8$4@xbW)ZG#tV#n9E-O{;>1I+N?9%ZRv!#|guS46oF0N!A2o zJx-qrH1|F;vYuw-rf?+E(6UI31D`cCFiB_NS}=c^-4@*%j&|71p+rv?EmOhX04)`W z^>xJJ-ZLmyt*$^gDh03r^@fuSrx#9LmWYHx-NXdDw?P2wQxNB9=QZ}GKsdr+A(4pC z?dl>r4#u~2Cu0tqNOlD0&nLEyYBvYb8gX7OEAW-emf4FctJuoMhNa8w>dG4D$eTM{ zlsl}htYvGP{A*~LfgUuMty{NbX@l*B3*5-Mb*QMRtgg#vy*i7=VFEVx^!ZY%=NzIl+;d$WFxZM6RRsCjgnkEfuk;xL+=k7E6Fn;QSKYd(i#12cM>M zw@qP?yGriIilDhx);FPkdN_O%Ln{G^-ErHOar-@)T_gGLa=w&pk$lhT;mNc+xDh-R zYX59m=K=4T-wpkVY{03X$f{*MwfD0J$?_ET6^U&by%Sf`N$eYvzn1eSu!kj|JpW7B z(oJAL08fS5n<49n7wr{0?Wz5!+6Vg1B`NI3<#ku#J+z@f@fbLh^79P5$;ZW6X}hF? zIQ&6d0O&m5v&d?8NW&*75cD|>FVpbD8vZd2&uBQ^!>DpZ!xt(LbX3EuG`zfBFm#)7 zo`$RY5(;y*hO7G$!ez*K?T!sXi29^%SqQmV!!fW<*{R{UC3MPe4acpJQ}$@M9C}`N zpN3PcRoScIYK*CFpN3=NI%QD9Pjpbm4r(|~9H$)8@Tm@panx{}NKQGd;nN(Hv5bb( zIjYJL4L@0dpraa|cYi9!m*Rh_CSR)I^3e~kE!S}QD2d}UHT*Qqjz`01X!tx0pQ+(h z8vYRtuh;O?HQcA+voze&@G~^LNyF*hUX^tk{!s;jwrluo4e!)&kA`<^_*oj>tKs^6 z{SFO3Ta&+8!_U$1ofh|^qkpmb-YB)wCBOPO9<%okCX2I&tiB(V zKEb<_t-bs*#zwMpSAmqxW+dN9H6z0>X0zFyoTrWL$nY}`PaE2i;R6m&8`+WJZ#z6~ zU`K|(=J2#}9T~pO;c3G8P!_!7}WO#|g(*|{9 z*z54LF&!B`%i(E5Ix>8+!_!7|WVp!T>A}Ou@X_~Fe`!OC{yRKvMA3hTrwu6j@9?zo zME@P0Hk|0c!_!6+{daiUV50vHPa8}0-{EOPiT*o0Z6wiuho=oB`tR_xaYX+eo;Hl= zzr)i;5&d^~+90C;4nLdoN8eTb_i+A2ho_Ao`tR_x0Yv{Do;H5yzr)jp5B+y|+UTMG z4o@3A^xxs>0Sx-@@U+oG{}qqf`R*k&JC`#)Kf!SS=E>Q^ zWwUpX+!K;Q{t7N%dpVKw-?LIjtOLLQxOHH3f>rdC^~`(8=`c_t4U}dNZ{p{P(x>%% z$E7sgSkL@6tMAh9EXJXgdL=p4N?-aan9M&N%VskjSPY*kp=ngK9=cBZq(8hBm2}Vs zJzPwDR%(03O7$GJQf<$rRzKUA@*iBDT7Ae$`vDJSI$_XC`Hz5q&e~7!7Q-E(sFf-o z@|7m>w&^L~RED}Ek5WfTVXIIWwbHBc@gLmp;T1ojy1$}sAMrnYLUWf7e*^E!K^19KKV4VE}-sDB+ypn|=A!(()5 z%}gSJ$2DWZ$R6I0$F1}LcPP#EtfGTukFc^w2Fc*G>IP$XBZi@AQ;=b{*QU_1%~yF^EMcfJ9ooysJ-SI2n_e}^?+geN)g z^|NTatke^l+%z7B=O`k#qcfRDiI)we*N^6gn2!NMVT3!=^%p3l`Yq`g5!m`AH{0Jt z?7pgAyza%v+Fy;oi|8ojAH-BWXzi;3SIg__@b|*rUK++jG>xqR|KOt@v`F^uBzpsG zgK&*(I`cFu+~w^IRJ_KAgU91Ea!Uv!y1&EqT}JmLXk;wz^iXDpaC03@W@;oB5m-C9 zE)BqeO`@Bf0_6m#?;R4_C1eN43{*rVKUI9t%B&IwyG1Q0P<>b!>?Krmj1HZSol8pT zeoN`+m z^}SYP_5XC+5zM6B=*aH;8JlK5AS>F^;=a z5k(L0^H3%OAFXu7*YI9TPTLcBQ2J@6{RgS;r$3LB9?Z#Q;W!qgwD2r=$QtnP;m!-M|H=m*5Hn#fAlH!?w`{=!cZKW8!d%0^vnV9f&Ue412j+mo&C#+iH1S>FrlTkZ%0QJ*xE3BqO z@CHi0;JD$DZe+-O{usVOe(*8;j1kc_=8z7{HOF>dQh7kvcC2-l&vwk-EWAo}81ripwEVeB~Gu zDSj#s`1i;awqlsP3&sQQ`?WFdPe)UA1ms)_{Qy6Q?O;K z#t@z;qjMW+4U~KbUpo;4ew26eDJxxaE60X1Q8ctOcNhC8*$|7(?U;ekUC`1YZk965{q&uFUWEsX7Gnx)&`O8o*6e27o;w$W5E;WZnI}Cd8M^hmQ(flqTV$jXSAT@fk|5({01o3A==wfN^sV2;fm+=UUM_@bx;}IB- zz<314BQPF;@d*4si~#*ALKSsHPp#;fUfbhYC4R*qerrsx;pq;XUboY;K6 za$eNi9D0w#uIE2$TjFoAz18*h%4MtV7Hdg$Z5>N^V%Jb%L3Kbs8}T>PY*@ag^UY<3Uy*|hQ%(`H^?Hf3w+ z4)*cWFZ$S`bLIf$`kw+layXmiiUgvN-6TF4;5$iQ7HaDjd~U_2m4BbzKdt=p#mi1Q zVKp2APW2DqbJKC^pGN(4sK*04#*}_TPX7(S5!B;RV6MJ1S3ec~-hQ0=1*j+gHtG7s z>$w5)uMzdnqJDv1AI#a0p#CuGc|4SVD|7X?puPd|?$h;)uXF4_fcgheZ|Bv2!l@^? z=(?sxK9ZBZ@+5qkrN)!SjXwVc{hMHC;@x1B4_4oV35gvCSr$Lmw5U;Bq__7i%2u^3Q_*Y&9HNBu|i`X-@I5Z)G)U51nW z>Sv3dDQ0gL;}B5o?3XYh(vxSrc`AEo^5=0bJTY}fdOCZ3>X&f*h4LBqPiK#o52KIY zK4r$xboT30zNpPJvO8YJBQPF;@d%7ZU_1ij5%}L70rfjz^}Ap7JKrW>zTddq^FqHd zrlNTIjkC_vZ<=+Uesit!^c!m`Qw6~djyO0;@-NfPFABeB0ad?Sp2bloZ5BIS^6GcW zbiYG|?q#X`>Ah@>=w95jP?62DK`B6AIi_-0*3f^IRq-_~ z&X3{^92IQNIIsGR7g3zwDeLjohP-;A^^g0j@|T$wt2_enN!lc7yQJNc?vQk+qcatw^5+G9dx9XbwLMiiA(` zaoDl5MB-B=K2cONT31NE+`#Es1mV*S{1J)IH1OX@{0svxDHe7-20mZn=NR}E5}#+_ zTP420!0A~C`B`P)Pf5JSz~7K~y@8*G`A2pxG4Lf4_Zj$RiCYp^>+}G}XEHM%#@)ba z{>-KciNg2hpg)tiy3VTWo7?=KjDah{)11=f+)Un|Li23~ALvt^{EAB9W8BV1n7JM= z;`r&#^-IY&06#@B8V$MNeZb4vEH<-U6UN~effvf_b+?P1{lMqI(z`NlUTN+fT$nwu z&kXxNcd>Jfw~HS5gaNR;Ou>b)P`@s4!LI;5N9yV%!sW}^gYyJR&v2+*>tbi03;wDL zegbYx3i)}y3w{aklZ$6L`BsECc+Lf!;`y`@&zCR{u?nz;bA@D|RG?&=h1&g=w6kB@ zQ8G`u$o~=eS@5U4T^Ls9OBrr>l&)-&lMRFypUl*KpQ`I{k-yOeKjebHhEl9Fbm;JfRjIi(vEtU(&!@3T7vPUw=#wlY=MnoI~mx_03?z< zn>JMjSuQW7o$Nve#aI-H5N#Vd8#hN{8v_x$BN>Y)>_AU13&y&-BcWud1DVqbO7L8g zb|4-PY_pLhGQN#%iU+zvc1KTF7iECcIFWl&7exZbWL0%#u)CY*>}#yI?Qo1TR8lIw zIva@~laa-t-cYb78IDD(w|E;DB|_KoWP*ijy906e+Qq1~d!om+P@Ah?jC_O99!kU5 zSnWmMLz@CUk)$1oA){S)ED{cG<4qyUU@fwDhI%O}C-U7zlZi&}BAz@GNF;*%cz{Wtw`v}T- z!~@aI$1x|R65YpbwAN`f9_kJSlJ1?TlcT`rI+7V4XJA#+l-E!i#H8&AC6V5+(Yx4g z!6e^;gozy@H7kBXNK%d7x|Y^vyQyWB-LTxhrnRBw+kUVhb@C94~jIri7CSkdA~M$;ur8~t{E zGFV@JCPjKVPAOew3Rk1n4)JWVdRkSVmT=KYylSc;4QpTxPqJz^Ag$<%uH>djU~{4c z-phoiV^de=8Mcwp6{#e{QM)H0Q`}Ng*}RmwMx(L^yf-+J$#Fv>KN+TI59uc~n>XTPQUV*PevO_izp@gmUZqQtSUsig z2g*H531IUbu4DX~hm*-ji0VWU`A2E4=7RHqS}YVIo>tYd&u1M^vFbp`eoC2)d75J* zFk3z zLKhHRJ@n-$s3jI3W2!b8vqHT~YkAJ+p4v2Ri@;)!Mv`=Mm=2w^aSkLKB5CGCKe#=%F>Xh5I&JI{p9GXE!?ocn!`j0;1 z?tohrn?GSg9g`h$117o4fvzyx64r70uuAMJyRco<_u_xgF`kIvIkfnGDA_Up|0ea` zmFlR-$2Ee%-?Q<-qc%Jf7sc)WDU#LB`%T5y;Xv0n|G%Phl%S;Qd9Q*S41M+fNl}jy zl+@I}5;%T}8dLtO_sNP@Nj*IFD_*@{R#Xi*`Hx51j{nju z8^8f|(a|pxHR`>$df%0Q3y}S)( z8a{LmQ&Hb%asGcY0Xu(H`-)D0K^h{ZufFf%kqs+3WkB(YmO-C$sq%xuO6h9xzgem`h?V@I;(l^@oiE8I>m2AJtLBxU5pKsvGoKB4?#x*S2{wUr% uP??R-`S>XRRljI_lXb*;_h*m?$LEpsT(6`wx!N~zW3el zn>R1>V$uH5vnQ7``M&Sx`|IBCz3=z?a%Zq*Q-#MPxK)a)1#v@jO(dWMM>nbskbqb% zX5p__Tqw=~KSg4uJYW(?&33$^lvXLc5|r#}X`>8XY{G&m_mC*rxwX1#Q^Hi#m^|4{ zrA@^<>6YoH9#fWE@w}#7IOt=l|4i+6l$+zrO}pc3OKCva?d8F!eo?x}ZbaFQC_AQJ zl~1OePjW-Q)yl7v)7}P><8_`b_uT9x)^-4FwNxyBvf+@$l z0d|y^KeX{Qx2t$=^RQHnn<>pVwJQ?w&Q*<9B%&)4@np7dMc?XGD^@l7GAUoZlvBUF z_|clWwzWfGT80Qy?nK32lV^Vm+R@mnJ@X%$xxwVd|D6UywQH9MuRx%3_#7AgdtCG* z=wLZNEiQg&y_M7dj*Fk$T=WlOH0As}NZu!8g0~ z=N%V(%%wlSckxf_&5NJ2UFXt&xG$?uhbyns3HbY9P;Oqn4F4CG(SH-;nj;p8K)@8% zP(W(BzOyHl)H6mnZRonto40P!qp@^sXFOxX(p$G|NTiant>Ml@%#@Xtv^TYG)I0l) zSVrhKg^Wa|ITAAb{z!K?tsCiZ+yD>^wgYSE3}@mIJ(V%iv2aiGR()%o9t^G0L&i!y z6f<^DU>^!k?Bq(leRFHbxKh_6eSLnvzupXmNb%&(=1`*^TB&dK>%kymL=$bhdO%x4 zsYE6ix3&li8I7@IG;!8LkWPx>SKGs@;g-pYIjRl*;4agCbv%{PVH#^}PR5Omj8iw; zHnoRRA)Wf)y4g0+vx?M!u23v}XJ4P*8%t+W$#5cW^y|CoTR1N zuuJYXvuTuezc?(HS#eE>HSkZFP-Ty~jHI##kE~3%Pgs?!X;pT`6N%wS&ZRzq>K-nUY0*tV@{eY5UIpyH-)jj6tE8{9Pd>Q|Mremjf9 zNrn7ZiEE~*IFC-jd3Fl^5jqXOD*UEPZU+8(#JTu+uvLkl*@%A@$1pyAwq4eLu7KXZ z0Ha3ohi!82vR<67r;9f&d8PP;k_VtaFCL#I5cge$J$djO&_73Wb&DfScG&P4>;$yihGPL)t=ERn zv```XY&aIM)%M!(*%m6qy*6Cks!8bq8&2z&+e0>d4uhbN*l_#x#bY*HEkS8@$cEE( zIJakP`1uTi4%zTp8~*=o^MmTo|5n>~vPv76`o35T4bof_=Lg9eqX`zn}AG3H`;G@IOTRiQ^qr*S6cv|SA!{4=dTHvF@ z2Q8i!_UQ0k7Ee3V=IBfB>ut$e)uy|U~qr*)WPYZc;*l+Q)fJcWfvUpm! zqr-D7o)+xru*c$Qp^gr}|1po37AVGV@w6~8ev79CiSb)JEkul;d1P~o%;rWR^9lYt zD=51~{s9L+=-~G|_&p9j>)?AFe9Xabckmq!ev5+-I{0-Cex-w7;ovWI@E17v`3`=T zgP&^W{l96>9s8=5`!8+ZTO(~-gZ?4^%i7?&RxHE9{10$va;nQ$ec|1h1T65ubr-=_ z8=Sh3$eJ-@K9>ILP@<(jy>O!X!o8&Tf}+rWpM--ee@*1_kG0&0_WXO-XwQ#TYMvLh zV;>vy;NY*6gQ~)bE;)~EPy5H-b#Eh<$S&*9_N{A&rqFV48#A?mbzcXQAO3xzkdI=q zy*Tw*=y|ro){0N|!@D7*jSkp_w7X8egdI-HJ*#0sX}PBYl02{)B&rQexpb)v5X}3B zw88y5r0_`oH3VUH-%yP2W7Kl8n0du0DM z5D3J(cRWWscK#PI%>B&f%ycqWM*5jHFep1TAni2IOVv+{>Zgau|JRuQYm5H( z*!=(Mx0E>y3_J3y!{%OaB)=IN&&VMTbkG8rC-)B{{O(QG0-$sr$$yW`&DnntHV*0C zMQQ(dX;)GD6-e_R%C6X#49>ANxjkoc*|B|l&Ums{-L+?o_Nr_>=Iv!Qyb-b*oO&y| zuH~?UO+6$9FXH&JMPf(tE1+_qxDXGMkLT$0oBvDf4co01YK9sJp1CAARt7!SfkN@4 zqeVUHtd`p|mdl<(LdOQgK*y=v>&VfM=06o>@##?kfLECiOj%$59H8kHf(rq}MKd0k213$X0o{1kdoK9uC9owEo zl~+9kO1HtU{7<3q3h3hZ3x!jl%Ry%%Kw`8|coKZa2Zh2$1bgFDp>QAQ%#R9%*FZZ# zPl5g!=o0831lfg#fxZR$IOr7E9|lc;z5)6qC_nr0 z+}18UeKnp%GpAJ@fIi{$9P$wQcNwVII88o=T7u0+{KnoZ6xyICX4h<*U3*>ixx1_O zifa~r@e2)0E(R*?ZwB>_6bkm|SLD~guNHWK>{X*!_u+T_hlPTC?i8F|^Yw}iv(DLq z4gn|m-{BXWKu&qR3Uc}Ui|w0>_9r1<0l6Pku)Mn{r+K(~0{L>t+aT|<+gEIt4yb=E zkbeX6<#u_b=syAZ_aK+~;P}@T{MSf6DzfKSB7pw8HYU81f6?M?N=XKi3ue zyB6{~tkW;Sh1Hh|bHXSeH$&b9xqRNt_HCv;nG_11>Z`FcedRUJu?q2<3Ty(p^dhW} zzxFJ6wNkw2@e1*9#e$QS;?)Xl7Ah9}`4sU^WfP1i+hhhNGccKf$qY01qIGfiTBM?6dM0rimqe`~l6(r+NS6ZMV;bGn;k@62m8}_nJ@~$~t;yu6f7Iw}YmZnUc)ye&{@jiq#pUA(PI`B6YzSx0J#es$VcpdmMg)ed7Hz<6m1K+Li zyP@m)`2%EJmA20DqK@IAO8k{(>mFq4w&*8fe`W= zLBjbw#ODXMb$&wnpC`I6fw7~NTUYNvUx@RpItn)NV4^)Z3OkQyGbH{w>-f+5Uf_;h zONv$juMrDHZGbgRx(@iokX)?}^nNA&Arj(+zHsPobMb#C@HrIOYdQcc+x^nNVr=9G z(oc<8p-yb{Oo!Uz5;wQ)e^0yMRXDNEsaPnS$G!Q$XyJBJ^dEG=pF)S{ z!q1QjewhkB0~Y}0`g5}j{)h|yBNzOL3;vc1ULd>z7bATBRQ;Ta{?q(A*XViKD+{>M|(KlT5M}Sk@ zw;g$#f$O_+>vkdVa{e!O!8a&Bud8t_SAE*1@Cr4Lyj&u{%jH>wB5A|#OW{-ZaA#aM z!aD_kjFIi?@=6yUFmR7Opj)Jdir5v<8){mC90@oG3xxjNN+Dn2U=I@dT+)^ ztcmr-B3UDzO4jf4w=`s8x5`qC^3vXL+FiN^QaziT(8Eeg9x_^1>v}vzy`=7}LGea1 zOI0o{^?r;!))mes3_X!T`Asy@b#GsvND1M?AQW#5qq89m@U;vHg06N3b zPf%3(NQaXK}lr~_+S-x7p{D#_{z$Z{34>O|SC~xsAhFfiF-^jrS-^FVD7o&+Z1jLMfjEk;RgMl9DjqO}Qko)WT84W(sBHnLNs1 z381c&4-r`VpP^o~G%$Q!i8?x2uNMiTLeHw+qhdur9VT!DNsikKA*wd zN#oRuvQSYhbq$o3*Xep^Cc~PvjK`Nkmb(7511}DWN)jDDOX5;0kOjvsk7`BC!1(e{ z+YHmUPtns#|9yMnf@Ll+zD!=P1?;{@gxeLdxbBVGGablX!&~6DHO^Y{WhpG8^?cP z5RWPdWs@uDQdX*Whcn&67wu0Xgh`FGDcOZ`Tbx@<7#*^7EDlP%jFWu5F>6lBY#qtXo~pc1PijIfOxRXsj<1>ostpO%>eIt9hYo`rvH@ z5BJ33-gJnSEPS}a?!kq#?dIb%Y|{NQ-TJA=3giBN5`JFKAxPKW=&=oMNiBP~|A&KZ zaNAbWR)MqI)Ble^jp-7Twf^GqMoDW1XSe6)t4zHm+VrflwA~06pTMMe{QMq*=~AVR z#|E-F`yU2MkMh}`-%~I>ssz+W${pLQ+cgmfMnh(Me(%AQ-*Z4kHfR2C1xoJ_*q+}T zFkP$cxc{uj^bW}BodomzUV`ZfWl#O5+;RUEECvUt)uX$o5;kri3ZYkG(nf-+zbDZa?BRwVB?|j+GN<{I?zU2|A#m zG3EWoM9o;dP4pxDX5*(0Th{v#{{MHJ`R4dcE7AFCn?1je$*TuBtOpg@m}goIdzxa7 z&(FX4|5Ng+@zefGjqSK!e+!KA$M*c5wB`!Z#{bJ?66-J9Gp&WO-ChKgYMn`WKW7JQ z$NcAEOc=)x1WZXS+mmx!3)r@4^AZ(bsasOEUuGfZ2D`IU#}bi>nsRtlb(r4AEya)f s&*Q@5J*)51Q2nW0V{Y7o=WX`JaT%lCoyX1?(T6vf9DS2&Zw^-cA7qF`d;kCd literal 0 HcmV?d00001 diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 7d62b022..6016e262 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -792,28 +792,81 @@ void HdcDaemon::DaemonSessionHandshakeInit(HSession &hSession, SessionHandShake bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize) { if (hSession->ssl == nullptr) { - return false; + HdcSessionBase::InitSSL(hSession); + } + if (payloadSize > 1) { + // session handshake 5 + WRITE_LOG(LOG_DEBUG, "ssl hs server buffer: %s", + Base::toHex(reinterpret_cast(payload), payloadSize).c_str()); + int retw = BIO_write(hSession->readBIO, payload, payloadSize); + if (retw != payloadSize) { + WRITE_LOG(LOG_DEBUG, "BIO_write failed"); + } + } + if (!hSession->isSetSSL) { + SSL_set_accept_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + hSession->isSetSSL = true; } - BIO_write(hSession->sslBio, payload, payloadSize); - if (!SSL_is_init_finished(hSession->ssl)) { - uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); - int len = BIO_read(hSession->writeBIO, buf, 16 * 4096); - if (len > 0) { - Send(hSession->sessionId, channelId, CMD_SSL_HANDSHAKE, buf, len); + int ret = SSL_accept(hSession->ssl); + if (ret != 1) { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", SSL_get_error(hSession->ssl, ret)); } - } else { + if (ret == 1) { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok?status:%d", SSL_is_init_finished(hSession->ssl)); + // session handshake 8 + // Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + WRITE_LOG(LOG_DEBUG, "SSL handshake ok hSession->sslHandshake = true"); + // return true; + } + int nread = BIO_pending(hSession->writeBIO); + int nwrite = BIO_wpending(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "ssl hs client nread: %d, nwrite: %d", nread, nwrite); + if (nread > 0) { + uint8_t *buf = new(std::nothrow) uint8_t[nread](); + int len = BIO_read(hSession->writeBIO, buf, nread); + if (len > 0) { + // session handshake 6 & 7 + WRITE_LOG(LOG_DEBUG, "ssl hs server buffer: %s", Base::toHex(reinterpret_cast(buf), nread).c_str()); + Send(hSession->sessionId, channelId, CMD_SSL_HANDSHAKE, buf, len); + } + memset_s(buf, nread, 0, nread); + delete[] buf; + } + + } else { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); + uint8_t count = 1; + // session handshake 8 + Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + return true; + } + if (SSL_is_init_finished(hSession->ssl)) { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); hSession->sslHandshake = true; } - return true; } -bool HdcDaemon::DaemonSessionPSK(hSession, channelId, payload, payloadSize); -{ - if (payload[0] == 1) { - HdcSessionBase::InitSSL(hSession); +bool HdcDaemon::DaemonSessionPSK(HSession hSession, const uint32_t channelId) +{ + // daemon收到点东西那一定是空payload 我不闪躲 + unsigned char* buf = hSession->preSharedKey; + if (RAND_bytes(buf, sizeof(hSession->preSharedKey)) != 1) { + WRITE_LOG(LOG_DEBUG, "daemon session psk random set failed"); + return false; } + WRITE_LOG(LOG_INFO, "hdc psk buf %s", Base::toHex(buf, sizeof(hSession->preSharedKey)).c_str()); + + Send(hSession->sessionId, channelId, CMD_PSK_MSG, reinterpret_cast(hSession->preSharedKey), sizeof(hSession->preSharedKey)); + // if (memset_s(hpsk->bin, sizeof(hpsk->bin), 0, sizeof(hpsk->bin)) != EOK) + // { + // WRITE_LOG(LOG_DEBUG, "daemon session psk free failed"); + // } + // delete hpsk; + + return true; } @@ -865,6 +918,9 @@ bool HdcDaemon::DaemonSessionHandshake(HSession hSession, const uint32_t channel #ifdef HDC_DEBUG WRITE_LOG(LOG_INFO, "session %u handshakeOK send back CMD_KERNEL_HANDSHAKE", hSession->sessionId); #endif + if (handshake.authType == AUTH_SIGNATURE && hSession->connType == CONN_TCP) { + DaemonSessionPSK(hSession, channelId); + } hSession->handshakeOK = true; WRITE_LOG(LOG_INFO, "session %u handshakeOK true", hSession->sessionId); return true; @@ -981,8 +1037,10 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const break; } case CMD_PSK_MSG: { + WRITE_LOG(LOG_INFO, "when it comes, bug comes."); // 收到了就直接起SSL然后握手好吧 - ret = DaemonSessionPSK(hSession, channelId, payload, payloadSize); + // 好吧,收不到。。 + // ret = DaemonSessionPSK(hSession, channelId, payload, payloadSize); break; } case CMD_SSL_HANDSHAKE: { @@ -1207,7 +1265,13 @@ void HdcDaemon::SendAuthOkMsg(SessionHandShake &handshake, uint32_t channelid, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); uint8_t count = 1; WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthOkMsg send CMD_KERNEL_CHANNEL_CLOSE"); + // HSession hSession = AdminSession(OP_QUERY_REF, sessionid, nullptr); + // if (hSession->connType == CONN_TCP) { + // // LRTTODO_ change the CONN_TCP to ohter enum or other 字段 + + // } else { Send(sessionid, channelid, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + // } } void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, uint32_t channelId, uint32_t sessionid, string pubkey, string token) diff --git a/src/daemon/daemon.h b/src/daemon/daemon.h index 732f7c9d..4d201552 100644 --- a/src/daemon/daemon.h +++ b/src/daemon/daemon.h @@ -79,6 +79,8 @@ private: void DaemonSessionHandshakeInit(HSession &hSession, SessionHandShake &handshake); void GetServerCapability(HSession &hSession, SessionHandShake &handshake); bool DaemonSessionHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize); + bool DaemonSessionPSK(HSession hSession, const uint32_t channelId); + bool DaemonSessionSSLHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize); void TryStopInstance(); UserPermit PostUIConfirm(string hostname, string pubkey); bool ShowPermitDialog(); diff --git a/src/host/server.cpp b/src/host/server.cpp index cc8f5e00..c15f0df3 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -549,37 +549,199 @@ void HdcServer::UpdateHdiInfo(Hdc::HdcSessionBase::SessionHandShake &handshake, AdminDaemonMap(OP_UPDATE, hSession->connectKey, hdiNew); } -bool HdcServer::ServerSessionSSLHandshake(HSession hSession, uint8_t *payload, int payloadSize) +bool HdcServer::ServerSessionSSLHandshake(HSession hSession, + const uint32_t channelId, uint8_t *payload, int payloadSize) { if (hSession->ssl == nullptr) { + WRITE_LOG(LOG_DEBUG, "ssl is nullptr"); return false; } - BIO_write(hSession->sslBio, payload, payloadSize); - + + if (!hSession->isSetSSL) { + SSL_set_connect_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + hSession->isSetSSL = true; + } + + WRITE_LOG(LOG_DEBUG, "a"); + if (payloadSize > 1) { + // session handshake 5 + WRITE_LOG(LOG_DEBUG, "ssl hs client buffer: %s", + Base::toHex(reinterpret_cast(payload), payloadSize).c_str()); + int retw = BIO_write(hSession->readBIO, payload, payloadSize); + if (retw != payloadSize) { + WRITE_LOG(LOG_DEBUG, "BIO_write failed"); + } + } + WRITE_LOG(LOG_DEBUG, "b"); if (!SSL_is_init_finished(hSession->ssl)) { - uint8_t *buf = new(std::nothrow) uint8_t[BUF_SIZE_DEFAULT64](); - int len = BIO_read(hSession->writeBIO, buf, BUF_SIZE_DEFAULT64); - if (len > 0) { - Send(hSession->sessionId, 0, CMD_SSL_HANDSHAKE, buf, len); + int ret = SSL_do_handshake(hSession->ssl); + if (ret != 1) { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", SSL_get_error(hSession->ssl, ret)); + } else { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok?status:%d", SSL_is_init_finished(hSession->ssl)); + } + int nread = BIO_pending(hSession->writeBIO); + int nwrite = BIO_pending(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "ssl hs client nread: %d, nwrite: %d", nread, nwrite); + if (nread > 0) { + uint8_t *buf = new(std::nothrow) uint8_t[nread](); + int len = BIO_read(hSession->writeBIO, buf, nread); + if (len > 0) { + // session handshake 6 & 7 + WRITE_LOG(LOG_DEBUG, "ssl hs client buffer: %s", Base::toHex(reinterpret_cast(buf), nread).c_str()); + Send(hSession->sessionId, 0, CMD_SSL_HANDSHAKE, buf, len); + } else { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake failed"); + } + memset_s(buf, nread, 0, nread); + delete[] buf; + } else { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake BIO_pending <= 0"); } + } else { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); + uint8_t count = 1; + // session handshake 8 + hSession->sslHandshake = true; + Send(hSession->sessionId, 0, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + } + + if (SSL_is_init_finished(hSession->ssl)) { + WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); hSession->sslHandshake = true; } - return true; } -bool HdcDaemon::DaemonSessionPSK(hSession, channelId, payload, payloadSize); +bool HdcServer::ServerSessionPSK(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize) { + if (payloadSize < 32) { + return false; + } + + if (memcpy_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), payload, payloadSize) != EOK) { + WRITE_LOG(LOG_DEBUG, "memcpy_s failed, hSession->preSharedKey len is %d", sizeof(hSession->preSharedKey)); + } + + + // const SSL_METHOD *c_method; + // c_method = TLS_client_method(); - // 取payload + // SSL_CTX *c_ctx = SSL_CTX_new(c_method); + + // unsigned char word[32] = "0xxx1xxx2xxx3xxx4xxx5xxx6xxx7xx"; + // RAND_bytes(word, 32); + // // unsigned char *p = word; + // SSL_CTX_set_ex_data(c_ctx, 0, word); + // SSL_CTX_set_psk_client_callback(c_ctx, PskClientCallback); + + // SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); + + + // BIO *readBIO_c = BIO_new(BIO_s_mem()); + // BIO *writeBIO_c = BIO_new(BIO_s_mem()); + + + // SSL *ssl_c = SSL_new(c_ctx); + + // SSL_set_connect_state(ssl_c); + // SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); + + + + // const SSL_METHOD *s_method; + + // s_method = TLS_server_method(); + // SSL_CTX *s_ctx = SSL_CTX_new(s_method); + // SSL_CTX_set_ex_data(s_ctx, 0, word); + // SSL_CTX_set_psk_server_callback(s_ctx, PskServerCallback); + // SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); + // BIO *readBIO_s = BIO_new(BIO_s_mem()); + // BIO *writeBIO_s = BIO_new(BIO_s_mem()); + // SSL *ssl_s = SSL_new(s_ctx); + // SSL_set_accept_state(ssl_s); + // SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); - // 取prikey + // // if (SSL_is_init_finished(ssl_s)) { + // // std::cout << "s okkkkk" << std::endl; + // // } + // // if (SSL_is_init_finished(ssl_c)) { + // // std::cout << "c okkkkk" << std::endl; + // // } - // 解密,获得32位PSK - // char *psk = "xxx1xxx2xxx3xxx4xxx5xxx6xxx7xxx8"; + // // cliend hs - // HdcSessionBase::InitSSL(hSession, psk); + // int ret = SSL_do_handshake(ssl_c); + // if (ret!=1 && SSL_get_error(ssl_c, ret) == SSL_ERROR_WANT_READ){ + // // std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; + // } + // uint8_t *buf = new(std::nothrow) uint8_t[1024](); + // memset(buf, 0, 1024); + // int nread = BIO_pending(writeBIO_c); + // int nr = BIO_read(writeBIO_c, buf, nread); + // // std::cout << "ret is"< s + // int nw = BIO_write(readBIO_s, buf, nr); + // // int nwrite = BIO_wpending(readBIO_s); + // // std::cout << "ret is"< c + // // client hs + // sleep(1); + // nw = BIO_write(readBIO_c, buf, nr); + // ret = SSL_do_handshake(ssl_c); + // if (ret!=1 && SSL_get_error(ssl_s, ret) == SSL_ERROR_WANT_READ){ + // // std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; + // } + // memset(buf, 0, 1024); + // nread = BIO_pending(writeBIO_c); + // nr = BIO_read(writeBIO_c, buf, nread); + // // std::cout << "ret is"<sessionId); + ret = ServerSessionSSLHandshake(hSession, channelId, payload, payloadSize); return ret; } if (command == CMD_PSK_MSG) { - ret = true; WRITE_LOG(LOG_INFO, "Session get psk message, sid:%u", hSession->sessionId); + ret = ServerSessionPSK(hSession, channelId, payload, payloadSize); return ret; } if (command == CMD_HEARTBEAT_MSG) { diff --git a/src/host/server.h b/src/host/server.h index d36ec9e5..c4306202 100755 --- a/src/host/server.h +++ b/src/host/server.h @@ -62,6 +62,9 @@ private: string GetDaemonMapList(uint8_t opType); void UpdateHdiInfo(Hdc::HdcSessionBase::SessionHandShake &handshake, HSession &hSession); bool ServerSessionHandshake(HSession hSession, uint8_t *payload, int payloadSize); + bool ServerSessionPSK(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize); + bool ServerSessionSSLHandshake(HSession hSession, + const uint32_t channelId, uint8_t *payload, int payloadSize); void GetDaemonMapOnlyOne(HDaemonInfo &hDaemonInfoInOut); void TryStopInstance(); static bool PullupServerWin32(const char *path, const char *listenString); -- Gitee From b2f1119bc774e9ced0b60afa78adf55cd1d69a91 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Sat, 17 May 2025 19:02:19 +0800 Subject: [PATCH 03/11] feat shell ok but buffer file bigger than 512K is not ok. Signed-off-by: TaowerfulMAX --- src/common/base.cpp | 19 ++-- src/common/session.cpp | 93 +------------------ src/common/tcp.cpp | 201 +++++++++++++++++++++++++---------------- src/common/tcp.h | 1 + src/common/test02.cpp | 48 ++++++++-- src/common/testbio | Bin 29232 -> 29320 bytes 6 files changed, 176 insertions(+), 186 deletions(-) diff --git a/src/common/base.cpp b/src/common/base.cpp index 8dd9ef3d..747a1de7 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -2634,15 +2634,16 @@ void CloseOpenFd(void) std::string toHex(const uint8_t* data, size_t size) { - std::stringstream ss; - ss << std::hex << std::setfill('0'); - for (size_t i = 0; i < size; ++i) { - ss << std::setw(2) << static_cast(data[i]); - if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - ss << "|"; - } - } - return ss.str(); + // std::stringstream ss; + // ss << std::hex << std::setfill('0'); + // for (size_t i = 0; i < size; ++i) { + // ss << std::setw(2) << static_cast(data[i]); + // if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + // ss << "|"; + // } + // } + // return ss.str(); + return string("noprint"); } diff --git a/src/common/session.cpp b/src/common/session.cpp index d2a17bae..311ecb1d 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -992,7 +992,7 @@ int HdcSessionBase::DecryptPayload(HSession hSession, PayloadHead *payloadHeadBe int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) { - WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, bufLen).c_str(), bufLen); + // WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, bufLen).c_str(), bufLen); int ret = ERR_GENERIC; StartTraceScope("HdcSessionBase::OnRead"); if (memcmp(bufPtr, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { @@ -1467,39 +1467,7 @@ void HdcSessionBase::InitSSL(HSession& hSession) hSession->readBIO = BIO_new(BIO_s_mem()); hSession->writeBIO = BIO_new(BIO_s_mem()); - - // WRITE_LOG(LOG_DEBUG, "ctx = ctx"); hSession->ssl = SSL_new(hSession->sslContext); - - // SSL_set_connect_state(hSession->ssl); - // SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - - // WRITE_LOG(LOG_DEBUG, "SSL_new"); - // HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; - // pTCPBase->SSLHandshake((uv_stream_t *)&hSession->hChildWorkTCP); - - // uv_os_fd_t client_fd; - // uv_fileno(reinterpret_cast(&hSession->hChildWorkTCP), &client_fd); -// #ifdef _WIN32 -// int fd = (uv_os_sock_t)client_fd; -// #else -// int fd = reinterpret_cast(client_fd); -// #endif - // SSL_set_fd(hSession->ssl, hSession->fdChildWorkTCP); - - // while(!SSL_is_init_finished(hSession->ssl)) { - // int ret= SSL_connect(hSession->ssl); - // if (ret != 1) { - // int err = SSL_get_error(hSession->ssl, ret); - // WRITE_LOG(LOG_DEBUG, "SSL connect %d,errno %d", ret, err); - // uv_sleep(100); - // } - // } - // WRITE_LOG(LOG_DEBUG, "SSL_connect!!!"); - // pollHandle->data = hSession; - // uv_poll_init(pollHandle->loop, pollHandle, hSession->fdChildWorkTCP); - // WRITE_LOG(LOG_DEBUG, "before uv time--1"); - // uv_poll_start(pollHandle, UV_READABLE, OnSSLReadEvent); } else { const SSL_METHOD *method; @@ -1524,65 +1492,7 @@ void HdcSessionBase::InitSSL(HSession& hSession) // SSL_set_accept_state(hSession->ssl); // SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - // uv_os_fd_t client_fd; - // uv_fileno(reinterpret_cast(&hSession->hChildWorkTCP), &client_fd); - // SSL_set_fd(hSession->ssl, hSession->fdChildWorkTCP); - - // WRITE_LOG(LOG_DEBUG, "SSL_set_fd"); - // while(!SSL_is_init_finished(hSession->ssl)) { - // int ret = SSL_accept(hSession->ssl); - // if(ret != 1) { - // int err = SSL_get_error(hSession->ssl, ret); - // WRITE_LOG(LOG_DEBUG, "SSL_accept %d,errno:%d", ret, err); - // uv_sleep(100); - // } - // } - // WRITE_LOG(LOG_DEBUG, "SSL_accept!!!"); - - - - -// #ifdef _WIN32 -// int fd = (uv_os_sock_t)client_fd; -// #else -// int fd = reinterpret_cast(client_fd); -// #endif - // pollHandle->data = hSession; - - // uv_poll_init(pollHandle->loop, pollHandle, hSession->fdChildWorkTCP); - - // char rawBuf[16384]; - // uv_buf_t buf = uv_buf_init(static_cast(rawBuf), sizeof(rawBuf)); - // // while(true) { - // AllocBeforeRead(hSession, &buf); - // int ret = SSL_read(hSession->ssl, buf.base, buf.len); - // if (ret > 0) { - // WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf.base), ret).c_str()); - // pTCPBase->ReadStreamFromSSL(hSession, ret, &buf); - // } else { - // int err = SSL_get_error(hSession->ssl, ret); - // WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); - // } - // } - - // int ret = SSL_read(hSession->ssl, buf, sizeof(buf)); - // if (ret > 0) { - // WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf), ret).c_str()); - - // pTCPBase->ReadStreamFromSSL(hSession, ret, reinterpret_cast(buf)); - // } else { - // int err = SSL_get_error(hSession->ssl, ret); - // WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); - // } - // WRITE_LOG(LOG_DEBUG, "before uv time--1"); - // uv_poll_start(pollHandle, UV_READABLE, OnSSLReadEvent); } - - // poll_handle->data = hSession; - // StartSSLPoll(hSession); - - // uv_run(loop, UV_RUN_DEFAULT); - // HdcTCPBase::SSLHandshake(); } /// @brief @@ -1946,6 +1856,7 @@ bool HdcSessionBase::DispatchTaskData(HSession hSession, const uint32_t channelI hTaskInfo->closeRetryCount = 0; hTaskInfo->channelTask = false; hTaskInfo->isCleared = false; + hTaskInfo->isStableBuf = hSession->connType != CONN_USB; int addTaskRetry = 3; // try 3 time while (addTaskRetry > 0) { diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 1b1accd4..245ed5a9 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -224,86 +224,9 @@ int HdcTCPBase::SendAfterHandshake(uv_stream_t *tcp) return ret; } -void HdcTCPBase::ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) -{ - WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----5 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); - HSession hSession = (HSession)tcp->data; - HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; - HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; - // CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); - bool ret = false; - while (true) { - if (nread == UV_ENOBUFS) { - WRITE_LOG(LOG_WARN, "Session IOBuf max, sid:%u", hSession->sessionId); - break; - } else if (nread < 0) { - // I originally in the IO main thread, no need to send asynchronous messages, close the socket as soon as - // possible - constexpr int bufSize = 1024; - char buffer[bufSize] = { 0 }; - uv_strerror_r(static_cast(nread), buffer, bufSize); - WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); - break; - } - // 将buf->base的nread数据拷贝到新的buffer中 - uint8_t *newBuf = new uint8_t[nread]; - memcpy(newBuf, buf->base, nread); - int retBio = BIO_write(hSession->readBIO, newBuf, nread); - if (retBio <= 0) { - WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream BIO_write failed:%s sid:%u", - ERR_error_string(ERR_get_error(), NULL), hSession->sessionId); - // BIO_free(hSession->readBIO); - break; - } - WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); - // 将读到的SSL密文写入到BIO对象 - // 这里直接用buf->base是可以的。当然,用hSession->bioBuf也是可以的,只是后面的指针需要注意生命周期。 - if (!SSL_is_init_finished(hSession->ssl)) { - bool hs_ret = SSLHandshake(tcp); - WRITE_LOG(LOG_INFO, "SSLHandshake continue sid:%u", hSession->sessionId); - ret = true; - if (!hs_ret) { - break; - } - } - // 读取SSL密文 - int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, nread); - WRITE_LOG(LOG_DEBUG, "nSSLRead is %d", nSSLRead); - if (nSSLRead < 0) { - int err = SSL_get_error(hSession->ssl, nSSLRead); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); - } - ret = hSession->cntErrorSSL < 3; - hSession->cntErrorSSL++; - WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", - ERR_error_string(err, NULL), hSession->cntErrorSSL); - break; - } - - // 采用直接解密的方案,检测到首字母不是"HW" 直接触发握手、解析。 - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nread) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - break; - } - ret = true; - break; - } - if (!ret) { - // The first time is closed first, prevent the write function from continuing to write - hSessionBase->FreeSession(hSession->sessionId); - } -} - -// SSLPSK server -// 首先,此处一定会多次调用,需要注意的是TcpBase有哪些公用变量可以共享同对象,对象析构如何保障不crash -// 其次,需要注意,此处数据已经是从socket读到buffer包括TLS握手Client Hello的数据,需要回一道Server Hello -// TODO:通过SSL转换为私有明文数据 - -void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) -{ - WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); +void HdcTCPBase::ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) +{ WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); HSession hSession = (HSession)tcp->data; // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 @@ -458,6 +381,126 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf } } +// SSLPSK server +// 首先,此处一定会多次调用,需要注意的是TcpBase有哪些公用变量可以共享同对象,对象析构如何保障不crash +// 其次,需要注意,此处数据已经是从socket读到buffer包括TLS握手Client Hello的数据,需要回一道Server Hello +// TODO:通过SSL转换为私有明文数据 + +bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) +{ + if (hSession == nullptr || hSession->ssl == nullptr) { + WRITE_LOG(LOG_DEBUG, "hsession ssl is null"); + return false; + } + if (!SSL_is_init_finished(hSession->ssl)) { + WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); + return false; + } + WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); + bool ret = false; + HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; + HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; + int left = nread; + int sslRead = 0; + while (left > 0) { + int retBio = BIO_write(hSession->readBIO, ioBuf + (nread - left), left); + // int retBio = BIO_write(hSession->readBIO, ioBuf, nread); + WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); + // uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); + // NOTE: here the encrypted data always bigger than raw data, so it will not make data out of range. + // int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, retBio); + int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf + sslRead, retBio); + if (nSSLRead < 0) { + int err = SSL_get_error(hSession->ssl, nSSLRead); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); + } + ret = hSession->cntErrorSSL < 3; + hSession->cntErrorSSL++; + WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", + ERR_error_string(err, NULL), hSession->cntErrorSSL); + // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + // Base::ZeroBuf(bufToZero, hSession->bufSize); + // SSL解密失败,注意清理这段数据。 + // delete[] buffer; + break; + } else { + // WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, + // Base::toHex(const_cast(buffer), nSSLRead).c_str()); + // if (memcpy_s(hSession->ioBuf, nSSLRead, buffer, nSSLRead) != EOK) { + // WRITE_LOG(LOG_DEBUG, "after SSL_read memcpy failed, source buf len: %d, target buf len: %d", + // nSSLRead, nread); + // // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + // // Base::ZeroBuf(bufToZero, hSession->bufSize); + // ret = true; + // // delete[] buffer; + // break; + // // 内存拷贝失败,直接break掉,记得先清理这段数据 + // } else { + // memset(hSession->ioBuf + nSSLRead, 0, nread - nSSLRead); + // // 如果这里拷贝ok,那么就继续往下走到FetchIOBuf了。 + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf + sslRead, nSSLRead) < 0) { + // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + break; + } + sslRead += nSSLRead; + left = BIO_pending(hSession->readBIO); + if (left > 0) { + BIO_reset(hSession->readBIO); + } + WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); + ret = true; + } + + } + return ret; +} + +void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) +{ + WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); + + HSession hSession = (HSession)tcp->data; + // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 + HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; + HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; + CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); + + bool ret = false; + while (true) { + if (nread == UV_ENOBUFS) { + WRITE_LOG(LOG_WARN, "Session IOBuf max, sid:%u", hSession->sessionId); + break; + } else if (nread < 0) { + // I originally in the IO main thread, no need to send asynchronous messages, close the socket as soon as + // possible + constexpr int bufSize = 1024; + char buffer[bufSize] = { 0 }; + uv_strerror_r(static_cast(nread), buffer, bufSize); + WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); + break; + } + + if (hSession->sslHandshake && memcmp(hSession->ioBuf, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { + ret = ReadBIO(hSession, hSession->ioBuf, nread); + break; + } + + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nread) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + break; + } + ret = true; + break; + } + if (!ret) { + // The first time is closed first, prevent the write function from continuing to write + Base::TryCloseHandle(reinterpret_cast(tcp)); + hSessionBase->FreeSession(hSession->sessionId); + } +} + void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { WRITE_LOG(LOG_DEBUG, "ReadStreamFrom ----4 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); diff --git a/src/common/tcp.h b/src/common/tcp.h index 6de49da2..af35b2e9 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -23,6 +23,7 @@ public: virtual ~HdcTCPBase(); static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); static bool SSLHandshake(uv_stream_t *tcp); + static bool ReadBIO(HSession hSession, uint8_t *ioBuf, int nread); static int WriteBIOToSocket(uv_stream_t *tcp); static int SendAfterHandshake(uv_stream_t *tcp); static int HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); diff --git a/src/common/test02.cpp b/src/common/test02.cpp index ab3432cc..0550f9a0 100644 --- a/src/common/test02.cpp +++ b/src/common/test02.cpp @@ -127,7 +127,7 @@ int main() { nread = BIO_pending(writeBIO_c); int nr = BIO_read(writeBIO_c, buf, nread); std::cout << "ret is"< s nw = BIO_write(readBIO_s, buf, nr); } @@ -150,7 +150,7 @@ int main() { // s -> c // client hs - sleep(1); + // sleep(1); nw = BIO_write(readBIO_c, buf, nr); ret = SSL_do_handshake(ssl_c); if (ret!=1 && SSL_get_error(ssl_s, ret) == SSL_ERROR_WANT_READ){ @@ -184,19 +184,53 @@ int main() { if (SSL_is_init_finished(ssl_c)) { std::cout << "c okkkkk" << std::endl; } + // if (BIO_pending(writeBIO_c) > 0) { + // std::cout << "?/" << std::endl; + // BIO_reset(writeBIO_c); + // } uint8_t buff01[12] = "hello world"; - nw = SSL_write(ssl_c, buff01, sizeof(buff01)); + uint8_t buff11[12] = "happy world"; + nw = SSL_write(ssl_c, buff01, 12); std::cout << "write " << nw << std::endl; nread = BIO_pending(writeBIO_c); + std::cout << "nread " << nread << std::endl; + + memset(buf, 0, 1024); + nr = BIO_read(writeBIO_c, buf, nread); - + nw = SSL_write(ssl_c, buff11, 12); + nread = BIO_pending(writeBIO_c); + nr = BIO_read(writeBIO_c, buf + nread, nread); + - nw = BIO_read(writeBIO_c, buf, sizeof(buf)); - std::cout << "read " << nw << std::endl; - std::cout << "Server: " << "Client: ["< 0) { + // BIO_reset(readBIO_s); + // } + nw = BIO_write(readBIO_s, buf, nr*2); + std::cout << "read " << nw << std::endl; + uint8_t *buff02 = new uint8_t[1024]; + int nwrite = SSL_read(ssl_s, buff02, nr); + std::cout << "read " << nwrite << std::endl; + std::cout << "Server: " << "Client: ["<_eOJE>Y@sx@n=+3&eO-rRYaht=-> zv!7f(lk?8^{J7`-c=x^g-pt|ifu?gyJRYXXIQB_K+>SW{@k@d6X?XzRXASHq{GG+T z>r;MCgY^;BD=ZLZmzUbv_|%) zqN+d19eo;Pe>!OmWK)xDs*VbOv`b=ApubuE{Z zx)&cBzVlYCVHlP^!elqHlC6SQ{zx`e%1Qs7`n$|+xspM5py zP~2ogI#kG?9CDjqh$GUW{-|I#GLM%r!s_s;$LHzrQ=JRmGB2;Zb@DQ>MavvGKBkD| zXTXZ#`&{sP1X4`@As76|Xk;<{^)CKrx%jyTol?wCz(xNB7yoa%;FB=0#r*%lrQbST z>V429&evV~VU`Pij7vN_TV8*&a@WH%5|HII()=vS>UOUL9N?4Kvf+*cp$RNh_GJOp|fdqKd1VTFqoQaYZ;` zc80BvcspxtZ8A3}B376mCBv2(ipOH%kVW1kx@`4YSV0o$>If&2DQG9TItgOo&HOl$ zG$XNyWp2RVWJg$dR+iyzvpr}9xnd$56vB;g8BQeP2}WUsqLFaS(!-)EgP~BkOOJ)X z^^rLD)E+lGg0c2wM{tt}pQ__twd#ncMnY!COisFzn^aeXg3;*uU}zJUtM;hSNl(UR z>z&hhfytXe2cq}rD2eDh86A<6mZhtfo9nkwUlA0t5>aMe(rTR^i(4Iu_-4*TlZ~NP z%jXMq1QVu}2u3Ubfj|qeh3kXKNXU#QEmYOnxY}G@V+L9mnXOj6*&4PEXWtq;ypz+- zmKCcIiD`zqyL~=it*8n$MPeHpTkFi$dULhU3%y`2=!XuNJIPnp zpjRdvSELU_8K<-$DdL zHJTf{yUi|4_INB9jaXaED{6%I7Pww4N6@r@wOSa%zi$Xbt1*D}X7h>=#n@^UHYwj! zmvM3JB)c;{Vkb-cR;w-)PuXoMQr!p4%Lba48zRwYW9vdb8e;Cy@Z{UtidoFeHL=Z+ zSi9L0PNq6({R(vlY2`p)Ur8)(VncE{>kLL>QUU8xcf?{i$#4P_33Y9O2n$sR=V-?! zb3-r^Ww1>qqjbl+kd8x%EnQaJW|LNXXx=hZE3z`F~XqkZ>ESIfayY!q!(}xhaleKFhsH?7BRLJ^tmR9)^ z+&9y|@$yLVrMPDv$0o2c(20-|e}t_wo*jwf@zPdUmjIc>{dm}9+;w}Tv;?*!BV;x1 zRp`Fmi%;{(TP87RMuAcBz;?ZqH-n!Vi5$gHk0r62ZoC<{@e|qAlD~)ZWh^cE)CrM^ zw9B{&JQb>Mk(7DCd*^k*emvWu$xj_6AE(L3vw)P7zn}kb6Szt22NJtt_!eA&C$Re^ z{~697!5){qb;_5qbu3}ef#*eDch!D!>&XHxbKu`vBJc_a?w9&i4!qef{j^Cc2rHBP zLdW1VgtUb2VJu zuTVGAzD*T%zd|_e8t&EbHVvPp;T;;T-|u&6 z_=%c+w}zjj;afF)j)q^a;d1HW(rp_42~Gc24L?Q0cWC&j8h)pS(_TrHof>|c0zr3a zc#VelX}C|r#}3DOV5|qmdSI*v#(H3^2gZ6}tOv$=;2-IMKbL>}J)`IKG9y#^tFsw1 zdi$)Bk^M%`qh))!+mZSupJZ%kWX>5N6~V(V>Ao zHcuPSp@ARSJZ(IO2EJkQwBZ~YxY6cmqd7Eijm^_0YG~jyHcuPNp@E>y(?)-2;6j_H z4d&3mQk$oZ<Av=K!6ZJsuOXur+V#t-ec zdD`%y{WebHfCtQ&C`Yq?YDV)kb?HxJZ;R-ew(Ka8QQOS%-$Eyq}jWi@%alr zbw(lI>EOc-{xS!@#=)<2@Bs&ZmV>W%@CzLL90&g~2Vd#nk8<#(4*qX={HC}69S8r0 zgMZb*zu@41;ozTi@Q*q8haCL94*vTN{@V`zb_c)R!Dk(OuYEQM$apQ&8q{xKHpD_>{&HfR!1t2h34BE zs>^3yhe?kGJbTtsAV#)y36aIaRwb79zbqC@`^1rhN{)9+hT;ovdpplsye20o9JJ+1#+&!XwZQuEdrJ!d7L$&B=?)?_1d z)_1_hN3!Tf2U;AJ_~b9jt*JE=GPMeO1m#rw$tFH3!lwpKVG9 z9$%hbx!=eH0QcuQ;Lu112EiXN9-tSCk@j%RNLTdx%PhQP+UK9lARF9G4JCuk!eH3Q zti&hq_yb-pc#34NLAHzdpX}8_sBwg#s($0IcGY?JRfX;k=bYzY{+{05O~bgKrm>L?^zHVd^C`A3kiYDjK7>X-?Rh#P!sYd3EC0xcgZIaA z6qZm%@7{s?1KGQOgCN(ygYM6Di7@BFW$q-2trJ*{Xb|^|06xW~y$u581gQVNsg~_R zH%o3%rx5Z}rG_e7AsqUJloObKTR1cb6%C_9yJ07bh6!=yP5FksG0ZEGf~RmJBpXKY z=S&I+-ft1!o8dCILSj7vTPxz=4xo7zm-e;^loOzL@LIMD-7L95!-SAG>>}Q9iS*}o zf$i-p-`;m!pEVCF=_(%9J{%ogF9z@kZczEpb@_OOiw5$I8dDAzQ*9SNakpw+~S`61S7rYfe|eDuT8=?UW}eS9;4@v9;5e}ErXb@ z9il}<9w0Nj-*>+|GSc5WEKmRb-b3~ggDz$x>+c;ekL)h#&;17?K?mG~4k*8FFD+GS z9`xtF2U(iC?0JYBd#n>P+vz~+h^6G)e;FC+87@gp*ad6$TInvTOLpfJEKg`4n)>iU zIzoL2)5ui%Im;*fFF4XmQ}KQ>eSrS#ru%x*-wf|*-k8jGY7$l~*#&&=rum>g0~hJu zGI&5ucVop9b*_+gE~6UKk7RgL#M5(U)S7qx(@_K(pOx#~y zZ%~-R--^86Pr2USjEF3>-^d2Gs`y3V&(fF^O0~V1yOIntl_%n@qC7Wt5yBPvbFaTM zGLqTOTWNO!pWwpR?NCkgA;$2i(;>$}8ne+uNIGH&Uw+$t2v=c;Bf9etUQW=Eyp1>z zaFp3T2B$_Arf&39#hAz5< zpWnQT-Xug0J=v>7>HgLQ@HxnVaor`T0J+I~XKf4cPFSfFx z?-uf~`g8L{l=t8zm7H#k94Ru8ZE%ceTu#zwhA22XJr8q|F5u1Ltr_MGK+^mW1L=|K7|1Jx9tQF`?A7^+^IR^djLE$i$jfcx`}2B>xgG|RFD1nW@*Eof z{6OZ=G7RL6c>gcE=wxys2l5g~oh{bR$VpHgbw+-QgK`z^K)8ix%)4)mcB!2WJf3Xn zQ+RA4#&RQ%tUqT`poQJHjyIOpxcj9#y6<$M2k_QBI9nO#yKkm#d}UtmJp_llu#8w` zign*OI#cr9_wQtoscga5DrEQlfe_h!)49}MtL7sL{aXA8p4Es(Ud!$Kb5{y?}@UQK^)&miic(V??i%+K8-kkj*lJV8pX z=UD7bs)5hjY^letVWX_UR5g%>s9~L`;TQO>i)`wrMGd28-8FFToX9l@RkkhxJGBO{ zyr)R>r=Ti(rjucjEBW{Tq#BSv{W9WyCOf%A)y|g~S?ynWljVx>4xa3Z*eH5x$?-T);KuqVDN4icRM_Ix+Io`PXOyrgIM-I>{cb zA}4Y>H$f`u%}&K_l)6u8&iCVcybJiso-JK&H|U$(Uw`g4a$h)0ZYBSj$|?C8zXK(4 z!#Lv&Qt$18fBR}e492G|U*~bqO7~7CAX~a0w^gDOPm^_iLe)tcV&0r2>bxC~+GHzh zNhw>Ju&v+Xvi{rv4}q4L^Q8quR|uC+i&~&JKd*Ne*TVqt;Oy?_O%T`qdk3jr z`}XKkGRRbp&j*ba4REG&6Pj?QO%Xi_Q`pvxVLzS3#SsCE&T$X%ZrKhdpxnF z*ni7o!V*V@V$`3f#`4pyU8-Yt+^6)&lhFGy>18VCb5Hy}W)CT0nX_xzDr@N$){y;b zf`|YvL&{~o>NdOT|IF*1!SzN>INlFp!Y$_$-JWpN9|-I#ct|bBZ!Qmv6#8@PAmy7K zBeRB{R!rp&bIPy#4Mua|8T_#yS_u955oTC2M281?W3j7(9ke(YE|Uo89E&VVe25uV9{BWK) zP7DkeK_@v-D89QtuSdb+ao=z{^|p}-3};wo&D-f;Vl015(>k+eI9)<`J`PudsKbE2 z9g`0=z4Syeoq8p`<{-S~GXAP`;7}%T5cSZDESwSabhD?gN}O2RfMwPk%miNHp&V00 zo-_%6RH>WEfYI;Pk5c$$b`ABf)?ZHf0%b{T8sKfYVyWeQ~c=VM;RRlTqbwtHDLyutD^{5B46 zou-dF<68(758_zEiz6ckK!;z#1qF>QdwFD}3Ut>iBO`slzwzqG2>rhPq~DK>G=uhl zZUdc=!?hiB10K*(=R64N1^oqR4eVb7Z3gw=(R3H+v7p;PmxJyEy#jPU=x;y=LCf$| zyaN8JKo5da!Lw0bJXf|bPj`i9`s4{^vaRgw6PBF1@TA#5x&1oO!Goxi09nYdg-;InP8kD7l%=@Rxv2@U~WJTr|2;qHmkuARl+oOmtHhrdpqwqq9Cbrc;xS}|?+ zEOyP5VYIR5*lE9+#daQhD-55hn)co-_T}U6MV(JipLXkPmYwmv@r*s&kX+hU!k z-$v^^{T7AVy7a8wlTmp9`o?he_pw8x^N>i@W4?e<~Iz}p9PZi*K?ocH6sCKYVPIB&OG z^3USM9TjX<3giO)-}|fbl{r1ucm?8@v{}+NNxLN7D(N;!cSyQZ(mqM|OL|b!K}nIE zj+Y8ay^_{Q>X)=x(l$xEB;6|MHc59#x>M3VN%u>7P|`t3RkE6j*&+_Fq&1TIC2f|p zP0}t&w@SKA(jAiSl(bLM{gR4WKKkFXwnAIvZdl@-yJmeVW~ID7ACfNAEbyf`>$|$P zwz{V76bTpFIXMr2@$4=BT_asa^P6%b+#pXRuN2bWrIc~k!7g;vyNBb)urfamP*glG^5bLJL_eW<{BQjD7Kn&juO?PsaP zCrex|PmI8V9~l;&l%Eb%{4P@Z&K5$p4uRe5u6!4t%4;4T-CDJInDZ=FDU9P2e)FzD?r;eXN~dQR$z`{T$Dn>+?d6pI~3l zlzt=dV-%y&OI`5IF8G&R@VkIlu<5L-O>>Sz$`e>Duh$bUetrjhHayKgL-_GYcNMsh zd*Pq8Nk9^}{CIP4!JI-Z_6tS0<)sdIv3{WZoyG7gfzOtQi=s|HJ-EHrzhLDt3p zFQuOW=|{!08&c*zu|?i-aX>!SZ%7yQ3n@JR@u zSiL8@;AgtvQ!x*z-&9^**?sJXF8Ur^AdA%-aKSHi!BZ~ymtFAhy5NryUV^)Juj*kz ze+r!DkMsO}&c)A(xX~`wt|c6=V3R)~{PJh2IK13NzgOySlKS)vmC9FL^dAIH^O>C~ z^k|)>@>_{NBXpAGRSI+fhI>%?QwL$4X5-%V3LX5bxUGR%t@Pzd5 z?B}ap^#9ET{|j*Hhs)0pF>R2c&BV|a8<(?PaMJ}(x!@V#URjq;?r_oH4V>cqxno=o zxcK>l3r=5(E7q>#fs_A7Wk1Z9K~=lxuX4e=q@O|QN4;D5tcyNt4J9mJbsYKDg6kuu z72L=GB(2nj4b>r*&r4}qok*7$k0I-!X(B=6#%O$fFlx42@kG)Lrn*@u-q{rmTj6%3 zNh_+sGf0}jL?XDwL`KNO7PcV~>QS+ZFQ)ti>KymYB0@6 zobpmq#=S)*vOZeT#o_L7C}lz8Gl* zV=2nH*i`F7+rt}zsiE3LOHO@zC`LCd`ni{vQqxsIHLhZ$H^H6<~W4l!xl!xnNG zHu)Btt(fFjATMIONXUwx43bupZ&B;&7PGl^h1s|~uxfSV>WhKaVOCMvR-_H3IUk{P zir|nM7HLx96Ui-8AuPXG*(Zv`=N5tQbO3mfEO`-al~2YNRVpxBC?Y5)UtL8*$-7?u`Uv6R_zLq z0hLZ4p6b{!pkktmB(1hSO;ed9*L7t07#GcU{C6iRF6<{7*ncz!@Mw=8Dbug+M&*}w z^qV?Ykk;BE(U%=ca9rSwhJk;1$Z15E04*V|Fyd)!`Bee42g$?L`YrMo7a5ul$n`67 zP>%|z$XYG0E8?3^#jY#3sOXE2o@LzGv`gx(xDoC?r=I7nZeG#R$xWTP$48kV9W+)W zo|-rmKr&)GQ88s?_R;!|r9U=m9pEd!Op9F5R4i0TXHFfRz?~(sV)HQceB_Q0R0EM1 z+#$)Q33mug6M2kP6~)s<7sm8ahce$Al(yO7vmi}1^&z^?v05UdGdd7g^}^iPg^r3O z)b?vxl4&xJ?i)4#BZa;WmkGZhv9w=ha^}~P#OTNo_}`m4pGL6g>4t7!*b(l=B4+3F z=3gI_7f_LB-!ZmoI?yE&_xUuL92yjH9mJa{^LoJ`sPyLreZs1fTRN@adQdANXootA z#PI(Gbg^n=Ee}^?15(|Uh$FQ*zUP>S)~6!)FJmI@5<>Fo1+>NE>K(yk2di%15Jr{@TCr+uLp!m% z)VK5>>3BM<=n)Pc)AQo|f1%X-T`A_e>X_(>_}~$qZSVH~ACWEb<(EU)ihn-y-eLkq*^+dPUWHeX>6R zAE*5{fKi_)|I7=9ikJVTCx!*ZIe)$esc!G}3Ux*MRKuhf^_)r3I~?{0XA4C|m7X-m zlP^&e-3eB&e^A;hs(&|_ER~(2_dD#>b8bbG>cJ`*qbNJU;b%QK(Cb&v^A*M8w1VR7 zzsID#-A#U}F6kd6tB4vu#XpGys$bdX{6eDWw*+hdb=LnpB)a{!r9xHFuPMjUgR}lu z9rp8=3q?h{q@5yEmtNilLtpKnbC?(PUb;!J&i+>QD>@Di>8m5kUcCpekoHPXc+1a! zg_pygVp8_%J!qA*$LoNCqU;nn1IBdjD0}sOQvE-8HM0Nc{HLPqRlB|iOs`*kFK6v4 zuFmcxp;nZ=qH`eE?OB^tZWdIn6Uv3MQ~W#_6Q<(#w+Ts=vUk+)7h?NwjjX@MM#O=# zpXb1pJDobF7`HHF{d4K!fHD)GQ}9vot9H@&sMv96m#$02;lDagKvl0&q}Q0m?91uG Mg0k3Q;9%MR0Fh$Kq5uE@ delta 6931 zcmaJ`4R}=5nZ9>2lVrk#%p{rIi~*B?kN_d!pGc%lfRu>_2#c{%Gz8@*&=^9EmfGqN zA(e3$p2QD??Y58Ds+BEWn?`q8)}@2ChPK$o%36HZmY;%Nus=kphAMma{mwaeW(e+{ z=gIlbdB5NDednHg=VZru{m19@p8V{V37Tltl4zGU^iF=>UFnz8%HDS>GKO;HWGI)i z_41k~r<~eU^UApnl8QfXy_|dRzLusdy&!ezhObgdRVt}UI-vi?cf4Ba#3_XxtH%9b z7B8hp=}Re;kS4^4yEPm-=@tN1=I8O(TwTswAy9pGsO6pLiSzJf5>wBuW35C zcM0wRA^DcT(?x$p^cMGYEHz(0FXoz%%NClCivAyj{*bV%3uK!>QmLlV&|_l!u;|-` z42k}#=pPsT(}Mf2${I(uQH&c!zgKYA(3@!$`pcxJFQyi(?**ZGfunK$3>BiI%W?z# z$d*sb*QTlBaPqhX>7Dck=nnUq{@2{MJE(X~b^kq{=XBQtZEM$dkUsiE$e}qjr_r>1LnCKHe_mWvsz)hd!NEqb!%Ty^OwXtU3*B)AG~3MTSJ&# zm~-O*#w%VC=0#IFpzqY8alTWVf$_Z@5j%YAMK(Q3`zNLJ(C}V|h8#Sv=9|SlReM>@ zJ10Gvu3=?A!<-vCG!&2L(xC$mX`{Ei_`#VB0#*fru51$}DW$NtD!_Z(ZiB1jh@a3j z`n}f(WZ5jx(@EUPl<6}9Wl7viN!+P4-)GcKOX7N4C%m&6?=UyeadIi5gH5}K}Z#NKo1 z5$LERRLJDhX6PKs@njlFI;HdsP!nh%39Y0zf#&CWG7FN>AnCa{k${d(LYrth&@Dg< zlh9UL4fF+|#YyNE>IHfd==dZQ`39Qq_he2;LXmHvl|W0AP~_W>eEU6tDM{#|q?MOb z)Nkk&{eAvr85Hwxf3j#?`mJBkv=6NbxAjjh`nF>&Mptjqw5-BKn)XrFjep1dxvFdD z-yJdEGh!YcG4CERf26Aa!ni62Jv(9Stt;kf+U0fSS%uq0#KGwNE+E0E>tQB04|n>5 z5!W0ZcgH&2*6FOmtt|MOqL5!M{jN#3YR97o~TgW*%= zQaV+Vm!HP-SA)^+mjAJ=;I^1I{B|%rVD6{P((!s3O)s6`S(wj`1pEQrTRKaBp7xe5 zNF{c6gie)?aU9d=YH7d-!gnyzEeLGH#QqZ%PC(*_j_zl!GDJRsx!cqT4 zSW(9F{*EEolJS0C+-oLu%^-7Ob*r@61SxZt!rCO(BK->kkX$FY-K`Q81ZedY_OfTC z6ppeTIF;OAvx91=nYT%c9g-^uST9S9TNssV;o%W39BWQwrAYS{YM-1Rl0yE`iDhuK z<|cLz*&hf~wOh?*1w18z9c+N@Lxu#awkH_DALjkTY`+mAOSVc(1pH00A}Mkj*vmtaA#s+w(XLf+%>@wQjbIvRsJ!-=7uFZ@oZN4hGEc+BTGlwz!G$%ESjE5dX6Y z6K*yUb$y8Q8Qy-XIq^m}U#9(2ZVJ`zL#+D_PGp33qcDK;eWqF}}AG3K5GO~wz6ab6r7F#GRYQW;* z?nTUty7J=oUlaxh%&)Qi@T(CKB0qk=GdtNq7*C$-FF4LQ9DvJgIkqIB`e7@i1m8#q zmRv7*Q{3Q-2{{Xq2g9#LWN7yd2BWq6Mf5W4Pes`Pv9D8RA4^C4PvEVo((qSCRcO&}w;Q{&%+za9V1yXi1@NB9-YG5_*1yXT@Mm#%h)inmI{ z%bPA3in?x#M{rKK954^E^9%WAg8l|R9&T~&Rt zkPD$oB9QBU#VK;?2q}Ur9D~wixBdl7o=3}2gNH#yZw}9odCUj z#*^)q}1A-3j`~_buxs&=pwPXP^f_$KY4k ztDt4jKM7h7`WMhPe*a+K?F5}T9fN}y+zWaf^cd)$Kre%OV91Gw`CSL?su`ybQeTbX z+VTg>+D~uPd@`6P+ft^2+fq_iWyIsT1qm*KKi(K|nOhU??goF^UoGp7WWGaYoY(VB@Vmhmzff%- z4MLwv78T5zU3eC?iMWkF=V<-zZ(+N<<}o6<+6SH|F@D@@9LUvLb$%=M!-&!EwKXwUCYzF{WZ(89C|4&Ut!!(I8(Ak6)}7Z>u}(D?7^Az*otyJ zo%&W(=*Q{I3L{`&xZ3t+;s=4Q-JrFS@AeXXEp1NAr>@(Lz!Shf?+)<$e0@3nFu3F3 z;Hq*go+p^Rg6&wO6=+(EZC}#=VlCfi!X}>0YKc0@=PJ}I_=3~997z+Gk8K!a!}N=M zzN7ID=eAkggB}w7d!kRJH*qsMN%Xgneupu=4%b^8*6|Txokc#_W}Vt|+oVYix1o(j z;73a9u+kET2PA$jxF3OA>?qK@EmDb(B5qkUbcYdW##YF7_%wURNuCDF;ObqX9~Avr z(O(w5hl;;!=o7dPT*dl0widM!REXL>A#+jm<OM97?i498rqVqT|&(y90^1J<|?ioRL&ozw@UhsU(_E~lS$pB=HT zqe2F+vAc}GMWmc%b}Reh%!dz4SSzG6kg3U(GBG71&V9(#Gq=BEWu23LwW_G!(Xu|p zC$7<}7uVMJi|C0U-y3k(XK3*;D9jD?=bKM;^ za@IksH_i2V7Ri}S>uGsI4!yEz4CQxt$=o!}ZC`g6QE|sy+6T0?W18DO(JJYgj=4Vj pNN-&#t?i==9hPG_gD!5K Date: Tue, 20 May 2025 22:58:08 +0800 Subject: [PATCH 04/11] psk send ok but encrpty failed. file transfer crash with 200M file. Signed-off-by: TaowerfulMAX --- src/common/auth.cpp | 44 +++++++++++ src/common/auth.h | 2 + src/common/base.cpp | 20 ++--- src/common/define.h | 4 +- src/common/define_plus.h | 8 +- src/common/psk.cpp | 60 +++++++++++++++ src/common/psk.h | 5 +- src/common/session.cpp | 91 +++++++++++++--------- src/common/tcp.cpp | 158 ++++++++++++++++++++++++--------------- src/common/tcp.h | 5 ++ src/common/test02.cpp | 41 +++++++++- src/common/testbio | Bin 29320 -> 33416 bytes src/daemon/daemon.cpp | 25 ++++--- src/host/server.cpp | 121 ++---------------------------- 14 files changed, 346 insertions(+), 238 deletions(-) diff --git a/src/common/auth.cpp b/src/common/auth.cpp index bc848923..3cdf9420 100644 --- a/src/common/auth.cpp +++ b/src/common/auth.cpp @@ -988,5 +988,49 @@ bool RsaSignAndBase64(string &buf, AuthVerifyType type) return signResult; } + +int RsaPrikeyDecryptPsk(const unsigned char* in, int inLen, unsigned char* out) +{ + RSA *rsa = nullptr; + EVP_PKEY *evp = nullptr; + string prikeyFileName; + int outLen = -1; + do { + if (!GetUserKeyPath(prikeyFileName)) { + WRITE_LOG(LOG_FATAL, "get key path failed"); + break; + } + if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { + WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); + break; + } + unsigned char tokenDecode[BUF_SIZE_DEFAULT] = { 0 }; + + if (inLen > BUF_SIZE_DEFAULT2) { + WRITE_LOG(LOG_FATAL, "invalid encryptToken, length is %d", inLen); + break; + } + int tbytes = EVP_DecodeBlock(tokenDecode, in, inLen); + if (tbytes <= 0) { + WRITE_LOG(LOG_FATAL, "base64 decode PreShared Key failed"); + break; + } + out = new unsigned char[tbytes]; + out = new(std::nothrow) unsigned char[BUF_SIZE_DEFAULT]; + int bytes = RSA_private_decrypt(tbytes, tokenDecode, out, rsa, RSA_PKCS1_PADDING); + if (bytes < 0) { + WRITE_LOG(LOG_FATAL, "RSA_private_decrypt failed(%lu)", ERR_get_error()); + break; + } + } while (0); + if (!rsa) { + RSA_free(rsa); + } + if (!evp) { + EVP_PKEY_free(evp); + } + return outLen; +} + #endif } diff --git a/src/common/auth.h b/src/common/auth.h index c477c61a..8489be0d 100644 --- a/src/common/auth.h +++ b/src/common/auth.h @@ -27,6 +27,7 @@ void FreeKey(bool publicOrPrivate, list *listKey); #ifdef HDC_HOST bool RsaSignAndBase64(string &buf, Hdc::AuthVerifyType type); bool GetPublicKeyinfo(string &pubkey_info); +int RsaPrikeyDecryptPsk(const unsigned char* in, int inLen, unsigned char* out); #endif // host @@ -37,6 +38,7 @@ int GetPublicKeyFileBuf(unsigned char *data, size_t len); // daemon bool AuthVerify(uint8_t *token, uint8_t *sig, int siglen); bool PostUIConfirm(string publicKey); + } #endif \ No newline at end of file diff --git a/src/common/base.cpp b/src/common/base.cpp index 747a1de7..066e9966 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -2634,16 +2634,16 @@ void CloseOpenFd(void) std::string toHex(const uint8_t* data, size_t size) { - // std::stringstream ss; - // ss << std::hex << std::setfill('0'); - // for (size_t i = 0; i < size; ++i) { - // ss << std::setw(2) << static_cast(data[i]); - // if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - // ss << "|"; - // } - // } - // return ss.str(); - return string("noprint"); + std::stringstream ss; + ss << std::hex << std::setfill('0'); + for (size_t i = 0; i < size; ++i) { + ss << std::setw(2) << static_cast(data[i]); + if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + ss << "|"; + } + } + return ss.str(); + // return string("noprint"); } diff --git a/src/common/define.h b/src/common/define.h index 8be392b0..90ab4168 100644 --- a/src/common/define.h +++ b/src/common/define.h @@ -55,6 +55,8 @@ constexpr uint8_t STREAM_WORK = 1; // work at work thread constexpr uint8_t STREAM_SIZE = 2; constexpr uint8_t FEATURE_FLAG_MAX_SIZE = 8; constexpr uint16_t TIME_BUF_SIZE = 32; +constexpr uint16_t BUF_SIZE_SSL_HEAD = 22; // 22: SSL head size +constexpr uint16_t BUF_SIZE_PSK = 32; // 32: PreShared Key size constexpr uint16_t BUF_SIZE_MICRO = 16; constexpr uint16_t BUF_SIZE_TINY = 64; constexpr uint16_t BUF_SIZE_SMALL = 256; @@ -62,7 +64,7 @@ constexpr uint16_t BUF_SIZE_MEDIUM = 512; constexpr uint16_t BUF_SIZE_DEFAULT = 1024; constexpr uint16_t BUF_SIZE_DEFAULT2 = BUF_SIZE_DEFAULT * 2; constexpr uint16_t BUF_SIZE_DEFAULT4 = BUF_SIZE_DEFAULT * 4; -constexpr uint32_t BUF_SIZE_DEFAULT64 = BUF_SIZE_DEFAULT * 64; +constexpr uint32_t BUF_SIZE_DEFAULT16 = BUF_SIZE_DEFAULT * 16; constexpr uint16_t MAX_IP_PORT = 65535; constexpr uint16_t MAX_CONNECTKEY_SIZE = 32; // usb sn/tcp ipport constexpr uint16_t TIME_BASE = 1000; // time unit conversion base value diff --git a/src/common/define_plus.h b/src/common/define_plus.h index d032bd76..c78bc6c4 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -214,7 +214,7 @@ struct HdcSessionStat { // bytes successed send to hSession->dataFd[STREAM_MAIN] std::atomic dataSendBytes; // bytes successed read from hSession->dataPipe[STREAM_WORK] - std::atomic dataRecvBytes; + std::atomic dataRecvBytes; // 维测值 }; @@ -266,6 +266,10 @@ struct HdcSession { BIO *writeBIO = nullptr; HSSL hssl = nullptr; uint8_t cntErrorSSL = 0; + size_t saveBIOLen = 0; + int readSSLStartIdx = 0; + int availSSLIndex = 0; + std::mutex sslTaskMutex; bool isSetSSL = false; bool sslHandshake = false; @@ -281,7 +285,7 @@ struct HdcSession { AuthVerifyType verifyType; bool isSoftReset; // for daemon, Used to record whether a reset command has been received HdcHeartbeat heartbeat; - HdcPsk psk; + // HdcPsk psk; uv_timer_t heartbeatTimer; HdcSessionStat stat; diff --git a/src/common/psk.cpp b/src/common/psk.cpp index 0414075e..1c82951e 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -249,4 +249,64 @@ void HdcPsk::SetSupportPsk(bool isSupport) this->isSupportPsk = isSupport; } + +int HdcPsk::RsaPubkeyEncrypt(const uint32_t sessionId, + const unsigned char* in, int inLen, unsigned char* out, const string& pubkey) +{ + BIO *bio = nullptr; + RSA *rsa = nullptr; + int outLen = -1; + const unsigned char *pubkeyp = reinterpret_cast(pubkey.c_str()); + do { + bio = BIO_new(BIO_s_mem()); + if (bio == nullptr) { + WRITE_LOG(LOG_FATAL, "bio failed for session %u", sessionId); + break; + } + int wbytes = BIO_write(bio, pubkeyp, pubkey.length()); + if (wbytes <= 0) { + WRITE_LOG(LOG_FATAL, "bio write failed %d for session %u", wbytes, sessionId); + break; + } + rsa = PEM_read_bio_RSA_PUBKEY(bio, nullptr, nullptr, nullptr); + if (rsa == nullptr) { + WRITE_LOG(LOG_FATAL, "rsa failed for session %u", sessionId); + break; + } + unsigned char signOri[BUF_SIZE_DEFAULT2] = { 0 }; + int signOriSize = RSA_public_encrypt(inLen, in, signOri, rsa, RSA_PKCS1_PADDING); + if (signOriSize <= 0) { + WRITE_LOG(LOG_FATAL, "encrypt PreShared Key failed"); + break; + } + out = new(std::nothrow) unsigned char[signOriSize * 2]; + if (out == nullptr) { + WRITE_LOG(LOG_FATAL, "alloc mem failed"); + break; + } + outLen = EVP_EncodeBlock(out, signOri, signOriSize); + if (outLen <= 0) { + WRITE_LOG(LOG_FATAL, "base64 encode PreShared Key failed"); + break; + } + } while (0); + + if (bio) { + BIO_free(bio); + } + if (rsa) { + RSA_free(rsa); + } + return outLen; +} + +int HdcPsk::RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out) +{ +#ifdef HDC_HOST + return HdcAuth::RsaPrikeyDecryptPsk(in, inLen, out); +#else + return -1; +#endif + +} } \ No newline at end of file diff --git a/src/common/psk.h b/src/common/psk.h index da458d10..851a74e1 100644 --- a/src/common/psk.h +++ b/src/common/psk.h @@ -24,6 +24,7 @@ #include #include #include +#include "common.h" namespace Hdc { @@ -49,7 +50,9 @@ public: SSL_CTX* GetContext(); void SetSupportPsk(bool pskStatus); static bool GenerateRandomBytes(unsigned char *buf, int len); - + static int RsaPubkeyEncrypt(const uint32_t sessionId, + const unsigned char* in, int inLen, unsigned char* out, const string& pubkey); + static int RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out); protected: SSL *ssl; diff --git a/src/common/session.cpp b/src/common/session.cpp index 311ecb1d..7bbc324d 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -610,16 +610,12 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) #else Base::CloseFd(hSession->dataFd[STREAM_WORK]); #endif + SSL_free(hSession->ssl); + SSL_CTX_free(hSession->sslContext); + ERR_free_strings(); + EVP_cleanup(); } hSession->availTailIndex = 0; - if (hSession->ioBuf) { - delete[] hSession->ioBuf; - hSession->ioBuf = nullptr; - } - if (hSession->bioBuf) { - delete[] hSession->bioBuf; - hSession->bioBuf = nullptr; - } Base::TryCloseHandle((uv_handle_t *)hSession->pollHandle[STREAM_MAIN], true, closeSessionTCPHandle); Base::TryCloseHandle((uv_handle_t *)&hSession->dataPipe[STREAM_MAIN], true, closeSessionTCPHandle); FreeSessionByConnectType(hSession); @@ -632,9 +628,13 @@ void HdcSessionBase::FreeSessionOpeate(uv_timer_t *handle) StartTraceScope("HdcSessionBase::FreeSessionOpeate"); HSession hSession = (HSession)handle->data; if (hSession->connType == CONN_TCP) { - SSL_shutdown(hSession->ssl); - SSL_free(hSession->ssl); - SSL_CTX_free(hSession->sslContext); + // BIO_reset(hSession->writeBIO); + // BIO_reset(hSession->readBIO); + // BIO_free(hSession->writeBIO); + // BIO_free(hSession->readBIO); + // SSL_shutdown(hSession->ssl); + // SSL_free(hSession->ssl); + // SSL_CTX_free(hSession->sslContext); WRITE_LOG(LOG_DEBUG, "goodbye"); } #ifdef HDC_HOST @@ -819,11 +819,12 @@ HTaskInfo HdcSessionBase::AdminTask(const uint8_t op, HSession hSession, const u return hRet; } + int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo) { StartTraceScope("HdcSessionBase::SendByProtocol"); - WRITE_LOG(LOG_DEBUG, "SendByProtocol buf:%s bufLen:%u", - Base::toHex(reinterpret_cast(bufPtr), bufLen).c_str(), bufLen); + // WRITE_LOG(LOG_DEBUG, "SendByProtocol buf:%s bufLen:%u", + // Base::toHex(reinterpret_cast(bufPtr), bufLen).c_str(), bufLen); if (hSession->isDead) { delete[] bufPtr; WRITE_LOG(LOG_WARN, "SendByProtocol session dead error"); @@ -837,24 +838,42 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int if (BIO_pending(hSession->writeBIO) > 0) { BIO_reset(hSession->writeBIO); } - int retSLL = SSL_write(hSession->ssl, bufPtr, bufLen); + int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); + if (retSSL < 0) { + WRITE_LOG(LOG_WARN, "SSL write error,ret:%d", retSSL); + int err = SSL_get_error(hSession->ssl, retSSL); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + + } else { + WRITE_LOG(LOG_WARN, "SSL write error,ret:%d,err:%d", retSSL, err); + } + } int sslBufLen = BIO_pending(hSession->writeBIO); uint8_t *buf = new uint8_t[sslBufLen]; int retBIO = BIO_read(hSession->writeBIO, buf, sslBufLen); - WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,return SSL:%d,BIO:%d", retSLL, retBIO); + if (retBIO < 0) { + WRITE_LOG(LOG_WARN, "BIO_read error"); + delete[] buf; + delete[] bufPtr; + return retBIO; + } + // WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,return SSL:%d,BIO:%d", retSSL, retBIO); // ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); if (echo && !hSession->serverOrDaemon) { ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); delete[] bufPtr; } else { if (hSession->hWorkThread == uv_thread_self()) { - ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, bufLen); + ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, buf, sslBufLen); + delete[] bufPtr; + // delete [] buf; } else { ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); delete[] bufPtr; } } - + + // ret = pTCP->WriteToSSL(hSession, bufPtr, bufLen, echo); break; } @@ -895,7 +914,7 @@ int HdcSessionBase::Send(const uint32_t sessionId, const uint32_t channelId, con { StartTraceScope("HdcSessionBase::Send"); HSession hSession = AdminSession(OP_QUERY_REF, sessionId, nullptr); - WRITE_LOG(LOG_DEBUG, "check ssl ok is %d", hSession->sslHandshake); + // WRITE_LOG(LOG_DEBUG, "check ssl ok is %d", hSession->sslHandshake); if (!hSession) { WRITE_LOG(LOG_WARN, "Send to offline device, drop it, sessionId:%u", sessionId); return ERR_SESSION_NOFOUND; @@ -1044,12 +1063,12 @@ unsigned int HdcSessionBase::PskServerCallback(SSL *ssl, const char *identity, u // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); // int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); unsigned int keyLen = 32; - WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", - Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", + // Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); if (keyLen <= 0 || keyLen > maxPskLen) { return 0; } - if (memcpy_s(psk, keyLen, pskInput, keyLen) != EOK) { + if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { WRITE_LOG(LOG_FATAL, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); return 0; } @@ -1070,8 +1089,8 @@ unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char } strcpy(identity, "Client_identity"); int keyLen = 32; - WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", - Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", + // Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); // unsigned char key_bin[32]; // unsigned char *keyBin = // int keyLen = HdcPsk::HexToBin(const_cast(hpsk->psk), key_bin, sizeof(key_bin)); @@ -1080,7 +1099,7 @@ unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); return 0; } - if (memcpy_s(psk, keyLen, pskInput, keyLen) != EOK) { + if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { WRITE_LOG(LOG_INFO, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); return 0; } @@ -1240,7 +1259,7 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) // HSession->ioBuf是读到的buffer存放首地址指针。 void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) { - WRITE_LOG(LOG_DEBUG, "before uv time--3, sizeWanted:%u", sizeWanted); + // WRITE_LOG(LOG_DEBUG, "before uv time--3, sizeWanted:%u", sizeWanted); HSession context = (HSession)handle->data; Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); buf->base = (char *)context->ioBuf + context->availTailIndex; @@ -1252,12 +1271,11 @@ void HdcSessionBase::AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv { WRITE_LOG(LOG_DEBUG, "before uv time--5, sizeWanted:%u", sizeWanted); HSession context = (HSession)handle->data; - Base::ReallocBuf(&context->bioBuf, &context->bufSize, sizeWanted); + Base::ReallocBuf(&context->bioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); - buf->base = (char *)context->bioBuf; - // int size = context->bufSize - context->availTailIndex; - // buf->len = std::min(size, static_cast(sizeWanted)); - buf->len = sizeWanted; + buf->base = (char *)context->ioBuf + context->availTailIndex; + int size = context->bufSize - context->availTailIndex; + buf->len = std::min(size, static_cast(sizeWanted)); } void HdcSessionBase::AllocBeforeRead(HSession& context, uv_buf_t *buf) @@ -1458,10 +1476,12 @@ void HdcSessionBase::InitSSL(HSession& hSession) // WRITE_LOG(LOG_DEBUG, "TLS_client_method"); hSession->sslContext = SSL_CTX_new(method); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcSessionBase::PskClientCallback); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); @@ -1476,10 +1496,12 @@ void HdcSessionBase::InitSSL(HSession& hSession) // WRITE_LOG(LOG_DEBUG, "TLS_server_method"); hSession->sslContext = SSL_CTX_new(method); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcSessionBase::PskServerCallback); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); @@ -1525,6 +1547,7 @@ bool HdcSessionBase::WorkThreadStartSession(HSession hSession) // InitSSL(hSession); // pTCPBase->SSLHandshake((uv_stream_t *)&hSession->hChildWorkTCP); uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamAutoBIO); + // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocBIOCallback, pTCPBase->ReadStreamAutoBIO); // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStream); // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamFromSSL); regOK = true; @@ -1856,7 +1879,7 @@ bool HdcSessionBase::DispatchTaskData(HSession hSession, const uint32_t channelI hTaskInfo->closeRetryCount = 0; hTaskInfo->channelTask = false; hTaskInfo->isCleared = false; - hTaskInfo->isStableBuf = hSession->connType != CONN_USB; + // hTaskInfo->isStableBuf = hSession->connType != CONN_USB; int addTaskRetry = 3; // try 3 time while (addTaskRetry > 0) { @@ -1910,7 +1933,7 @@ void HdcSessionBase::ParsePeerSupportFeatures(HSession &hSession, std::mapsessionId); Base::SplitString(tlvMap[TAG_SUPPORT_FEATURE], ",", features); hSession->heartbeat.SetSupportHeartbeat(Base::IsSupportFeature(features, FEATURE_HEARTBEAT)); - hSession->psk.SetSupportPsk(Base::IsSupportFeature(features, FEATURE_PSK)); + // hSession->psk.SetSupportPsk(Base::IsSupportFeature(features, FEATURE_PSK)); } } } // namespace Hdc diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 245ed5a9..ea506272 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -119,6 +119,7 @@ void HdcTCPBase::SendUDPFinish(uv_udp_send_t *req, int status) // } // } + // @brief: if hs ok then SSL_write of SSL_read bool HdcTCPBase::SSLHandshake(uv_stream_t *tcp) { @@ -396,70 +397,62 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); return false; } - WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); + // WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); bool ret = false; HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; int left = nread; int sslRead = 0; + int retBio = BIO_write(hSession->readBIO, ioBuf, nread); + // WRITE_LOG(LOG_DEBUG, "retBio is %d", retBio); while (left > 0) { - int retBio = BIO_write(hSession->readBIO, ioBuf + (nread - left), left); // int retBio = BIO_write(hSession->readBIO, ioBuf, nread); - WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); + // WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); // uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); // NOTE: here the encrypted data always bigger than raw data, so it will not make data out of range. // int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, retBio); - int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf + sslRead, retBio); + int nSSLRead = SSL_read(hSession->ssl, ioBuf + sslRead, retBio); if (nSSLRead < 0) { int err = SSL_get_error(hSession->ssl, nSSLRead); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); + if (err == SSL_ERROR_WANT_READ) { + // WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ"); + // hSession->readSSLStartIdx += retBio - BIO_pending(hSession->readBIO); + hSession->availTailIndex += sslRead; // if read half, the next read will start at this index + return true; } + ret = hSession->cntErrorSSL < 3; hSession->cntErrorSSL++; WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", ERR_error_string(err, NULL), hSession->cntErrorSSL); - // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - // Base::ZeroBuf(bufToZero, hSession->bufSize); + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + Base::ZeroBuf(bufToZero, nread); // SSL解密失败,注意清理这段数据。 // delete[] buffer; break; } else { - // WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, - // Base::toHex(const_cast(buffer), nSSLRead).c_str()); - // if (memcpy_s(hSession->ioBuf, nSSLRead, buffer, nSSLRead) != EOK) { - // WRITE_LOG(LOG_DEBUG, "after SSL_read memcpy failed, source buf len: %d, target buf len: %d", - // nSSLRead, nread); - // // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - // // Base::ZeroBuf(bufToZero, hSession->bufSize); - // ret = true; - // // delete[] buffer; - // break; - // // 内存拷贝失败,直接break掉,记得先清理这段数据 - // } else { - // memset(hSession->ioBuf + nSSLRead, 0, nread - nSSLRead); - // // 如果这里拷贝ok,那么就继续往下走到FetchIOBuf了。 - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf + sslRead, nSSLRead) < 0) { - // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - break; - } + // WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); + // 如果这里队列无法消耗完,会给BIO累计超过150K的缓存,缓存超了这里就crash了 sslRead += nSSLRead; left = BIO_pending(hSession->readBIO); - if (left > 0) { - BIO_reset(hSession->readBIO); - } - WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); + // WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); ret = true; } - } + // 什么时候从头开始读 什么时候从中间开始读 + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, sslRead) < 0) { + // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + return false; + } + // hSession->availSSLIndex = hSession->availTailIndex; + // if the unencrypted data left half, the next read also start at this index. return ret; } void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { - WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); + // WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); HSession hSession = (HSession)tcp->data; // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 @@ -481,9 +474,10 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); break; } - - if (hSession->sslHandshake && memcmp(hSession->ioBuf, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { - ret = ReadBIO(hSession, hSession->ioBuf, nread); + + if (hSession->sslHandshake && + memcmp(hSession->ioBuf + hSession->availTailIndex, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { + ret = ReadBIO(hSession, hSession->ioBuf + hSession->availTailIndex, nread); break; } @@ -561,17 +555,10 @@ void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) { std::lock_guard lock(writeTCPMutex); - // HSession hSession = (HSession)tcp->data; uint8_t *data = buf; int cnt = size; uv_os_fd_t uvfd; uv_fileno(reinterpret_cast(tcp), &uvfd); - // if (this->enablePSK) { - // SSL *ssl = SSL_new(hSessionBase->GetSSLContext()); - // if (ssl == nullptr) { - - // } - // } #ifdef _WIN32 int fd = (uv_os_sock_t)uvfd; @@ -579,32 +566,15 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) int fd = reinterpret_cast(uvfd); #endif - // SSL *ssl = hSession->ssl; - // if (hSession->handshakeOK && hSession->connType == CONN_TCP && ssl != nullptr) { - - // WRITE_LOG(LOG_DEBUG, "SSL_set_fd"); - // if ( !SSL_is_init_finished(ssl) ) { - // int ret_hs = SSL_do_handshake(ssl); - // WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret %d", ret_hs); - // } - // } - constexpr int intrmax = 60000; int intrcnt = 0; while (cnt > 0) { #ifdef HDC_EMULATOR int rc = write(fd, reinterpret_cast(data), cnt); #else - WRITE_LOG(LOG_DEBUG, "WriteUvTcpFd fd:%d, buf %s, size %d", fd, Base::toHex(data, cnt).c_str(), size); + // WRITE_LOG(LOG_DEBUG, "WriteUvTcpFd fd:%d, buf %s, size %d", fd, Base::toHex(data, cnt).c_str(), size); int rc = 0; - // if (ssl != nullptr && SSL_is_init_finished(ssl)) { - // if (false) { - // SSL_set_fd(ssl, fd); - // rc = SSL_write(ssl, reinterpret_cast(data), cnt); - // WRITE_LOG(LOG_DEBUG, "SSL_write ret %d", rc); - // } else { rc = send(fd, reinterpret_cast(data), cnt, 0); - // } #endif if (rc < 0) { #ifdef _WIN32 @@ -632,4 +602,70 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) delete[] buf; return cnt == 0 ? size : cnt; } + +int HdcTCPBase::WriteToSSL(HSession hSession, uint8_t *buf, int bufLen, bool echo) +{ + if (hSession == nullptr || hSession->ssl == nullptr || buf == nullptr || bufLen <= 0) { + return -1; + } + if (BIO_pending(hSession->writeBIO) > 0) { + BIO_reset(hSession->writeBIO); + } + int sslBufLen = GetSSLBufLen(bufLen); + uint8_t *sslbuf = new uint8_t[sslBufLen]; + int ret = 0; + int left = bufLen; + int idx = 0; + int sslIndex = 0; + while (left > 0) { + // put huge buf into 16K size series + int seriesLen = (left > BUF_SIZE_DEFAULT16) ? BUF_SIZE_DEFAULT16 : left; + int retSSL = SSL_write(hSession->ssl, buf + idx, seriesLen); + if (retSSL <= 0) { + int err = SSL_get_error(hSession->ssl, retSSL); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + break; + } else { + WRITE_LOG(LOG_FATAL, "SSL_write err:%d", err); + ret = -1; + break; + } + } + int pieceBufLen = BIO_pending(hSession->writeBIO); + int retBIO = BIO_read(hSession->writeBIO, sslbuf + sslIndex, pieceBufLen); + if (retBIO <= 0) { + WRITE_LOG(LOG_WARN, "BIO read fail"); + BIO_reset(hSession->writeBIO); + ret = -1; + break; + } + left -= seriesLen; + idx += seriesLen; + sslIndex += pieceBufLen; + if (sslIndex > sslBufLen) { + WRITE_LOG(LOG_FATAL, "sslbuf overflow"); + ret = -1; + break; + } + } + if (ret < 0) { + delete[] sslbuf; + delete[] buf; + return ret; + } + + + if (echo && !hSession->serverOrDaemon) { + ret = this->WriteUvTcpFd(&hSession->hChildWorkTCP, sslbuf, sslBufLen); + } else { + if (hSession->hWorkThread == uv_thread_self()) { + ret = this->WriteUvTcpFd(&hSession->hWorkTCP, sslbuf, sslBufLen); + } else { + ret = this->WriteUvTcpFd(&hSession->hChildWorkTCP, sslbuf, sslBufLen); + } + } + delete[] buf; + return ret; +} + } // namespace Hdc diff --git a/src/common/tcp.h b/src/common/tcp.h index af35b2e9..a7de6ed6 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -31,6 +31,11 @@ public: static void ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); static void ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size); + int WriteToSSL(HSession hSession, uint8_t *buf, int bufLen, bool echo); + inline static int GetSSLBufLen(const int bufLen) + { + return (bufLen + ((bufLen / BUF_SIZE_DEFAULT16) + 1) * BUF_SIZE_SSL_HEAD); + } protected: virtual void RecvUDPEntry(const sockaddr *addrSrc, uv_udp_t *handle, const uv_buf_t *rcvbuf) diff --git a/src/common/test02.cpp b/src/common/test02.cpp index 0550f9a0..525c763c 100644 --- a/src/common/test02.cpp +++ b/src/common/test02.cpp @@ -218,18 +218,53 @@ int main() { std::cout << "Server: " << "Client: ["<zW1DS&pr3P`+oAyKYHp{<+)r;l`-s6M%?bX0;!P|+D&o;q=qeKXW;KF z=4PjXAImXOUn2-=MLCj}O~*@o3@GUp(?$+DL%>W?gI|O#lA(AMvOAf}%@|>o_*LQeg8#Yph41P&6x};%1=yTrE)1WQ zqvm;Fx$r{{coiJUCBNSR|0z0|OTNXy{wxPOw<0LH?06jHk2=`@qXRw>1DnhKTMlt+ zcWC!<2R~0Z#9@{LewKqjyB*s7*ul=(4*rxl^y_O5xZk1Ou@3kY2RrvT$WL?V?~4xd zNe8^kVSK;ofEPO0xzj=ZCl2z@JM?$6!?<)i$cG&8?>n@+)nR-g&fNIf%X1F?oC`s> zT^RfV2YemyT>Hx^2mB`v_(=!$6U1wZ0r(kn^lOFX)ZuCd= zc7Lob+{&7o>h-OWK+Mm#qW+lf3x`5}UyQ6tbVc(zXrU(1(dLgtJ0TtA;#3jxZ{^#8 zs2&IfV){n>jkfuPWu@uw(p$YTFBgpXy`pjxO!^~{aDZ|1fzAn zrdWBougx3LV-as42EgN418h-?HyZHi;b;s^wbwQ4&1Jf$sakJ}Rq0Ls*s1iJyr(vD zvA*WY)$l~ueO+DU<>eKkDYO&_ZK`Xk)SIgG=5pQRfsd=3!ojE~z`d>XhgySwx5M0s z+1O%hW3qEOVj%jkqTF+%&|e$~M|G(BE9)@LRw|sFYh1OaDcq!!w;^vkiC<~y+~3vS zA~-}X>YKW{^bSn+aL5}B#J1@-mI>=?V0wuhK|KbnDTXop+lJ8Bi~+3D8?W?{k4>@c zE}30*7#GJN8Nv9JL6-VWu}WXK)96!<=00IwE~a_8F%S&aH7(+!A?6MZkJ;BI%wndm z4Q&mCTJ<&lXlFaEU%oCctsIE;O~m3P)+d*667n~TiNiqa}}RikG$Ei=%A=8AReYM0mP<#2%;S+@=qm8BKc*=)I$ zrByx;=gstQtlUz3KF*oPuyJfW=mgXff0`jPmYt66u~JuP=K-0>?YP(^oOQcoZ60)~ zj*w=YtI&D78^6X2woPP^3<9I#f^LhfZv;Oj5IBROotVV#zVjZO#!q0kNd8gIk7seo zcb*fNKvx-egQr66Rm(azcy~z$^vAN@mih}v)Q_>$k7XWNPxfB?(PnTH*$*XlWR&L~GL_+$fR?3e{FvEXS7zR-dXTJTZ}K5W4&EO?>x zpH4sKS#Wi}LSdxqHdWO53gL7ur%FdiY>fj^r!s_eS#S)TQMOxfoI)C9hXuzel2LY9 za5c14d9MYhSgW$zf|F0GJZ!<$m{Hvx3x2v12Hk7HvEvw}&w@`fP{s~haO_A%>9^o# z8Yp8&EO>zhKW4!TEqL03ThC_)E%@0M`C$uA*Y`$|^MPU`Z%Og0@fQ3uhA`F-3qI9? z7hCXR3+}ey(=7Nr3x19TFSFp&E%;&!uI{x_b&Un5YXMa>3x1vgK^rajObfowg1asF z1`9sRg11?4>-m0%1)pP)@3P?MTk!1`e69uGVZr6n!)te0@XuQ0@3r9bE%(0_xc3rF4FgbH+Z@bME?z* zE&$PggQp8W^xxp=f)D*Sc)HL-{|%ll@X&vQrwhBG0hhtk1>MlVyC13kyE*^5!P5mC z`fu=b;fDSjJYBG%{{~MNYUsbg(*+v(Z}45rX3g_qqz=gFMJ%E0s~J=1LHHtHuC*Q>C^hZeHl$R)>*Pv z>s}UtB-7$=#wKZrW#0vp-gYvRNw;D#J(PbGZMfD$*Jz*g2ezV;Hr7H92csG-esfxj zcOKK?YmdYmUaF6K4zG+i^lJ$Z;8eN|2DP|n5d0BsA3azMwE9C@yf9TWK8A-(hiWD< z)D1pC9VLaWLSa}-G~nksywA-mo};?ssM|~YFArK=D6_esntuC3qiNH8aklv*R`WYY zns3r>J#iR^Of9}&!xF2-e^$du?_!WvEira3t#9aHy1Y+I_H5vlsq}1WMY7#}g<7)c ze60Ig{AKDzC->{%lXMFytpSf8(&DeBFU1n5rFz!E1S;6^Tb`stb9yQXJY_K^jO^n5 zcuGqoxkCxAr@0OnJjMzh>m!S=q-T)DL=U;Db*Ek05-t=y*J2EwjX@8jXTK%Sy1A4K zisXuR3D+<9atPxNj7K5aD>}-%a}ShuDU;}4HRmz>ty+l)Pi)@tSu|c+{GdhdOdf_K z6p?OpCjCR=Wdn)z!{!jzex63bjZv@#JiYm^P>J^plb;DeVC`vcxQCI$d&|1;v=={Z zUj_ayqOG{650mwo6|bwt-;2AtXdwG(B5O%c-xF?xpS0hXoULl(#GiXy(@|~rW8mkiq-J+Hgs6HSJ&LdQGj5dvqoi92js*CP2J9d1S zHzF&Z#i@Yo82O)GPY%I)udrSQlj%B%-72uf!Vhi$l3(PtJv9R51n7gjm0ls6Bs1uk zsN@}6%R4TSRQfTnJ$(heeYf?+O0bsJbGHs*Ym!F{;8?Cul*B28@>iHBCfjH+YBO<` zVd9ruCzU?HeJZ-bH1QfC$^0EPWc1LJc&x|L2{Mbb@^iHKfqfY)`Nt>Xofob9fJ^KC zgG=lA^|nDwS55SY$Uagt;{NytnM|suUoHTto|lZRBgWQ$$t@!!sr1j_2?B680#I<< zv$R;Ld5}tf4|Q>FvU@)ncE#o-dTB$-h{fcAKW8%C!+D+K_ClK-&)->G(tPov-LOG555hTJAo?p^rA z?U{1#2vyjtGv$8CGkb&(pBW3bB?)NG(w`eL3}mhiDHWN+y+l z{ryZP(aXDQM1#+CVeu|V$9rh3E#rKYgEV*}$C7pr(a$kb{k06P&4($-Ef(8HVy!Q|<#eiUUzXxZyCOAJJS;qs5QTyGbok zR99n+=&OV%nN+#}Y@(O<%^1<~X4m^rZH#C!$5ZKvJRYAkqWOPv9?>ms6~vj`vs8Mj zaCG-&hND#+$uXk!FpT--u-iT{qYP9%>K8OBcM7LgQ1Zol) zQZlLZG6>jLEXzLn4v&v*A6)_yV!cIRN3QVy`R+)Qmi^-yaw(br5=9p+ zGvfFQLX=D@{r(^c7{}|=;EwfpeIM>{ro@nz2gJJj9aDBYV^7+8@BJM*}@Xl0?l>NLbYh&N0%7US}9r>IsLAKar=xWKV|2P+r zQ=Sxabl{G6R0qr*QtS#^a#EgZoi94F+28Ok%QfWr>8i`Cd52QzRj3vV#zV3W6TMu3 zVikAE>zxH~Pe|TjN{-`_a=mx;X%6#xBJCt<&hmNvLv#f5`kJLiTu%_9WK!vK!3qbG zQ*h3uPHM``fIh=x!Q++8FEV--<0ez-Alb{FE&=j3QS`edMx$FHB+f41K0)F=jj(SV zXoxZPEq)^P7Np`mZ-`^;{kXd*_AMsc9DZB2NfKfLy-#i=ib7_aV+cv+uQ0Tq;&rL? zKB0}e>9P)E@t`tkt}ovfJ%ijw(}V|*yP3;jB)D_dap1iWrwHAH)U-IsBKKZPUqEV! zqURSIA!#K<$>4f};*#ho%RL`II8O0Mi+FrZdXvl_KNEI}Ooq3!kT(KJP(0Vi+%g6ozq~br^}s9!58JnKbt#SkIl(=F99a@`VSvZ7sO4fK*c3mgU2L@S z7_UpEe<-w3S74g_XJyiC`X1p82dJC7!H5Yg W}MZ;Ue^f^$eMQFO4{ zaBm$U=3Iy)GFaOmO?e)d%lM;+YcaxWUB>6YCF5kQF!x|SIY2VvdL_q^ybukk#Z2w_ zWJ#`RF1V$Z()_Wq-^u)&xZ|mG1lnSyDllWRUVvgr5n;NPhlz&mXL!yaV^_uH0eL^<=wNEr)i z*l^-Uyopr$A@rRu;^vJ14*8WRI@fgKClKo1PZF#k-hlghIdv#qwdcIUPTEQDV#j52ZV|>`B3TJlVKOM@5%!RTDzIJb-mxe;~{aTxk8(#;| zbBzMvIv^{=vMML_N$#OMoYfmnJ;+U`(%(e2m?jQOaqz#DQ(q?k6Gb25?OW;8E>cb; z+syFqqcM^#pGBJLp!VN*L?^;gB3qurTh5vYZfb#FW*n5_Sam*x8QWM5^LC52n4X+Q zNHYH_qm`$5T`Ij_Xru00)8xY=O+F~RfgCgCwsW~$3m)&XSnzJAu~IuEAHDgcmMHo) zUMrM=+C+$wNu}?76Su_aP^2Z+(jC_+{DySFZHrut4a~u(r7+@4dQ&lK?I6!?}YurjB>EvCSnoC51j zfjkJL7n0Mr{(^2aUsrp>dg~*G!uZW6 z`7OAoFJ|5SyyB3S$iI|hsq|_zx68b%{RG)~5^b^cS1~YVbE2t)=j0sEa1L~$4Tazb z{iYlq$rR#w$Z)*#JuTrGPO!w<_u?;O)PKtNthK}OJi<*s92J7j3T}Gh67PH?zV;Z5 zr4u#9anH$w=NOu4ffjZ)@D9((g2xCF)1Tg%Fy4}Ynb9&Dfzb$zMqo4oqY)U5z-R=vziV2c3aH{u*=v^wXgA zpdW(5UDGFx8@~&3 zgyYFB>whtm;s39B<+wtU!<$z8`vQxf%VheX&(17db!PDu1rxW9-_9;OXX%BD&Yw+k zq<=kr{r#B?S0oUH@ECrFf$t%GS*Wd@`27o>3E<{FW1ce$Z_itC#%T?32rSh1sS_-01fV^lyWmu@8VzK4{%z#zbA*4$0Kx_gT!x?HGu$U$Mwt@s%;%W5=|A29ng@ z&td$^&>x!LhOH~O89rXuqh80;q0d|E^TdFX{+CeSi+VipH1!*WK0$aDu;5ZG7T3Mx zdLfU!org_8TW0OVg0XMH)I%4tzfS1EzOeI*sc&7#o;`!MUoD)vqlEp-sjydm~ z##r}-Q=ePFes^IK@}p%m0;3TajlgIGMk6p9fm267eXmP>pG$p@OMQP!Y2$Fq3w>LR zisI>8WLBQOEoSBE+h|svzJ*3*k|2z^#fJKpQ)R8-`8ft{1_h57-FQ*wrg&9M@UouH zPpHtjCzba<&hRhj?7=w$71=Bslma+q;N_UCr|TIizn6k^Z9|1#7@&f8G_s0RW9vc! zR;L}~#|oa#o2k$>6BWFY!^^{y1yy*B?2z)iO$L^(v8br_@k%W(N)G>>hW8KR9KstH zoUft(tBit+G0q$Pmi$Zff16S8-wU$p1^R#YSADPCZn4ZQkQzxFCEXxthosvj-6iR6 zN%u(FCuzT=$0Qw;6d$MOrBG70q-B!UNZKgr21z?4-7e`aNq0-SN76n?`z1Xl>7bOosl$c~S38Yc1Va8%S&N?wd#U<9AqVm2OZZW{ zYMoU04s5s>F1Y0Sqwt5Yk<0&|aQPYRYFoPpIDQrz-zY37e_oUL1RMU5#80>3v!Lk0 z7nmp7@LGvalDJ%+7_BoTUueVWUIO7$Z1`gmFSg-FB|gK3=jRDKZW~@A@$+r?)e@g) z!|8k0dzFXpDHvEvpD{c4*i7&R{pTYbi`=7JnwGywf;hQ9`NnEYRNsbpY`*$oK z08aBKe3=+uer=7-7bUKayXtu7H2)`H;9R&HqcsaV*1x&t+f+W#XET*wLCIgp?M!3# z^?4D;&oPc?O1=&_zdxe@Nw0Ijw>scoaljt|UdX1i;*RVFC{IAH?|MJ$VCVP1XTwrM zjj&TL%@yK6?uLD4v+wkM{JA(_PNp8)#=R1Ft~gNsj$HUnz-MQ7iF3VNzL5QKo~WdI zHdMauVCQuQyZ|RKx!S$R0bk>Q`+-l+n{Iq(Rd|E@kiaRPGin5);`uwwTdW!^eu2Qd zr9#rd{>#$N>C%q!neN%BZE1p&88|VT1%K3cQ`P>p7*%3;GOjnm_ja_Z0^_b8w=at6xhwUdSeWR@mkDOtE=`gM5#a-z??n9x0W7c94G@ zIL&8wt&rpQK(YC%#9x)`v)mooFz{UY1J1-a(t2fIPo{Hx23seO@1hlii;uhFOnR9E z{sjj-BJJDbe2atpw;k|51E)CLQX_oXC|#O~q0KcempS0N1K#O?CxE+UTUPRrgZvY~ z$*(O0=C5C@>wz%krJyhFSL?|75DPBxclmvtu|POfabtP?qNslhK1lCW+u@Bk*DgV= z-WfWjg(|at3DOFLIw|KueMLF??%(L`494_e7@x222nPecZM-QY6R1M=4u2P=;=sr4 zL$PRm`68Yv14uB4&)_@Dl}owUwvJOsRR}46)aN~wm~51CV?_KLKe5r42n0V-3NiDC zK2eHnouUJkq6017)=vA#t>W?9pL4ElWy$O^2M&w0k6$x4J$sm%dFRyNDUZXcQU8&ct^sH{KYyJYz zO3W%s+k&(qH0J}9P5~TJ!yruxY$CZur;qbx0c7;Jy#A`?we?WxY|-m<{o3-28>5@W zgXtAAB}!v8aw)(ja#l3@{-Lq$AFubj)5`O6(O@i9WHB4Xmh1InU z_*jLqf7Pm0O&+8#sa;<0fd=L1sIg>4;8|CUTrf4+i4^GZIz1E50b3Hg*lKk@Pc~ys zwvyGLO2=YXLoN^RYMy#UuS2qtRqe5jLGPw$6FKda$|B3KPDx;5t$~o<8I>7uDAi0> zMjczD)InR?8kI2pj|!MQNFJuv zZ;`(!$IyI2t{;(uYJ@{M)@pfN5pO=_IXasZa zZV3CLHh&iuF(aQBe|=CMKt-NC+t{k+tgMdgnWS=tQ1+x{H3@6DeZ`ak=hLJIhs&QX8WSW_ID@%a!go)Hjz#5n@DDy|iU4Yf^n$PJj}E_>SpXiHef zZpBJ*8QPAkOL^7%=?OjGrCT_-P0x!xFSL5TE33Jz+9o;&KitAI^quk_lPne7cFQW& z;H>)gJjmx~Nz*f)>{4gbSI@N+b!Ur@(7y)t_?%Q&^E&}}bz=B)fz&zThsN@3-{ zl2h~+)YCI;#jEGoimCx8|EVj=e`%H_u|Z>E=*t^1HIl05>Z*OEuloNrslQwrRL|)Z zRnPTFpWZ#N>)#KIVxsIbHyA2z{+I3;W)=JVxev8geYabPE83?zCatLZOo~2a(?2#_ z2r8=Nq&n_=iK6Hpu-5hmrM{xpcYjG!=_yK|uCeN?``n6t)fNDyN4BUuiJw(p-OpDP zx6`tUJ$_G1eIrbbQe4v0$+)Gc@l(*Rut6e9Up+Td^gBvWQhWQqwdwD)%Kw@UskcE=Tl+NvHvX2$_R9=J zY!q)0w8Vxhb5?4bVq8O$`t#`EfHD)m`S>aSRljI_l<(LyO2=lg`7PTHsM=M6ld+LY PzhIk?SYlJKvFv{Ukh38X literal 29320 zcmeHQe|%KcmA?~+1VIy&NEBKI6pI2e6A}!lbr42hBw$RSqM|RuWFS)}GwIA53AS1^ zX6tmEF1Dg}tzEkPq1)P)T6NJ?45Gwt)uOeP)>_eOJE>Y@sx@n=+3&eO-rRYaht=-> zv!7f(lk?8^{J7`-c=x^g-pt|ifu?gyJRYXXIQB_K+>SW{@k@d6X?XzRXASHq{GG+T z>r;MCgY^;BD=ZLZmzUbv_|%) zqN+d19eo;Pe>!OmWK)xDs*VbOv`b=ApubuE{Z zx)&cBzVlYCVHlP^!elqHlC6SQ{zx`e%1Qs7`n$|+xspM5py zP~2ogI#kG?9CDjqh$GUW{-|I#GLM%r!s_s;$LHzrQ=JRmGB2;Zb@DQ>MavvGKBkD| zXTXZ#`&{sP1X4`@As76|Xk;<{^)CKrx%jyTol?wCz(xNB7yoa%;FB=0#r*%lrQbST z>V429&evV~VU`Pij7vN_TV8*&a@WH%5|HII()=vS>UOUL9N?4Kvf+*cp$RNh_GJOp|fdqKd1VTFqoQaYZ;` zc80BvcspxtZ8A3}B376mCBv2(ipOH%kVW1kx@`4YSV0o$>If&2DQG9TItgOo&HOl$ zG$XNyWp2RVWJg$dR+iyzvpr}9xnd$56vB;g8BQeP2}WUsqLFaS(!-)EgP~BkOOJ)X z^^rLD)E+lGg0c2wM{tt}pQ__twd#ncMnY!COisFzn^aeXg3;*uU}zJUtM;hSNl(UR z>z&hhfytXe2cq}rD2eDh86A<6mZhtfo9nkwUlA0t5>aMe(rTR^i(4Iu_-4*TlZ~NP z%jXMq1QVu}2u3Ubfj|qeh3kXKNXU#QEmYOnxY}G@V+L9mnXOj6*&4PEXWtq;ypz+- zmKCcIiD`zqyL~=it*8n$MPeHpTkFi$dULhU3%y`2=!XuNJIPnp zpjRdvSELU_8K<-$DdL zHJTf{yUi|4_INB9jaXaED{6%I7Pww4N6@r@wOSa%zi$Xbt1*D}X7h>=#n@^UHYwj! zmvM3JB)c;{Vkb-cR;w-)PuXoMQr!p4%Lba48zRwYW9vdb8e;Cy@Z{UtidoFeHL=Z+ zSi9L0PNq6({R(vlY2`p)Ur8)(VncE{>kLL>QUU8xcf?{i$#4P_33Y9O2n$sR=V-?! zb3-r^Ww1>qqjbl+kd8x%EnQaJW|LNXXx=hZE3z`F~XqkZ>ESIfayY!q!(}xhaleKFhsH?7BRLJ^tmR9)^ z+&9y|@$yLVrMPDv$0o2c(20-|e}t_wo*jwf@zPdUmjIc>{dm}9+;w}Tv;?*!BV;x1 zRp`Fmi%;{(TP87RMuAcBz;?ZqH-n!Vi5$gHk0r62ZoC<{@e|qAlD~)ZWh^cE)CrM^ zw9B{&JQb>Mk(7DCd*^k*emvWu$xj_6AE(L3vw)P7zn}kb6Szt22NJtt_!eA&C$Re^ z{~697!5){qb;_5qbu3}ef#*eDch!D!>&XHxbKu`vBJc_a?w9&i4!qef{j^Cc2rHBP zLdW1VgtUb2VJu zuTVGAzD*T%zd|_e8t&EbHVvPp;T;;T-|u&6 z_=%c+w}zjj;afF)j)q^a;d1HW(rp_42~Gc24L?Q0cWC&j8h)pS(_TrHof>|c0zr3a zc#VelX}C|r#}3DOV5|qmdSI*v#(H3^2gZ6}tOv$=;2-IMKbL>}J)`IKG9y#^tFsw1 zdi$)Bk^M%`qh))!+mZSupJZ%kWX>5N6~V(V>Ao zHcuPSp@ARSJZ(IO2EJkQwBZ~YxY6cmqd7Eijm^_0YG~jyHcuPNp@E>y(?)-2;6j_H z4d&3mQk$oZ<Av=K!6ZJsuOXur+V#t-ec zdD`%y{WebHfCtQ&C`Yq?YDV)kb?HxJZ;R-ew(Ka8QQOS%-$Eyq}jWi@%alr zbw(lI>EOc-{xS!@#=)<2@Bs&ZmV>W%@CzLL90&g~2Vd#nk8<#(4*qX={HC}69S8r0 zgMZb*zu@41;ozTi@Q*q8haCL94*vTN{@V`zb_c)R!Dk(OuYEQM$apQ&8q{xKHpD_>{&HfR!1t2h34BE zs>^3yhe?kGJbTtsAV#)y36aIaRwb79zbqC@`^1rhN{)9+hT;ovdpplsye20o9JJ+1#+&!XwZQuEdrJ!d7L$&B=?)?_1d z)_1_hN3!Tf2U;AJ_~b9jt*JE=GPMeO1m#rw$tFH3!lwpKVG9 z9$%hbx!=eH0QcuQ;Lu112EiXN9-tSCk@j%RNLTdx%PhQP+UK9lARF9G4JCuk!eH3Q zti&hq_yb-pc#34NLAHzdpX}8_sBwg#s($0IcGY?JRfX;k=bYzY{+{05O~bgKrm>L?^zHVd^C`A3kiYDjK7>X-?Rh#P!sYd3EC0xcgZIaA z6qZm%@7{s?1KGQOgCN(ygYM6Di7@BFW$q-2trJ*{Xb|^|06xW~y$u581gQVNsg~_R zH%o3%rx5Z}rG_e7AsqUJloObKTR1cb6%C_9yJ07bh6!=yP5FksG0ZEGf~RmJBpXKY z=S&I+-ft1!o8dCILSj7vTPxz=4xo7zm-e;^loOzL@LIMD-7L95!-SAG>>}Q9iS*}o zf$i-p-`;m!pEVCF=_(%9J{%ogF9z@kZczEpb@_OOiw5$I8dDAzQ*9SNakpw+~S`61S7rYfe|eDuT8=?UW}eS9;4@v9;5e}ErXb@ z9il}<9w0Nj-*>+|GSc5WEKmRb-b3~ggDz$x>+c;ekL)h#&;17?K?mG~4k*8FFD+GS z9`xtF2U(iC?0JYBd#n>P+vz~+h^6G)e;FC+87@gp*ad6$TInvTOLpfJEKg`4n)>iU zIzoL2)5ui%Im;*fFF4XmQ}KQ>eSrS#ru%x*-wf|*-k8jGY7$l~*#&&=rum>g0~hJu zGI&5ucVop9b*_+gE~6UKk7RgL#M5(U)S7qx(@_K(pOx#~y zZ%~-R--^86Pr2USjEF3>-^d2Gs`y3V&(fF^O0~V1yOIntl_%n@qC7Wt5yBPvbFaTM zGLqTOTWNO!pWwpR?NCkgA;$2i(;>$}8ne+uNIGH&Uw+$t2v=c;Bf9etUQW=Eyp1>z zaFp3T2B$_Arf&39#hAz5< zpWnQT-Xug0J=v>7>HgLQ@HxnVaor`T0J+I~XKf4cPFSfFx z?-uf~`g8L{l=t8zm7H#k94Ru8ZE%ceTu#zwhA22XJr8q|F5u1Ltr_MGK+^mW1L=|K7|1Jx9tQF`?A7^+^IR^djLE$i$jfcx`}2B>xgG|RFD1nW@*Eof z{6OZ=G7RL6c>gcE=wxys2l5g~oh{bR$VpHgbw+-QgK`z^K)8ix%)4)mcB!2WJf3Xn zQ+RA4#&RQ%tUqT`poQJHjyIOpxcj9#y6<$M2k_QBI9nO#yKkm#d}UtmJp_llu#8w` zign*OI#cr9_wQtoscga5DrEQlfe_h!)49}MtL7sL{aXA8p4Es(Ud!$Kb5{y?}@UQK^)&miic(V??i%+K8-kkj*lJV8pX z=UD7bs)5hjY^letVWX_UR5g%>s9~L`;TQO>i)`wrMGd28-8FFToX9l@RkkhxJGBO{ zyr)R>r=Ti(rjucjEBW{Tq#BSv{W9WyCOf%A)y|g~S?ynWljVx>4xa3Z*eH5x$?-T);KuqVDN4icRM_Ix+Io`PXOyrgIM-I>{cb zA}4Y>H$f`u%}&K_l)6u8&iCVcybJiso-JK&H|U$(Uw`g4a$h)0ZYBSj$|?C8zXK(4 z!#Lv&Qt$18fBR}e492G|U*~bqO7~7CAX~a0w^gDOPm^_iLe)tcV&0r2>bxC~+GHzh zNhw>Ju&v+Xvi{rv4}q4L^Q8quR|uC+i&~&JKd*Ne*TVqt;Oy?_O%T`qdk3jr z`}XKkGRRbp&j*ba4REG&6Pj?QO%Xi_Q`pvxVLzS3#SsCE&T$X%ZrKhdpxnF z*ni7o!V*V@V$`3f#`4pyU8-Yt+^6)&lhFGy>18VCb5Hy}W)CT0nX_xzDr@N$){y;b zf`|YvL&{~o>NdOT|IF*1!SzN>INlFp!Y$_$-JWpN9|-I#ct|bBZ!Qmv6#8@PAmy7K zBeRB{R!rp&bIPy#4Mua|8T_#yS_u955oTC2M281?W3j7(9ke(YE|Uo89E&VVe25uV9{BWK) zP7DkeK_@v-D89QtuSdb+ao=z{^|p}-3};wo&D-f;Vl015(>k+eI9)<`J`PudsKbE2 z9g`0=z4Syeoq8p`<{-S~GXAP`;7}%T5cSZDESwSabhD?gN}O2RfMwPk%miNHp&V00 zo-_%6RH>WEfYI;Pk5c$$b`ABf)?ZHf0%b{T8sKfYVyWeQ~c=VM;RRlTqbwtHDLyutD^{5B46 zou-dF<68(758_zEiz6ckK!;z#1qF>QdwFD}3Ut>iBO`slzwzqG2>rhPq~DK>G=uhl zZUdc=!?hiB10K*(=R64N1^oqR4eVb7Z3gw=(R3H+v7p;PmxJyEy#jPU=x;y=LCf$| zyaN8JKo5da!Lw0bJXf|bPj`i9`s4{^vaRgw6PBF1@TA#5x&1oO!Goxi09nYdg-;InP8kD7l%=@Rxv2@U~WJTr|2;qHmkuARl+oOmtHhrdpqwqq9Cbrc;xS}|?+ zEOyP5VYIR5*lE9+#daQhD-55hn)co-_T}U6MV(JipLXkPmYwmv@r*s&kX+hU!k z-$v^^{T7AVy7a8wlTmp9`o?he_pw8x^N>i@W4?e<~Iz}p9PZi*K?ocH6sCKYVPIB&OG z^3USM9TjX<3giO)-}|fbl{r1ucm?8@v{}+NNxLN7D(N;!cSyQZ(mqM|OL|b!K}nIE zj+Y8ay^_{Q>X)=x(l$xEB;6|MHc59#x>M3VN%u>7P|`t3RkE6j*&+_Fq&1TIC2f|p zP0}t&w@SKA(jAiSl(bLM{gR4WKKkFXwnAIvZdl@-yJmeVW~ID7ACfNAEbyf`>$|$P zwz{V76bTpFIXMr2@$4=BT_asa^P6%b+#pXRuN2bWrIc~k!7g;vyNBb)urfamP*glG^5bLJL_eW<{BQjD7Kn&juO?PsaP zCrex|PmI8V9~l;&l%Eb%{4P@Z&K5$p4uRe5u6!4t%4;4T-CDJInDZ=FDU9P2e)FzD?r;eXN~dQR$z`{T$Dn>+?d6pI~3l zlzt=dV-%y&OI`5IF8G&R@VkIlu<5L-O>>Sz$`e>Duh$bUetrjhHayKgL-_GYcNMsh zd*Pq8Nk9^}{CIP4!JI-Z_6tS0<)sdIv3{WZoyG7gfzOtQi=s|HJ-EHrzhLDt3p zFQuOW=|{!08&c*zu|?i-aX>!SZ%7yQ3n@JR@u zSiL8@;AgtvQ!x*z-&9^**?sJXF8Ur^AdA%-aKSHi!BZ~ymtFAhy5NryUV^)Juj*kz ze+r!DkMsO}&c)A(xX~`wt|c6=V3R)~{PJh2IK13NzgOySlKS)vmC9FL^dAIH^O>C~ z^k|)>@>_{NBXpAGRSI+fhI>%?QwL$4X5-%V3LX5bxUGR%t@Pzd5 z?B}ap^#9ET{|j*Hhs)0pF>R2c&BV|a8<(?PaMJ}(x!@V#URjq;?r_oH4V>cqxno=o zxcK>l3r=5(E7q>#fs_A7Wk1Z9K~=lxuX4e=q@O|QN4;D5tcyNt4J9mJbsYKDg6kuu z72L=GB(2nj4b>r*&r4}qok*7$k0I-!X(B=6#%O$fFlx42@kG)Lrn*@u-q{rmTj6%3 zNh_+sGf0}jL?XDwL`KNO7PcV~>QS+ZFQ)ti>KymYB0@6 zobpmq#=S)*vOZeT#o_L7C}lz8Gl* zV=2nH*i`F7+rt}zsiE3LOHO@zC`LCd`ni{vQqxsIHLhZ$H^H6<~W4l!xl!xnNG zHu)Btt(fFjATMIONXUwx43bupZ&B;&7PGl^h1s|~uxfSV>WhKaVOCMvR-_H3IUk{P zir|nM7HLx96Ui-8AuPXG*(Zv`=N5tQbO3mfEO`-al~2YNRVpxBC?Y5)UtL8*$-7?u`Uv6R_zLq z0hLZ4p6b{!pkktmB(1hSO;ed9*L7t07#GcU{C6iRF6<{7*ncz!@Mw=8Dbug+M&*}w z^qV?Ykk;BE(U%=ca9rSwhJk;1$Z15E04*V|Fyd)!`Bee42g$?L`YrMo7a5ul$n`67 zP>%|z$XYG0E8?3^#jY#3sOXE2o@LzGv`gx(xDoC?r=I7nZeG#R$xWTP$48kV9W+)W zo|-rmKr&)GQ88s?_R;!|r9U=m9pEd!Op9F5R4i0TXHFfRz?~(sV)HQceB_Q0R0EM1 z+#$)Q33mug6M2kP6~)s<7sm8ahce$Al(yO7vmi}1^&z^?v05UdGdd7g^}^iPg^r3O z)b?vxl4&xJ?i)4#BZa;WmkGZhv9w=ha^}~P#OTNo_}`m4pGL6g>4t7!*b(l=B4+3F z=3gI_7f_LB-!ZmoI?yE&_xUuL92yjH9mJa{^LoJ`sPyLreZs1fTRN@adQdANXootA z#PI(Gbg^n=Ee}^?15(|Uh$FQ*zUP>S)~6!)FJmI@5<>Fo1+>NE>K(yk2di%15Jr{@TCr+uLp!m% z)VK5>>3BM<=n)Pc)AQo|f1%X-T`A_e>X_(>_}~$qZSVH~ACWEb<(EU)ihn-y-eLkq*^+dPUWHeX>6R zAE*5{fKi_)|I7=9ikJVTCx!*ZIe)$esc!G}3Ux*MRKuhf^_)r3I~?{0XA4C|m7X-m zlP^&e-3eB&e^A;hs(&|_ER~(2_dD#>b8bbG>cJ`*qbNJU;b%QK(Cb&v^A*M8w1VR7 zzsID#-A#U}F6kd6tB4vu#XpGys$bdX{6eDWw*+hdb=LnpB)a{!r9xHFuPMjUgR}lu z9rp8=3q?h{q@5yEmtNilLtpKnbC?(PUb;!J&i+>QD>@Di>8m5kUcCpekoHPXc+1a! zg_pygVp8_%J!qA*$LoNCqU;nn1IBdjD0}sOQvE-8HM0Nc{HLPqRlB|iOs`*kFK6v4 zuFmcxp;nZ=qH`eE?OB^tZWdIn6Uv3MQ~W#_6Q<(#w+Ts=vUk+)7h?NwjjX@MM#O=# zpXb1pJDobF7`HHF{d4K!fHD)GQ}9vot9H@&sMv96m#$02;lDagKvl0&q}Q0m?91uG Mg0k3Q;9%MR0Fh$Kq5uE@ diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 6016e262..b51790f0 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -809,7 +809,7 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan hSession->isSetSSL = true; } if (!SSL_is_init_finished(hSession->ssl)) { - int ret = SSL_accept(hSession->ssl); + int ret = SSL_do_handshake(hSession->ssl); if (ret != 1) { WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", SSL_get_error(hSession->ssl, ret)); } @@ -851,22 +851,25 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan bool HdcDaemon::DaemonSessionPSK(HSession hSession, const uint32_t channelId) { - // daemon收到点东西那一定是空payload 我不闪躲 unsigned char* buf = hSession->preSharedKey; + unsigned char* payload = nullptr; if (RAND_bytes(buf, sizeof(hSession->preSharedKey)) != 1) { WRITE_LOG(LOG_DEBUG, "daemon session psk random set failed"); return false; } WRITE_LOG(LOG_INFO, "hdc psk buf %s", Base::toHex(buf, sizeof(hSession->preSharedKey)).c_str()); - - Send(hSession->sessionId, channelId, CMD_PSK_MSG, reinterpret_cast(hSession->preSharedKey), sizeof(hSession->preSharedKey)); - // if (memset_s(hpsk->bin, sizeof(hpsk->bin), 0, sizeof(hpsk->bin)) != EOK) - // { - // WRITE_LOG(LOG_DEBUG, "daemon session psk free failed"); - // } - // delete hpsk; - - + string pubkey = GetSessionAuthPubkey(hSession->sessionId); + int payloadSize = HdcPsk::RsaPubkeyEncrypt(hSession->sessionId, buf, BUF_SIZE_PSK, payload, pubkey); + // delete buf; + WRITE_LOG(LOG_INFO, "hdc psk buf %s", Base::toHex(payload, payloadSize).c_str()); + WRITE_LOG(LOG_DEBUG, "payloadsize of psk is %d ", payloadSize); + if (payloadSize <= 0) { + WRITE_LOG(LOG_WARN, "RsaPubkeyEncrpt failed"); + return false; + } + Send(hSession->sessionId, channelId, CMD_PSK_MSG, reinterpret_cast(hSession->preSharedKey), payloadSize); + (void)memset_s(payload, payloadSize, 0, payloadSize); + delete [] payload; return true; } diff --git a/src/host/server.cpp b/src/host/server.cpp index c15f0df3..2d13cc46 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -620,125 +620,16 @@ bool HdcServer::ServerSessionPSK(HSession hSession, const uint32_t channelId, ui if (payloadSize < 32) { return false; } + unsigned char *out = nullptr; + int outLen = HdcPsk::RsaPrikeyDecrypt(reinterpret_cast(payload), payloadSize, out); + if (outLen <= 0) { + WRITE_LOG(LOG_WARN, "RsaPrivatekeyDecrypt failed, sid:%d", hSession->sessionId); + } - if (memcpy_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), payload, payloadSize) != EOK) { + if (memcpy_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), out, outLen) != EOK) { WRITE_LOG(LOG_DEBUG, "memcpy_s failed, hSession->preSharedKey len is %d", sizeof(hSession->preSharedKey)); } - - // const SSL_METHOD *c_method; - // c_method = TLS_client_method(); - - // SSL_CTX *c_ctx = SSL_CTX_new(c_method); - - // unsigned char word[32] = "0xxx1xxx2xxx3xxx4xxx5xxx6xxx7xx"; - // RAND_bytes(word, 32); - // // unsigned char *p = word; - // SSL_CTX_set_ex_data(c_ctx, 0, word); - // SSL_CTX_set_psk_client_callback(c_ctx, PskClientCallback); - - // SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); - - - // BIO *readBIO_c = BIO_new(BIO_s_mem()); - // BIO *writeBIO_c = BIO_new(BIO_s_mem()); - - - // SSL *ssl_c = SSL_new(c_ctx); - - // SSL_set_connect_state(ssl_c); - // SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); - - - - // const SSL_METHOD *s_method; - - // s_method = TLS_server_method(); - // SSL_CTX *s_ctx = SSL_CTX_new(s_method); - // SSL_CTX_set_ex_data(s_ctx, 0, word); - // SSL_CTX_set_psk_server_callback(s_ctx, PskServerCallback); - // SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); - // BIO *readBIO_s = BIO_new(BIO_s_mem()); - // BIO *writeBIO_s = BIO_new(BIO_s_mem()); - // SSL *ssl_s = SSL_new(s_ctx); - // SSL_set_accept_state(ssl_s); - // SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); - - // // if (SSL_is_init_finished(ssl_s)) { - // // std::cout << "s okkkkk" << std::endl; - // // } - // // if (SSL_is_init_finished(ssl_c)) { - // // std::cout << "c okkkkk" << std::endl; - // // } - - // // cliend hs - - // int ret = SSL_do_handshake(ssl_c); - // if (ret!=1 && SSL_get_error(ssl_c, ret) == SSL_ERROR_WANT_READ){ - // // std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; - // } - // uint8_t *buf = new(std::nothrow) uint8_t[1024](); - // memset(buf, 0, 1024); - // int nread = BIO_pending(writeBIO_c); - // int nr = BIO_read(writeBIO_c, buf, nread); - // // std::cout << "ret is"< s - // int nw = BIO_write(readBIO_s, buf, nr); - // // int nwrite = BIO_wpending(readBIO_s); - // // std::cout << "ret is"< c - // // client hs - // sleep(1); - // nw = BIO_write(readBIO_c, buf, nr); - // ret = SSL_do_handshake(ssl_c); - // if (ret!=1 && SSL_get_error(ssl_s, ret) == SSL_ERROR_WANT_READ){ - // // std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; - // } - // memset(buf, 0, 1024); - // nread = BIO_pending(writeBIO_c); - // nr = BIO_read(writeBIO_c, buf, nread); - // // std::cout << "ret is"< Date: Wed, 21 May 2025 19:57:46 +0800 Subject: [PATCH 05/11] no solve Signed-off-by: TaowerfulMAX --- src/common/auth.cpp | 8 +-- src/common/base.cpp | 3 + src/common/psk.cpp | 7 +-- src/common/session.cpp | 72 +++++++-------------- src/common/tcp.cpp | 20 +++--- src/common/tcp.h | 2 +- src/common/test02.cpp | 54 ++++++++++++++++ src/common/test03 | Bin 0 -> 23352 bytes src/common/test03.cpp | 138 +++++++++++++++++++++++++++++++++++++++++ src/common/test04 | Bin 0 -> 29216 bytes src/common/test04.cpp | 125 +++++++++++++++++++++++++++++++++++++ src/common/testbio | Bin 33416 -> 33416 bytes src/daemon/daemon.cpp | 27 +++----- src/host/server.cpp | 22 ++----- 14 files changed, 371 insertions(+), 107 deletions(-) create mode 100755 src/common/test03 create mode 100644 src/common/test03.cpp create mode 100755 src/common/test04 create mode 100644 src/common/test04.cpp diff --git a/src/common/auth.cpp b/src/common/auth.cpp index 3cdf9420..037cbfc5 100644 --- a/src/common/auth.cpp +++ b/src/common/auth.cpp @@ -995,6 +995,7 @@ int RsaPrikeyDecryptPsk(const unsigned char* in, int inLen, unsigned char* out) EVP_PKEY *evp = nullptr; string prikeyFileName; int outLen = -1; + WRITE_LOG(LOG_DEBUG, "RsaPrikeyDecryptPsk"); do { if (!GetUserKeyPath(prikeyFileName)) { WRITE_LOG(LOG_FATAL, "get key path failed"); @@ -1015,10 +1016,9 @@ int RsaPrikeyDecryptPsk(const unsigned char* in, int inLen, unsigned char* out) WRITE_LOG(LOG_FATAL, "base64 decode PreShared Key failed"); break; } - out = new unsigned char[tbytes]; - out = new(std::nothrow) unsigned char[BUF_SIZE_DEFAULT]; - int bytes = RSA_private_decrypt(tbytes, tokenDecode, out, rsa, RSA_PKCS1_PADDING); - if (bytes < 0) { + // out = new(std::nothrow) unsigned char[BUF_SIZE_DEFAULT]; + outLen = RSA_private_decrypt(tbytes, tokenDecode, out, rsa, RSA_PKCS1_PADDING); + if (outLen < 0) { WRITE_LOG(LOG_FATAL, "RSA_private_decrypt failed(%lu)", ERR_get_error()); break; } diff --git a/src/common/base.cpp b/src/common/base.cpp index 066e9966..bd99ecf6 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -2634,6 +2634,9 @@ void CloseOpenFd(void) std::string toHex(const uint8_t* data, size_t size) { + if (!data || size <=0) { + return string("input error,cannnot print"); + } std::stringstream ss; ss << std::hex << std::setfill('0'); for (size_t i = 0; i < size; ++i) { diff --git a/src/common/psk.cpp b/src/common/psk.cpp index 1c82951e..e1e66f8c 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -279,7 +279,6 @@ int HdcPsk::RsaPubkeyEncrypt(const uint32_t sessionId, WRITE_LOG(LOG_FATAL, "encrypt PreShared Key failed"); break; } - out = new(std::nothrow) unsigned char[signOriSize * 2]; if (out == nullptr) { WRITE_LOG(LOG_FATAL, "alloc mem failed"); break; @@ -302,11 +301,11 @@ int HdcPsk::RsaPubkeyEncrypt(const uint32_t sessionId, int HdcPsk::RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out) { + int outLen = -1; #ifdef HDC_HOST - return HdcAuth::RsaPrikeyDecryptPsk(in, inLen, out); -#else - return -1; + outLen = HdcAuth::RsaPrikeyDecryptPsk(in, inLen, out); #endif + return outLen; } } \ No newline at end of file diff --git a/src/common/session.cpp b/src/common/session.cpp index 7bbc324d..395464e3 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -610,8 +610,12 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) #else Base::CloseFd(hSession->dataFd[STREAM_WORK]); #endif - SSL_free(hSession->ssl); - SSL_CTX_free(hSession->sslContext); + if (hSession->ssl) { + SSL_shutdown(hSession->ssl); + SSL_free(hSession->ssl); + SSL_CTX_free(hSession->sslContext); + WRITE_LOG(LOG_DEBUG, "free ok"); + } ERR_free_strings(); EVP_cleanup(); } @@ -834,6 +838,7 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int switch (hSession->connType) { case CONN_TCP: { HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); + int writeLen = bufLen; if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { if (BIO_pending(hSession->writeBIO) > 0) { BIO_reset(hSession->writeBIO); @@ -849,41 +854,26 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int } } int sslBufLen = BIO_pending(hSession->writeBIO); - uint8_t *buf = new uint8_t[sslBufLen]; - int retBIO = BIO_read(hSession->writeBIO, buf, sslBufLen); + // uint8_t *buf = new uint8_t[sslBufLen]; + int retBIO = BIO_read(hSession->writeBIO, bufPtr, sslBufLen); if (retBIO < 0) { WRITE_LOG(LOG_WARN, "BIO_read error"); - delete[] buf; delete[] bufPtr; return retBIO; } - // WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,return SSL:%d,BIO:%d", retSSL, retBIO); + writeLen = retBIO; + WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,writeLen: %d, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", + writeLen, sslBufLen, bufLen, retSSL, retBIO); // ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); - if (echo && !hSession->serverOrDaemon) { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); - delete[] bufPtr; - } else { - if (hSession->hWorkThread == uv_thread_self()) { - ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, buf, sslBufLen); - delete[] bufPtr; - // delete [] buf; - } else { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); - delete[] bufPtr; - } - } - - // ret = pTCP->WriteToSSL(hSession, bufPtr, bufLen, echo); - - break; } + if (echo && !hSession->serverOrDaemon) { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); } else { if (hSession->hWorkThread == uv_thread_self()) { - ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, bufLen); + ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, writeLen); } else { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); } } break; @@ -935,7 +925,9 @@ int HdcSessionBase::Send(const uint32_t sessionId, const uint32_t channelId, con payloadHead.headSize = htons(s.size()); payloadHead.dataSize = htonl(dataSize); int finalBufSize = sizeof(PayloadHead) + s.size() + dataSize; - uint8_t *finayBuf = new(std::nothrow) uint8_t[finalBufSize](); + uint8_t *finayBuf = (hSession->connType == CONN_TCP) ? + new(std::nothrow) uint8_t[HdcTCPBase::GetSSLBufLen(finalBufSize) + 1]() : + new(std::nothrow) uint8_t[finalBufSize](); if (finayBuf == nullptr) { WRITE_LOG(LOG_WARN, "send allocmem err"); --hSession->ref; @@ -1045,26 +1037,12 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) unsigned int HdcSessionBase::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) { SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // HSession hSession = (HSession)SSL_CTX_get_ex_data(sslctx, 0); unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // HPreSharedKey hpsk = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // thisClass->psk_key[8] = '\0'; - // 动态加载 - // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); if (strcmp(identity, "Client_identity") != 0) { WRITE_LOG(LOG_FATAL, "identity not same"); return 0; } - // WRITE_LOG(LOG_DEBUG, "hdc psk len = %d", hpsk->len); - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hpsk->bin), hpsk->len).c_str()); - - // unsigned char key_bin[32]; - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - // int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); unsigned int keyLen = 32; - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", - // Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); if (keyLen <= 0 || keyLen > maxPskLen) { return 0; } @@ -1080,8 +1058,6 @@ unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char { SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // HPreSharedKey hpsk = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); if (sizeof("Client_identity") >= maxIdentityLen) { WRITE_LOG (LOG_FATAL, "Client identity buffer too small, maxIdentityLen = %d", maxIdentityLen); @@ -1089,12 +1065,6 @@ unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char } strcpy(identity, "Client_identity"); int keyLen = 32; - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s, keylen=%d", - // Base::toHex(reinterpret_cast(pskInput), keyLen).c_str(), keyLen); - // unsigned char key_bin[32]; - // unsigned char *keyBin = - // int keyLen = HdcPsk::HexToBin(const_cast(hpsk->psk), key_bin, sizeof(key_bin)); - // int keyLen = HdcPsk::HexToBin("1a2b3c4d", key_bin, sizeof(key_bin)); if (keyLen <= 0 || keyLen > maxPskLen) { WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); return 0; @@ -1476,7 +1446,7 @@ void HdcSessionBase::InitSSL(HSession& hSession) // WRITE_LOG(LOG_DEBUG, "TLS_client_method"); hSession->sslContext = SSL_CTX_new(method); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcSessionBase::PskClientCallback); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); @@ -1496,7 +1466,7 @@ void HdcSessionBase::InitSSL(HSession& hSession) // WRITE_LOG(LOG_DEBUG, "TLS_server_method"); hSession->sslContext = SSL_CTX_new(method); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); + // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcSessionBase::PskServerCallback); // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index ea506272..20c139cc 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -397,7 +397,7 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); return false; } - // WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); + WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); bool ret = false; HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; @@ -421,21 +421,19 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) return true; } - ret = hSession->cntErrorSSL < 3; - hSession->cntErrorSSL++; + WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", ERR_error_string(err, NULL), hSession->cntErrorSSL); uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - Base::ZeroBuf(bufToZero, nread); - // SSL解密失败,注意清理这段数据。 - // delete[] buffer; - break; + Base::ZeroBuf(bufToZero, hSession->bufSize); + hSession->sslHandshake = (err != SSL_ERROR_SSL); + return false; } else { - // WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); + WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); // 如果这里队列无法消耗完,会给BIO累计超过150K的缓存,缓存超了这里就crash了 sslRead += nSSLRead; left = BIO_pending(hSession->readBIO); - // WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); + WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); ret = true; } } @@ -585,13 +583,13 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) if (err == EINTR || err == EAGAIN) { #endif if (++intrcnt > intrmax) { - WRITE_LOG(LOG_WARN, "WriteUvTcpFd fd:%d send interrupt err:%d", fd, err); + WRITE_LOG(LOG_WARN, "WriteUvTcpFd fd:%d send interrupt err:%s", fd, ERR_error_string(err, NULL)); intrcnt = 0; } std::this_thread::yield(); continue; } else { - WRITE_LOG(LOG_FATAL, "WriteUvTcpFd fd:%d send rc:%d err:%d", fd, rc, err); + WRITE_LOG(LOG_FATAL, "WriteUvTcpFd fd:%d send rc:%d err:%s", fd, rc, ERR_error_string(err, NULL)); cnt = ERR_GENERIC; break; } diff --git a/src/common/tcp.h b/src/common/tcp.h index a7de6ed6..9b35737f 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -34,7 +34,7 @@ public: int WriteToSSL(HSession hSession, uint8_t *buf, int bufLen, bool echo); inline static int GetSSLBufLen(const int bufLen) { - return (bufLen + ((bufLen / BUF_SIZE_DEFAULT16) + 1) * BUF_SIZE_SSL_HEAD); + return (bufLen + (((bufLen - 1) / BUF_SIZE_DEFAULT16) + 1) * BUF_SIZE_SSL_HEAD); } protected: diff --git a/src/common/test02.cpp b/src/common/test02.cpp index 525c763c..3f4ba61d 100644 --- a/src/common/test02.cpp +++ b/src/common/test02.cpp @@ -262,6 +262,60 @@ int main() { } } + uint8_t errbuf[30]; + nw = BIO_write(readBIO_s, errbuf, 30); + nwrite = SSL_read(ssl_s, buf, nw); + std::cout << "nwrite" << nwrite << std::endl; + if (nwrite < 0) { + int cut_error_get = SSL_get_error(ssl_s, nwrite); + if (cut_error_get == SSL_ERROR_WANT_READ) { + + } else { + std::cout << "error" << cut_error_get <<"hs" << SSL_is_init_finished(ssl_s)<2nqs21|kJ3bs!8*+JKP+q_*}s%uL9vNhZv^VDQuy zi@0QCPO;V2Dm_KdZtI@9E4#Hl_Q%#JYSh!Z($-zvt}WZvJ(Gf6O#P9%>g?xx@BO~H zb2HC%J^Rm|&CSVt-}iIB-|xNmdw;z5?tAb1`Dn|AiaPtNJM9hZ`KDO z5wS|lz;C?>imBkINKEBN6hW>^$0|x`wZ&h@S^~g8Xmn*&MmQq@y^?FH&k}i+jMbNO; z8`gSE8?--}vOmcj{jbvgw5e5XVe55jJ)5qFO-f9u3`%V;yU7nyUaQud9aeU1`mllp zQ!ejn=&`G`$a@m)PO({+=hqM8y4_4^oKRZUmEOLxaamV#X;-?ZuYYO(s+CJuHimMU z&~lki^$Oyj#?+OYwg_~~Fk#x9sMw=;wnurhbw0`W9*aDF&e4NcUjEIw)1JTM)Vw<@ ze)JKNp?Z@J$xtGDy30L&9*#&x`Qr}E!x}*trTO@OKJ{Gpg6`=}wRcZ%l3e3=gpSOoEJr<6~* z=Rq)N3xi+cgKq#{u76#h`nV`}UK#r*AwLUeqwB9$nKj@keG2k~M_LunxNw@=H#*5w zHnk(2b5q&&jZIydo>Y5$dsj+0&W`R(kCSubS=VutXj#GbmNqAs%I->Ko$i#|nMsPa zwiY0+lgRY+q!KRKa8nX(YTxGcq;8bQ*;G6!u4;{LBJp%j8gjWVnX?1Bscbfr6=XZn zl}`1zw(WQ#k?J)~Q-Ryl8EGJyaXRBY$y{gr230PVxvu#tN0vzkH)hkQQc3BF?CxGS zBgJwkty>PdDrC)(U_IMEr;I&Le-0rkDIMKG1@FR@4tJ0aA1Bp~)GupjA9Npy^Z{4uDEz{;i0km)3 z6mD>wM1OyLdwN$m{1F^?#dA5w-QAml$2u})q?SV?mo6uWDktDo>e&8%r#F?&WqRUW zX?M4?t3kG?E7$z~T9ar;TP}54KanWcoF>&ADlXIK3TI2tjp?4GvpJRP>!x9q=#M)c zX)5|AVsQ>j=uy@kPxoj644D2jlqn~1gOljI!Rd&ny9A^$O6U}~f{s<6d2G&2CKfLy zb|vNRNWe02VJWNdE1Q~}6`=;vv~AnkbD$q z371q=qLxnBNM!#}!+vlvUFl5`^NAnF9{%1>+ z{3;8-TjMbs*L zf%6=ojAI6l0p_LS2F~|jl$kg1^F3)HP8s+G20m`!^#)#}{Xq5quz~Y=lajG$JOcO8F8MvNGGB0T0bREuVp@CyUda1#{sccTG4E%HkK_do^ zg~UrS1E21pSdR=`-l zy1(Icz`#GmAn4r&evW}3GVnSBf55=cHSog*KF7cxF>tz848ZPOnTt|i3k2T^Zd7Bdrwx!2CH6NCPZxCuv<}hKDPIX z>Lbzvg-d@H5@M{d;O8JSFAyZ(NjYPq|5hjz4oIFhUdBd`dOU5ojEz3#@wCx0Hu`rS zPa7;_qxX3{ZR(7T-r@1I(K0rAi^tOj%h>2nkEac=?C9Q{me;5V_ozdP019t{tNpNS2vc^17^sLet0wT{rt3vLCA2{yFmJ|MB7 zs(Xm69(QXo^|sP6rrv3V<1;VVLvlwnh5Sw_e<|&-#}>UC8#onv> zeb=200}Hf)>ca63ISyE#=I5R@`!HNY-{LK?y=#897>BWem)+^H!8KE%mjCN_3WamV1n4!U0Xq(6EiGU;Fo^x9&#oZOEIoQw@lS+G#risr+^v7vpv|5+%+21fEZ z2?Abr9^p zvDo02d@{Cpwrsc?IkB3&5*s*TG^iGWC#Dr~_R6Qo9xR}$50JxG;3qbC-S{&{*t1xM zYX)w9d!TQ8@6B%q`aXKg&EsgX=v$7#@)Y$iRM(K!P}QbOhPhkjLBC(PD zwQpmYDq8(9*?5#z==_(_jn|bF7aO>FJT_Fj0}n-FgVFKWK+TWI4Uf`Kz8;1YTOooX zf0oBir`+$rhek2l(s@No2M!##?ua};(6FJ#Nf}wpNd5`bg^K)f1B_A2ehz!jl*l(g zJ|7$CJ02U@0?$W}p}~XEd~7fhj16uCD*OGH&>M)p4VQ_}FNH&v;bcG#8LGNPJ0uN> z*kJ8%Fj!*)|3qbd708KJh@9;SH!f1uxSWIs9v_Up4I2ahoIj~}$i9QK4jBe`js+vTfE8;cz05JexEP{3UlbDkPK2ZcQ8l?q{?~(l6A`VYUd?Dd3=}Ep- z%f~PdIA4zBS0QrZd|o*y4|)eN>-4g*Q<|m~!<wcPD zx|qQ&<7)Un{U&!?MITL>46V>|%7ke8qSTeLwzUr}AXZM9Bvq~x!k_Yl>vgxCM#4t7 zeP1bOi^><1@?t2j@|2&Dxg+_Xpe`67(W3BMK+v6D8z=PVM`=(G)n@B;(*|nt9kR%Y z{rRr6F7cXtm>4up))xyoI=?PISA(w=B}@9VrHGgG=P%x%dQ<=T_Gdj*C-mn}HWPc8N!dL4qSxv%5 ze~v2U`-{rgkTUh>t)B90GIu2ZHtK@@>?;ai0%5a1y)(g3?L&A{3@6fgN0E{IgBavx zrS*B^d-i$bUKD7I7Q_0^iPks$Ppz+!)-j3Xw50na@6HI|WSaEA|8Wn{n^E3NdqH{+ zER_`N<8C}iukpF5o}ilvLg2EX2yWl)rgBo6-t{XHRzNn>t!3%G!!kmNRC-q`30uey z-Wcz3bHR8}%EeJucdt9)6+>MLRGQ?wib3z?!(grt?Ule9o`xwE-$iA{Wz1Y z2fYm|RT4Cd^Tq9;TXE9+1?a7yuYo=cIveHu2DA~B-@ORjv{?lDYXWnoPpduvyM)vG zJKJ6@6mW9Ki~Q5%Yalo=h(`Pe|A6%ta^lRI4QJMUeC8Q9R__s4oO{_NE9TDwD)m1N zx*vX!iUcB&T^Ij*fbSuFov5ta@qZ8evWc+hnKidnG|iY=5k-wuT^akn4&etxI% zc=vng--`TizK8x_BL8fR!>wld6&tdSKE6lOCA#z@!Ik5AgQ^{5=4_|Ic## zemcMB&+qkfKEJ2V@9*>b`kc@2tMhyL{2o5%^ZWNK$2h-dZ{z$vJ+5|SqHiH6F;CxK zm^^*UVe<6thso2o7?h?ff(v7HFhlbT^R+R*qg3WzFE`4Qs z{oO)_4i4j*of2P|Y{L#GC2Ww%bX@13uK8BY)1ypE{Ejr;qnJsHiBt08yZG&BM7NKw z+bQYd1iynlOpj6w{Fp9?>z&v7*f5ug%RgW9EQi|>**^4xgz(H#^5eQ8*uIfGw;PwO zl7B$wYkEpk ze5@-|jiy0O8#Ik*+N$aGn)YhCN7DnE9@11<{oud+9SU2(r(Bl>7jD_!*W>mD!{Jb4 zs9|ZiPqN|9EngmLXk4UW)+kQ{fTxI83wADzqX2Sl*8?`F1?W+EIe8jq75K`f_d+eG zNl@d5EPRE=?RBgfcmQ{qy_<0$j}_e_kIxZ2ZxxFBbsSK+ygo9%U&?<-@H)Www{TFd z{(mp!=Zc+HxsL%S`+FBC3-aCwhp%d!*JJ)h#?L=haC887`kYN2BhD85 z{XNTHB<*}y*z<(G-wlX!y>*4pGSCo`I^Mf z5`2E(_3r^~e@y#LFL&Y*jq`bk%Y7DjjhG|qTDj(m9+md%#Pxbz2@3?sVp9g%Fs&dJ18}PF#W(huza^@!qXU3qr zfK$8pI$@d4yA60fH2D0_=c6zC*!i{({)7*H7y6z2AGuH!DEG{8_*)h>qPVV6WpCSELVp=lufz!C!qsJA`>lMJueK+4M@ribB22S;PcA?5+KYS55&1-v} z9+dc8(Z9LW)_uUKJ`ro29|m5oAOFz@AJumFx|FZ~-jMiNg0EY7y{f{6T@B7Vwx4GK zr*>_^!&FM_=a9zjevbezS5FF#LU!zaaW!uH?KX|`bvn5A zZ;`71Zxs=5`pD0~g(ub1UboK!Ue5jsEq~kMQu|wg2X$E{+390vzqVta7w*wG-_Nig z9`v#QLm&JF;N{{&oB&>~U1wmyEQgD>MAi+5GWa|nkqI0(zC!@WxqTfSp@b;LlW^Q_ z1R}`v;DLie*_;#a>lcYkcW+n9O(pSleOU<#6p(h}*=&5bgCG#u z-J&BK?@l?%zV7bbP%$_aLc$cqgCMtIMJUnRE5jSKta6-mh5}81Z4ArM0xn`S5R#^7 z1aUWwfES1xfsh!8+t8Pgd_x-X93Ei(|QVz;UE}} z6OB0vjIG}+ob{jFw02{2lc#;vh7D~|M1okmt|jV}2D*rFBnlO206`*(&w|!3M|cQ+ zRy9Gey_qESQzFESXe%mGa0Y&4)I>(KStTsZI;kWcqamYxD@!8M$5n{BkWBYDeK|a5 zqmm~C^RTN?64W8W;Sne%0ym7j?5J=Jw(hP^HW zw@``nbl5KNS~WBE^IRD*hT@@E^|ywJPxKbUg{6~NO>2iHv5KK0uuLZ9d^VN^@~#;Y z$Eqr2>%cr#4u*d-Ho35GEY;^u(cS zOiQkoiV|cur|5*T*55N0Q%MY+2#2uIOP*fObrhjuG0G?JH;j`Sp$HIEQtt`DohFQs z30+CEqQr&><#uLpw5H z=^&R%h!BDhfu(B@NN41!GL-7nR~?;6SYr;wAlOihpGXS zvdZ!9G|E!eF{eZbmqp#U+A%K~KhQDl`_ipBZjWWE!~G#8ro8W~P$kR9MCtYtmxiAH zDy`2{Z!eIjOniUM{7M{{`gYvL`7Ed@Zre%{?Sq;6ybs4TSRze(TBYe4uz0m0!|mt& zY^Gd)+y=;G*FO%F?u}TV_q&<)YkyE3$iFtiuV z`n>(6pbKZktU+h(5kx0xQ-`c!}15_if6p|c4U;}Sld$#g14ce!`yvR2Qc(WV9d${v`~M(vP5od{i8Gb&6d4xy{+Q{v zEd9gvN|-6ju?gmx9=7y{wLa550oGKM^_YI&(&zmirZ4lxk~YJ7Z1qt~pZB$x&R{`J zZT~%~^|}9fKauGytNz@7Z1$&?KJVi)rFVkNWS9R-WKt1a{?lP4&GdJip^ez(zijD0 zsP~^^LPpF^ zRuM8k7Li26^!%g!MS8}`_2+g`HrHKgsNVz4iY{XXoyq00EbUR3(|`18B|-6P&1A9S FzW{BpkH`Q3 literal 0 HcmV?d00001 diff --git a/src/common/test03.cpp b/src/common/test03.cpp new file mode 100644 index 00000000..7f792f19 --- /dev/null +++ b/src/common/test03.cpp @@ -0,0 +1,138 @@ +#include +#include +#include +#include +#include + +class SSLBase { +public: + SSLBase() { + SSL_library_init(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); + } + + virtual ~SSLBase() { + ERR_free_strings(); + EVP_cleanup(); + } + + void SetCiphersuites(const char *ciphersuites) { + SSL_CTX_set_ciphersuites(ctx, ciphersuites); + } + + void WriteToBIO(const uint8_t *data, size_t len) { + int nw = BIO_write(writeBIO, data, len); + if (nw <= 0) { + std::cerr << "BIO_write failed" << std::endl; + } else { + std::cout << "Data written to BIO: " << nw << " bytes" << std::endl; + } + } + + void ReadFromBIO(uint8_t *buffer, size_t len) { + int nr = BIO_read(readBIO, buffer, len); + if (nr <= 0) { + std::cerr << "BIO_read failed" << std::endl; + } else { + std::cout << "Data read from BIO: " << nr << " bytes" << std::endl; + } + } + + void SendData(const uint8_t *data, size_t len) { + int nw = SSL_write(ssl, data, len); + if (nw <= 0) { + std::cerr << "SSL_write failed" << std::endl; + } else { + std::cout << "Data sent: " << nw << " bytes" << std::endl; + } + } + + void ReceiveData(uint8_t *buffer, size_t len) { + int nr = SSL_read(ssl, buffer, len); + if (nr <= 0) { + std::cerr << "SSL_read failed" << std::endl; + } else { + std::cout << "Data received: " << nr << " bytes" << std::endl; + } + } + +protected: + const SSL_METHOD *method; + SSL_CTX *ctx; + BIO *readBIO; + BIO *writeBIO; + SSL *ssl; +}; + +class SSLClient : public SSLBase { +public: + SSLClient() { + method = TLS_client_method(); + ctx = SSL_CTX_new(method); + readBIO = BIO_new(BIO_s_mem()); + writeBIO = BIO_new(BIO_s_mem()); + ssl = SSL_new(ctx); + SSL_set_connect_state(ssl); + SSL_set_bio(ssl, readBIO, writeBIO); + } + + void PerformHandshake() { + int ret = SSL_do_handshake(ssl); + if (ret != 1) { + int err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + std::cout << "SSL wants a read attempt" << std::endl; + } else { + std::cerr << "SSL_do_handshake failed: " << err << std::endl; + } + } else { + std::cout << "Client handshake successful" << std::endl; + } + } +}; + +class SSLServer : public SSLBase { +public: + SSLServer() { + method = TLS_server_method(); + ctx = SSL_CTX_new(method); + readBIO = BIO_new(BIO_s_mem()); + writeBIO = BIO_new(BIO_s_mem()); + ssl = SSL_new(ctx); + SSL_set_accept_state(ssl); + SSL_set_bio(ssl, readBIO, writeBIO); + } + + void PerformHandshake() { + int ret = SSL_do_handshake(ssl); + if (ret != 1) { + int err = SSL_get_error(ssl, ret); + if (err == SSL_ERROR_WANT_READ) { + std::cout << "SSL wants a read attempt" << std::endl; + } else { + std::cerr << "SSL_do_handshake failed: " << err << std::endl; + } + } else { + std::cout << "Server handshake successful" << std::endl; + } + } +}; + +int main() { + SSLClient client; + SSLServer server; + + client.PerformHandshake(); + server.PerformHandshake(); + + uint8_t dataToSend[] = "Hello, server!"; + client.WriteToBIO(dataToSend, sizeof(dataToSend) - 1); + + uint8_t buffer[1024]; + client.ReadFromBIO(buffer, sizeof(buffer)); + + server.ReceiveData(buffer, sizeof(buffer)); + + return 0; +} \ No newline at end of file diff --git a/src/common/test04 b/src/common/test04 new file mode 100755 index 0000000000000000000000000000000000000000..ccab7dba1170b1be452672d4693ad8844a8ff26e GIT binary patch literal 29216 zcmeHQYjj)Hl|FLf;4}d{DS?y#5syG1#8{4PoB&0^QF2Y}V4}FBP`H+5IaZM+BV7@P zMLMSDrDd{~X-k`#PD@&*EkmIbN(vb|1oKM5YRj0RbTZRY424$a(J?MOJCrjRUe`oJ~_Sxs$$GMN4zX`OgE%SJoDl^z88RwP=#4jtxqDq1>KWk*i z;_qq9%Vq(diJxCqJL#b^QK4vsl$!xcdJAcz2t8TAOi|?_QPOiO!^evnMOl^LNw1tX zz4Qmg%m3OmBIOj-^>}-JDes{FDxFbO*Q3}hZ4r7)KT}92WWU=;h>C2V!bMP<)N7M^ ziq^<@Dyrg1ZqTn$+I7+z)KO8?sn;X*oOF#)V~SE6RDy3>6Q@o=`bI7VT`PJ3rR7JQj_o`|Z_ie)iE<9~?RVnn3o) zFMph5$Zygi87d?%hur3?u|+Zzk1BQ-JI!0g2&1v};Wrw2zIRFQ+@|I4n%6GaIkyRr zYxyE-<`=0w=z`Be!^PxVT<}(Os+jy{7yFYgcol+B%+5DlCfEAs2tPqTSPr*xv*Bc{po#ghXW(IgZi}I*%=6hCH81nEe^?A$flX7h_7Ena!J8 z&8|o?vL%|bBFRmyO|e8gvMJOVi!jsN(wm5zDJzt;OjC#!72MPkG*gk}4UweT8?ky4 zT`U-E0b-fqL_8h|TV%tEaI|UDW>FLE>xm>&>8KS+*%k4~R=&Ljs*z+ekz`~#9E(Qc zmeX`79FFukEq5m)q8VzuGn(Mmx)NqjDBhLo30;@>fj7}_c7?2v-6VMp|2VH);TA7# zzT8YkLS2kDwkF{--%7!!UcN=rR2R0AF=k#Bv@VDzte#|ID`#S<=5WyR`NBP+q-iBX zQ42sIuo2jb&QK~EHWMie_IsN*nVV|NK(N6KTJ>fyVjW387&@|%3(Sq{H^39q4EOi@ ze7;)I6k3YLw=@Uq%wWB_$!7)v@Nq*h5laQ4+}pZHyesyR9p*;zjWz0x$<7stf#^e% zFK~mv8c7pyrBkmyFzW`Q9RVU5iP8ggK1j4aSZ2QHk#p07|VLIZGD(r4O)f0%lF!4 zh+N}k$K@#FE%hmkiL~9PBF%ls6m6s_+8vF>nu9C&z=&x?BbD!K5EGi2?eVSAc$c{` zl1lf|ktN(8GP|P`@*9c8WnfqyXnI4@xD>!Kqd#gf>}1%TiG=&Mp$Z3+@O5Um=Q^`H z6pb^q|?adGqQ^n@t~F;6^rYMnzq9Z9^gJ(^)zam+^ly zas5eK;%_;&X0c;f1^&*)YNH%X#3b*~q{wzIa)VUV817i)B#JChxj^=+s>J{moip{3(cPdZ<^>&v(dp3N3Yeh=p> z*cp;fpA?-|k%^YS(dpAsd1!uTpSWxoU zbAA@wtqaw9Y-|Zh;aXmvCl#Kh3w)GD2fj&sOty{Gp&16QP&ZK(^^Osbv;7(`3eNxd97fM0a4c^gzVCA47gqH z({MG1sdBf5W4P_ISHr1oRYo+N#z2*W8csf`GOFR2&~`bb;UBY6#>O-pJCt3r8a~%X z8Jo~>>|l18((vPK6dQ89$Vb`_RjJVMc?txr(s2DcbD@TRT$A@|xV)vqYnN*H0!_X~ z!%xugMh!nv!~Gh*P{R!k|AdCOY4}MRzFET;X?TZ*pRD0M8h(m~_i6a48s4wri#2>e z!@U}QhlZb~;lmoPU$^hn@G~^|T^fF-hTo^*XKDCu4L@7M_iFe#8a|@ov?eK)QUpp7 zC`F(Yfl>rY5hz8V6oFC%N)hN`Kl*ko==7^HGBBl#YxnH+yLm&*-vo)*rN<1g4eEtn_ApR{>eC{K<*Wb?E@o*e&% z&C|koa{Mlvrv>rk_{}y?i_FRK>usKHOiYf4Y@QaxljB#|JS~JL$5-1tEr2J-eKt=E z-^uaQY@QapljHMjo))^3;~tx*8y=J6?|z{AOAB7~-{xtdi~id@EpX9)o2P{>`fu~J zphf>}o))s`zs=JE7X7z*TDYSBHctyy^xx)bp^E<7JS|Ysf19U;Df(~ov>-+QZJrjQ z=)cX=0u=qX`Nf=n_kGoWFXvyid0J?q|29txO!VL8X<>=}+dM5O(SMs?!uh)tkJ+~T zVw!Dh7@u$8-?^}mf5XAQ?BHK=@IP_z&pPfpCK z__TxXb?^}fe~p80ckrzaKH%UlcJTEMez}8R;^0ql@CzLLu@1i6!N0$%aD0F7;NNlZ zZ#eju9sElU{wEIpS)KR2)0}zXS|jtCG5GpK+ophT#P^)Bj2bjdk;Ruk`8oI&kr`7r|tDS-UZK@q9=!BlCte*BH8Z zEtu?chjY1X7Y92rvqmO8W@OqAWmOWbcDPBNLbaf5>>OFLj+6?TW;WOw|E@g@q?k`~7nn>L&J4M@ivPp)h3( zwc-~z_?VYhJWq9tuvhOT{<)_$7it_XsHT_ao6eixTxkA~ZvJ0T=P(~MZhre9PDw`Q zaRY}iBl814CwDi3bQwc4m(Y!BbTI21F?QVA!7C4BH&QE-9UQ4Lb}Y!^JY!^jM!opK zpUKeEPtdLA>|C60GW(6pE7@z&Ipe^sn_&VK?5)o|L8rd#&!L!kN;4*mjPQOuWen}$ z4h?ZV!*j6m5mx!g2wD91>_ud8=vH#o7|eQ%m0T!wie?O+-HS7T^lT0p9pq9TD3UA2 zgY&tD*)XQr9Y&^gz#03Y0ICjT$6+KBxNmU#eV)o&XfGRT zzt2FO2-=_jn`$2z-2OmWdO3Ex`*AWf5UU;KH(x+o2ePxd6AQ{X%e!|rkhgju@?~4t zY81l1_!B(NJT(+}K*amULiyPSJD_hu;;m&+PT9&Q%9idS<)H;T^TLmFBrx#LH2jaz zpM7-kL2f0v8#^9SC(zsC_r~F{&IeGJN;C2@Yfed#Dv$HHg6UaQ_ZuC!oRmx<~YN zjGWD2UY75ZvY2o`;zCak!A5x0*bx}v4G81+^IZZE>A#X4Akm=(e_L zXuD6boqsHxV(V}{CL(z%@9KfMq1^3k1Jtu$p6kA~n&y!)_#=DZAVo~n;g3i41 z?W9aotkG89!)p&@FA^=)=Y_B0NYN=)$sMODwjBp1dx{+*jiZ@ji(zm26#E3si7EE2 z<5ghFrMo+zp--{x)HI)BS4&w;u^ui|e2T53Imu@bpJJzw=+J_O6?UMnCPYrLd;U;t ziZzo&;S{?K(6lKQg0`GuzefGEDK?Mn6ihK3#M-iN{+`qV*zxegJim;@Tt`)k6 zfb(5szt9~6KL#I8%=>T?i9gC+K9GGyh-I_imca7@nBaP7^OvG;bkd$8AC40~puROL zFz&+v4!6R!cDR-%m-(K291Y%3E5zF&o+dM6WaiU!+>qV+`Fnhu%U>e4c~eh|Z7zQ{ zwuguJ(&00I3PJFzGTRSl(o=)m4|~!V-b`}~S3$Ly?vL{MaUlCVIkuzx5 zV!ts|zKCN7vOgr-d8_-##uKz)&3+MQ$7}4164BI9;P4rNsUqkc2MWPIj^^daS)A^s zGU@jyZbLYSy_fkJLh&#^1-DOS$_UT<;i?dGDDV}wym0fh{#1G5;#2FFY@-W%Mhl0wAiLWwIEv9 z2ZRi|`5rY5hz8V6oFC%N)aeUpcH{p z1WFMoMd1G>0`yIWDr$@Fj?gwew#OZ4{*5y|lBdV;bT@z=x6@s2daSPAA;--DUewbf zdQQY{q7T-*TSIXx6olr<-M9+!-D*~zT$GCj^yYwz14xB>8out*EO}8L1T4oJ#N%`7R|VD5B$dsShn;P z+%p5+`D!jl-yhxwx)ikH^;~Wg_`9Hf1jKqHm+Jt15p);mmA}d54uU>5p36;up7M4s zw-7=5yLWQA&7c#Y{h+gd3w_vI4B7!&4>|z44s;i2Kj;YP{h(u@RsV&XRIqmus28*a zv=Mfw;I1k!o*OqZPk)tX(cEJyhM_|^J=U-JRW8Th%U*K~y`{j;#IFv&#$V=geXzxj zt6F>9!pkb>Y^@kzmz=cf+!be@4wUPE26SKyF(5z|vTNbj51jh03bl17eovy$c$mOg z;JB*W%9@Uy)e48eQvCz?J$i)tAEW+3)bsBFlzwww|83OYgL>S_%iHhC*Uv@2cORkt zJk&ph`fgpn>>6%>{G)HyD=Gk2f{TRg+^*kQRzjgWgJ5m3SujO)sx_;S>w*3cC zKNsU+7Sw;rt|!=YV_OR!$z#5HD|}j{#*@a4e#@YL3+&8%3yku?7@RR9<>7WnrUk#- zF-OA~pP4_?r3jQF@K=g}`Yu_0hpfIkZu1v5 zK$i?u=$mIMil=X`b)LSl)_M8{T<7VVZz^*IVazKw)VHadYXr})A+V{wqh2In`mDjuSx@U8D%+)?`nDD?Wbs1l3B5=) zHgK&#ap}X$u&ki#Ybvz1qJnphM4@+zQ4~HPKe|?a56HmMT8xTnpI+UiqU7+l5$_+w zIfU24I6oji=Eb6o^Qzwyl0QM#9C}` zB;76Ph@_*Ej!8NpDU#UnQYEQZ(i%zqlD0|OA!(na1CkC)x=YgCl8#6^D(RS{6OyVV zI#s6&KfIFGNa~lgP0|iY`y?HZRA?Xl--?bxU1XkEak_;;{T z%>VCm`IFi8j&`5q_=M}y^pUw6Yn#bSg+wEC zOMI@xD*1D{olh|5ad!pBPqNQb zO1>HRe8p%q;(`yj;9mz`#TK!J9hwnrQa-+7dBOI%*m()~>9EvyzOdty<{rd}*$exu zLjsaaxY#)nC%k#oGrtgo7%yi5FV^47T<{q1)1|IXZs+n!tbR(;7%7iFS_8r zbHPu*g-J0#&jCKKY>}PkMfubKoZ@zgBW_o?*m(`}b3Ww9mk0}k(om0!{6o_Ia%o@r z_8joj;7?VDFrfCAH(c!0;euy=**vDM?_{%V72%4}=#?(`w_WhPF8HVmKJJ1)g!xAC zVKP2vNuNH04i@wCdoK8-3toW}WHCFZyWp3&;8(ifNy5u;b?w!HiOqiCG=H4?=`AjH zMqTjVaJ-7eWMKF`P}rZt<5t)vakVm@Ka%ov&y&hp;52X7$m@MNK2qtCxJS;n69mjY z54>1D!JXW`6w=6dfzxrxdED5`@snA9rzVWe$6f6F!Ug{W$E(=)&lPs)9xat~v2duu zb%-<04Zw?y`&BOZ_c&g~E?+9_D*LYir?`Dn#;03UvpE>@V)mE0;OkxRkPE&QxL3BN zlP|i+-w&MpJkc?Z&$!rm(FK1;+NqH9;CgR8`X`0CUxFwe848_bYE0Ii@ zp>#hBCwlv05i8P#q-{kdC@Wpm3?-AHZ6>l#CbzNfWT-b{cBOlJDfyhnnUJ&!M3KwV zs;R3E_x15afh~=u8BLHB<^O9i&AyZsTN&w(gws|u5wE?$*RmoNxt>xQy43cClJ2!D zQER5-N3>9%uV0B=hw(HegKVkwq3@CIP&#Iru>_Lo^(A7_@HXBQQXAGI%V(sYl6NB2 z9-b<;_*U?2oIqkRB;|9L^GP{tTi+3+YK2rJ6%HLqOg7qyY=6l}_lGvxnS|hnN+D*E z_=if7ts``xPIRC%)b$~PG9JlLe9IBcNvTxd5gV&@mhfeo9QH+>pt z9cC3JdPP1{n)6Xg?g$PkWRZOpHj!~N9p-#Z6sbnnwOoGb>K3S^JI!X(yvlb$Tk1OT zSh^_`i_x&RH6XJiY$AhZTllkWJ)gx6xOU^})_@tVn1`G)rYc?`-&8Ii4 zZf$O|?O(ojZ7_hms;e(;37B@OR~{jMVG>7~{uR4;BvPb`GR8^~N39v*X=L@huYN5J zq@5YosfI+Rp$$9>tl5mbr)zty?pSC`Du|BBjI7gBX%-kZk#ZIZE~9ZXor<_*-E}mo zI;rKqbx0H@=M?QBDJCVo6uCJm|LRfYh%NAaT4rB|8{{Zu@zwMEIz&Wb&;k!JcT*zW zFC{RBr-_Y415DP7j5ANudNk=+^{!Rd`gqgf1SR+_7+SXG%4!_Ts$J5~>gjqvQZ`%4 zC0po11LJ2h>>`fbs&=@L(6q3-AE`ykAzRp@PiAPf8$j|@%8AUgBs)e<%rTMQ)t09j zMnhISUGiTo-Lcba1mS;~MR>YJ-ieQzBv?12a!@R{_SG#`>CSY)!E<`BK8QS9UH=0 z67gxK>aBzk>A$p|XTNS+-_y${*9FkyDT~7aBq_EN7*nQZA02mbNRCh2ZTS&drb{m9 zhsYFN2=Sca6xbv#`*56`_7axEQ`I5l5O>tzoLDbnVW|A&ZN3^hC5EkjIxVWxV*};` zc;xiPh#?!YYQ1>U=|Xppc2x7RqvX#Ho4$H+BL4_}7y3%0gaL9KK9NfrLo_WbcVXj2 zGJ5;9{LHj36brRXfnI3qNZIiVQd;{}4rzYQNly2iM&>U}r%xtU^hEmgEZTf#@~r0t z4o=IwKWzqK)*_Z$DYg5w4CKyZIC2!Hw)I+}PEac;Xph>8#_|6H^s#E>LXT8qAyM6z zOdxMM-apJko#`n4E0<`Ogpd+@IW5(=cuy$R!>YTs#nFVIR#Md9{|!jtDzShuQJ0Lw zLZl$K`eGKV=8LInY*uecfTfL8B+ROjDI6@V-5{Odmt)nD9=TfU>4G)Ip&8@=kM#5Z zJpg^gbpp347IMOd+9o^X22667L%mV7C9GpNW7Swr_F|PNSFcA;aAySfo#`I7DD-|K z6-CwaRDlXvwN3O4{BR4+)>rQ_Dk_)RB+3hJhZU3taJs(p|0g=LK$@Pt6qaU(zIxuI zsJBpjn*Noj$4Ao%)qnMzSkXGEKTA@l{~_SG6=U~bJx5k_w{)2LNO4yB>UnMy7=>K5 zubxXQs-8nbgcq`*m+QgMGhU^yp6e>wC54s$N>0(wp`M-@D_%V}R+Kvp8S)>us%`(V z$;%G>r7qg~l>%4Kvj?QZs(okwzasT76>4-dM-)lbb9BlNaP@^@-A3+jH6qTg}o51%fC6;*P|gyI$5?a<#P^%d<umq$sL}OzuNI<;zOD>Q3(of6aOi(&jSy7yLaC<+wWSy8AH7N; z51aP$V)g%#IpeL`S9Asp(k`R))${4b7SW256I_1&E4&i= +#include +#include +#include +#include +#include +#include +#include + +#include +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#else +#include +#endif +#include +static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; +unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, + unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + strcpy(identity, STR_PSK_IDENTITY); + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; + + +unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) +{ + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + memcpy(psk, thisClass, 32); + return 32; +}; + +std::string toHex(const uint8_t* data, size_t size) { + std::stringstream ss; + ss << std::hex << std::setfill('0'); + for (size_t i = 0; i < size; ++i) { + ss << std::setw(2) << static_cast(data[i]); + if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 + ss << "|"; + } + } + return ss.str(); +} +void ClientHandshake(SSL_CTX *c_ctx, SSL *ssl_c, BIO *readBIO_c, BIO *writeBIO_c) { + int ret = SSL_do_handshake(ssl_c); + if (ret != 1) { + int err = SSL_get_error(ssl_c, ret); + if (err == SSL_ERROR_WANT_READ) { + std::cout << "SSL wants a read attempt" << std::endl; + } else { + std::cerr << "SSL_do_handshake failed: " << err << std::endl; + } + } else { + std::cout << "Client handshake successful" << std::endl; + } + + int nread = BIO_pending(writeBIO_c); + uint8_t *buf = new(std::nothrow) uint8_t[1024](); + memset(buf, 0, 1024); + int nr = BIO_read(writeBIO_c, buf, nread); + std::cout << "Client: [" << nr << "]" << toHex(buf, nr) << std::endl; + BIO_write(readBIO_c, buf, nr); + delete[] buf; +} + +void ServerHandshake(SSL_CTX *s_ctx, SSL *ssl_s, BIO *readBIO_s, BIO *writeBIO_s) { + int ret = SSL_do_handshake(ssl_s); + if (ret != 1) { + int err = SSL_get_error(ssl_s, ret); + if (err == SSL_ERROR_WANT_READ) { + std::cout << "SSL wants a read attempt" << std::endl; + } else { + std::cerr << "SSL_do_handshake failed: " << err << std::endl; + } + } else { + std::cout << "Server handshake successful" << std::endl; + } + + int nread = BIO_pending(writeBIO_s); + uint8_t *buf = new(std::nothrow) uint8_t[1024](); + memset(buf, 0, 1024); + int nr = BIO_read(writeBIO_s, buf, nread); + std::cout << "Server: [" << nr << "]" << toHex(buf, nr) << std::endl; + BIO_write(readBIO_s, buf, nr); + delete[] buf; +} + +int main() { + const SSL_METHOD *c_method = TLS_client_method(); + SSL_CTX *c_ctx = SSL_CTX_new(c_method); + SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); + BIO *readBIO_c = BIO_new(BIO_s_mem()); + BIO *writeBIO_c = BIO_new(BIO_s_mem()); + SSL *ssl_c = SSL_new(c_ctx); + SSL_set_connect_state(ssl_c); + SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); + + const SSL_METHOD *s_method = TLS_server_method(); + SSL_CTX *s_ctx = SSL_CTX_new(s_method); + SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); + BIO *readBIO_s = BIO_new(BIO_s_mem()); + BIO *writeBIO_s = BIO_new(BIO_s_mem()); + SSL *ssl_s = SSL_new(s_ctx); + SSL_set_accept_state(ssl_s); + SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); + + ClientHandshake(c_ctx, ssl_c, readBIO_c, writeBIO_c); + ServerHandshake(s_ctx, ssl_s, readBIO_s, writeBIO_s); + + SSL_free(ssl_c); + SSL_CTX_free(c_ctx); + SSL_free(ssl_s); + SSL_CTX_free(s_ctx); + ERR_free_strings(); + EVP_cleanup(); + + return 0; +} \ No newline at end of file diff --git a/src/common/testbio b/src/common/testbio index 7c5239794067e8b028cb28a59477034d07e1ed00..68ad0b8871b61a631f11a12f12a9e0a7d926a447 100755 GIT binary patch delta 7157 zcmb7J3v?7!676XiNHCDZWSD$_0Er|dLlO{8P~@YVFd(dikGd|fAfH9RAIOn)l@Y=y zW2X^mf-JfkP+3%#g$-yn2QYv-o|OXuHJ}pyx*b6f6o`nKy;ZM26Pe(VbJDN-)vc;q zRqxg7X%_qC#eR8Xl%t(1OX7d7EbV$nZuEuL;_*V|P)D94KCwhRTB8<_&nC7j-(QhD zG&L>j*{qXi_dap%r|KPLm1V6C#mFm)D`&)wa?2OfwC$N4<&>^kU1plxkXCsqvyH=>5%bur5WW(WL8X37OtB{T3QgnP(VF0}Na!r*s8 z$^%5N34@K8?d(;@)Dp$SEu=5Eh~^XDHL`Us>vp z6SF*E_Kij+DzGY&4fxy)rY_k=o>1uj(Jk)P(_|xt9WjK&$AL z{s$H#E5|O7H&(N}ac+dpGNweaS;-3O^*k9lqByNn?npF8PdLrYO{ zDTJR>pb_v_XdmTLRNv(GcT{MZd6^lM-J0e`sd*~d)5@mTQz;sBai&0>*Eij zGd)S7qD4Hfss!ZK9|~2+aG&C(efXRejq1$qO#SOauj+iUzvyJolh43Th2w=Ja6m7E zhF5Vp2@xyW+A6_JY$;#=vt*LPSDkx1nI>;CO!hKO5<-~F7A9Z2m9X3>3x!46iq#TY zyValWg7ItY)Ir~c@@Y}i>Qhz9K!lhN!MIgHgY>*JCTT@bM`aX0w*oarHa+^on!<-1 zrtsvfNj1Y9$Uy}40*H}052m4tNx1)kMkYcRmCgw#K&tVq{2lwy|QH$~J@gcrw_0 zRoq9BDXvfYSzf0D^d8ktKYW_t{;sHo)h6fxKI3RWoA9A69t14lU(cm;E=w^JdX7y7 z^@eW=ils;hk-4vlhvNE^?eqr%sm{KZcBP^Hw$O$w#*m>LD@>CWKFg*iVgv9@vY-Iq zLkvVQm|gg$6akNebfrcHajJS*q`c-(E(_I}1isx2o&)Rq>r zRX5K0b)=@aHs5UV8%i@&+gmXrb59^S!vk{{2aA@99z0?(QcDM5cmqxZr(ZUsjSVy> z4iN4^&3m8&hRu!?;cewS7sY5y7dje6an59>L47jBqT5Jz5`HfxMO*NR3fw6Yh-|Gj zjG$6I7-+PmmYR|$e3f&y_97x=Yu-&(w%U^+dnXJafa;t=o|55Tb#7y9P~Sq504;l? zRWH)T8abk`A{&Y;!M3^%U=c)M=ZvYI;Xq zX5MZvcywkSI~8BpS(qXSXnn1)vVaoX>y`fzZ+|{^)O%Q#lCFx0Lf&uU{Xr#Z^ZoWL zP*xY5XtAhZ7eRfc?jy6!wp2MWQ(PTv7Ox>irQ2xXOR<3wvLr>=yRqzOD=?+o=qkth z(}6_h_a~aM=NMkoVNcXRv?|~Eugw}n3FixLv{KL!V3BU`N~N5V@14Bg+q2di*nv>_ zNOkNm1kFyJZUO*Jsy zNL!JndD0w6Fr)2cI7(zkNHI|ndm)|^KwWFI0T1{N=%-=l7qw_$$FBQrDwhbPItN*9 z-eFl#-ypOhyVJCJK>yp-CRYeLz@58ZP{lrc^lM%Rk=hmqE!x)OR2*}Y@kUG``-*E< zZ!1;zGC%R#1zjuf6{(Do5;Vljm&c#2HrdwmfVE~W7WBn zJqGn^vfq6DzAHH8+nhcC$XdVef+8*qYIp(DRgPVx5?R&R&GI_J@LFVgC7>wj z?c^1$Ky^08TWRggI9g*OqM-f~W=P?P9xrG_-Zb31pOW_nRFR_7NS7jJ{A=~HLTdYE75i|q1fGVoUplJ%7GX6yGZQd3-wxx|5gDyTGLVuJeig39q6i^}5!Qk^yU^)43F&4!y? zp$*x`h721q`D&9LE#HsYxN}E%9Yi`vIB0Q@T%zKbn~ck~3ZWxaci8+6(u|1->d|JGz1;2?ic1b-7@1GdjrN~Qq0~^ z=u?cl_k}`NFdo8~h;Yh24TZMidG2SSkO!}@jTnbxyr(V{D#Q5Yflz2OMi0I@UctB! zW2aV<^b$r7^fzG~jxmUF7RJwe;-(BY?eKYUJ;weRcVk?G@ifLg7-L}Q@I~#dk{*ta zw0$LRN50ljl8O8HQEp#NZ78%60P`O{f=Olg`!l}l;TMi16?KSvM!utcn-MW>qwq-b z_4pfq4f$@!M?;Qx8(V*@kSr(iWT74oGJWI%`hc4@0e zXZq4U3x!JXHL~@RFjK>pv?^`gYCvab5TE`?@MU~=rKMrH8)my32YD7g*4`a1mqo@& z|4GOvK#mVBw*E-g*M^Kq^#vT=%AyfcwEMFH>2kCmE2gZy`(lB#yFJ|>j&r|QD7_N@ z6UeVka90&dbqQ}dB}q+oe_klnCRf3Hc_;VfLg~{^HNda#>VB!8q<7VUukY^O+E02h z{Y)E4T9)mu?CkrBxG4NDmDXMX7YICXMjkmtyZpdf z`GaC@&5Q~1J3};iX0d#HNae7ZT@vJ}-L)C>bK6CEg^4Jywq|~@BSCAJpBHWacU(7L fL3CA#fK+LddAm-#2PmX_4tr<*``vrL zd+-0>8Fqz7T;UOS2HJuP69oDcCa|Y$nL%~_{I;%gxGl@pJ!A~OH6`z*4|w# zZhGgWXU_&lWy=pW50^}?Ecg31L_9jAa(38Qr}6?{fM9nj#bbNm~iE3^py!#>TvEbo@+^f zY7=+Z2UdGZ%J^z9#A}m!5~torWAoFTB8Zh~NmH@`p$^BO;NdOqA)ot2V_f|`X*~se zl?1GAZY81|tDqZ*$CX5MJSE~OV4>+h7b7)RlD;rd;wXvLq&w4Uq2^dspQp~eYA~<9 z)vwSg3vmXei{gaz&_p@&ckN@zirl~5=|lPk!~Oehd*!Q)gD89gDRMO`U) zX9-=;!i0uoN9uiIZ)67~|DP^JQJ4m{HXGB~myPNCn4OYDZSAB#=}=ZmXJ}612%|sG z{`bk<(564vLGATC)}H~la8ci465EyI3~j%i^4ZxO7x41WMP7xuDM{p^6J8e~7vfc( zn;2&By3+!SxYZBl(rNMQJHowaov-MV1#_ke(%zX<=FR(U{NlNiw`iNMXeTWyqt?-u z*R-k-8cwvIuii8>Q0)DB;?O!KDfUf+`S|(}<9H9tlp|=oXVo=eA<2&JgrHHjg~<4M z_&IV*H_#=etl0k*Yq%`bT@El@B7(c@$6bCt2(jdHD9;biUzGs!+#E_Tf%Bg@o+Ded z4BW`LZIw~mI!L$)Jew`k885$XFqS!QXoc*d!>@#hMmWe1i$P`khH~U#>@_h)jxSIK zKD8LsP&O#!R$T{$%i)VMv9ne4)LlTw&7sRJXcvMWF`%8Dz^<_UaBC1RXwG-)4#)(W z^UHx|C9mO%f$^z5;g-8qA_RTHxgptXE4PzW4cd~5-C^dokbL^oIq0zcmY9WfWykje z%&3b2bPyY-HeW-yXEgXX=K|h9Ok?`HVGv#hnAg)teY0ZBuxG)xbxYu$+~o{Y6R9x8l|r~nRK@$O!s;y9-EH>-yQ0<-=` z82jHy=TmoZYtV&~&P`+LPlit`_6M8}0B<_Y?#?G%N8P1j@b2PvHakZ}k47`uaipKg zZvw7hcL#xl%6XwUBfX3E_=@)F^LG!F7N2=-=Wil#dVCxmyn<`|nL$&i{Rj*L$Hq+R z;0?tFJd6ow_tz6u?7t(XK6L?D^LZ0$72##R$OnU)cVHqF20QiF9%i+kA)r2(IvY!a z+U|3z);Y)ssjzG6Q`SfBbOYP`7d^Fn@-m-m(5p`Y~1j?$1>RJolxvI96V*ko~QG0 z5s$;NyUn98l@r*QXQtI3Q2cm(b{Rc;CPRROuq_339bcFU3vva2Wl&Jt{=9tvD02?Z zHCcR4A$;mq)s1f39jQ-{ne6CkvDghID%+16UkLS%5(S}yvl~Z&ZUd%lKYoj$o5}V1jPyI8fbrLojneI843>I%ALD_LX*JQB@(XukrDsUBcLGSfb zXlXocE`=NUrt6^+DO9_+o_LG^J4dk}(cxbAS@k~nd8`|)6xcD}q7r~Biv2}1%u&+$ z)cxEVbQ2AqXVq;_y4=j^08X%QZ(gFE(9z(cr1_>^hV3zq88s{w{mYIsIcBMTjVlJm zr>^;rrtO7N!P~)jb()kO@pK=!34N!pO%Sf6!q=_PxO>=iOeQ>|z8%=Y;ToCHvX$JCDkmVpR zp4GHHAWPxN_yFYJLB{$C!Wob*uvbBj1o;T$9FSq~idYV^Faa(;g^L9sPl0Rzc@3mL zyg-G3qlgx^drWdv?bn)?3}J<#UBXZ#!5>T`A)nnGlM+>1t7){1D)_*#5EjDUah3zW z+H zztGWNgL6>`69D#hX(s&ty{k0K7Q!x+-VjF>urt$k1Yrg6vz8T3ce3@<-xOmDSnnCd zVsHVQJ>wPhd}2nj7#&~8ak$y=b1qmAdV}Y4Kw#E&acKd&H*1S{dkEV&`xUXVfQhda zi(!S8BVLOO7g-FOy)-j8Pj``5$Tlu5wgs~*OS6KkpYsyj{eyPuKl1HlQ{4T#j~vHi Q8FB?1Gda9+pZk>fKT#+L#Q*>R diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index b51790f0..2cfe5057 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -796,8 +796,6 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan } if (payloadSize > 1) { // session handshake 5 - WRITE_LOG(LOG_DEBUG, "ssl hs server buffer: %s", - Base::toHex(reinterpret_cast(payload), payloadSize).c_str()); int retw = BIO_write(hSession->readBIO, payload, payloadSize); if (retw != payloadSize) { WRITE_LOG(LOG_DEBUG, "BIO_write failed"); @@ -811,24 +809,17 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan if (!SSL_is_init_finished(hSession->ssl)) { int ret = SSL_do_handshake(hSession->ssl); if (ret != 1) { - WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", SSL_get_error(hSession->ssl, ret)); - } - if (ret == 1) { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok?status:%d", SSL_is_init_finished(hSession->ssl)); - // session handshake 8 - // Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); - WRITE_LOG(LOG_DEBUG, "SSL handshake ok hSession->sslHandshake = true"); - // return true; + int err = SSL_get_error(hSession->ssl, ret); + if (err != SSL_ERROR_WANT_READ) { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", err); + } } int nread = BIO_pending(hSession->writeBIO); - int nwrite = BIO_wpending(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "ssl hs client nread: %d, nwrite: %d", nread, nwrite); if (nread > 0) { uint8_t *buf = new(std::nothrow) uint8_t[nread](); int len = BIO_read(hSession->writeBIO, buf, nread); if (len > 0) { // session handshake 6 & 7 - WRITE_LOG(LOG_DEBUG, "ssl hs server buffer: %s", Base::toHex(reinterpret_cast(buf), nread).c_str()); Send(hSession->sessionId, channelId, CMD_SSL_HANDSHAKE, buf, len); } memset_s(buf, nread, 0, nread); @@ -852,24 +843,20 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan bool HdcDaemon::DaemonSessionPSK(HSession hSession, const uint32_t channelId) { unsigned char* buf = hSession->preSharedKey; - unsigned char* payload = nullptr; + unsigned char* payload = new (std::nothrow) unsigned char[BUF_SIZE_DEFAULT2]; if (RAND_bytes(buf, sizeof(hSession->preSharedKey)) != 1) { WRITE_LOG(LOG_DEBUG, "daemon session psk random set failed"); return false; } - WRITE_LOG(LOG_INFO, "hdc psk buf %s", Base::toHex(buf, sizeof(hSession->preSharedKey)).c_str()); string pubkey = GetSessionAuthPubkey(hSession->sessionId); int payloadSize = HdcPsk::RsaPubkeyEncrypt(hSession->sessionId, buf, BUF_SIZE_PSK, payload, pubkey); - // delete buf; - WRITE_LOG(LOG_INFO, "hdc psk buf %s", Base::toHex(payload, payloadSize).c_str()); - WRITE_LOG(LOG_DEBUG, "payloadsize of psk is %d ", payloadSize); if (payloadSize <= 0) { WRITE_LOG(LOG_WARN, "RsaPubkeyEncrpt failed"); return false; } - Send(hSession->sessionId, channelId, CMD_PSK_MSG, reinterpret_cast(hSession->preSharedKey), payloadSize); + Send(hSession->sessionId, channelId, CMD_PSK_MSG, reinterpret_cast(payload), payloadSize); (void)memset_s(payload, payloadSize, 0, payloadSize); - delete [] payload; + delete[] payload; return true; } diff --git a/src/host/server.cpp b/src/host/server.cpp index 2d13cc46..2e03f3e1 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -563,33 +563,27 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, hSession->isSetSSL = true; } - WRITE_LOG(LOG_DEBUG, "a"); if (payloadSize > 1) { // session handshake 5 - WRITE_LOG(LOG_DEBUG, "ssl hs client buffer: %s", - Base::toHex(reinterpret_cast(payload), payloadSize).c_str()); int retw = BIO_write(hSession->readBIO, payload, payloadSize); if (retw != payloadSize) { WRITE_LOG(LOG_DEBUG, "BIO_write failed"); } } - WRITE_LOG(LOG_DEBUG, "b"); if (!SSL_is_init_finished(hSession->ssl)) { int ret = SSL_do_handshake(hSession->ssl); if (ret != 1) { - WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", SSL_get_error(hSession->ssl, ret)); - } else { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok?status:%d", SSL_is_init_finished(hSession->ssl)); + int err = SSL_get_error(hSession->ssl, ret); + if (err != SSL_ERROR_WANT_READ) { + WRITE_LOG(LOG_DEBUG, "SSL_do_handshake error ret is %d ", err); + } } int nread = BIO_pending(hSession->writeBIO); - int nwrite = BIO_pending(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "ssl hs client nread: %d, nwrite: %d", nread, nwrite); if (nread > 0) { uint8_t *buf = new(std::nothrow) uint8_t[nread](); int len = BIO_read(hSession->writeBIO, buf, nread); if (len > 0) { // session handshake 6 & 7 - WRITE_LOG(LOG_DEBUG, "ssl hs client buffer: %s", Base::toHex(reinterpret_cast(buf), nread).c_str()); Send(hSession->sessionId, 0, CMD_SSL_HANDSHAKE, buf, len); } else { WRITE_LOG(LOG_DEBUG, "SSL_do_handshake failed"); @@ -601,10 +595,8 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, } } else { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); uint8_t count = 1; - // session handshake 8 - hSession->sslHandshake = true; + // session handshake close Send(hSession->sessionId, 0, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } @@ -620,16 +612,14 @@ bool HdcServer::ServerSessionPSK(HSession hSession, const uint32_t channelId, ui if (payloadSize < 32) { return false; } - unsigned char *out = nullptr; + unsigned char *out = new (std::nothrow) unsigned char[BUF_SIZE_DEFAULT2]; int outLen = HdcPsk::RsaPrikeyDecrypt(reinterpret_cast(payload), payloadSize, out); if (outLen <= 0) { WRITE_LOG(LOG_WARN, "RsaPrivatekeyDecrypt failed, sid:%d", hSession->sessionId); } - if (memcpy_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), out, outLen) != EOK) { WRITE_LOG(LOG_DEBUG, "memcpy_s failed, hSession->preSharedKey len is %d", sizeof(hSession->preSharedKey)); } - HdcSessionBase::InitSSL(hSession); uint8_t count = 1; ServerSessionSSLHandshake(hSession, channelId, &count, 1); -- Gitee From d90206361ba6d18a7cf01c1e38b84026fb75eea9 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Wed, 21 May 2025 22:30:41 +0800 Subject: [PATCH 06/11] feat file ok Signed-off-by: TaowerfulMAX --- src/common/session.cpp | 7 ++++--- src/common/tcp.cpp | 31 +++++++++++++++++++------------ src/host/server.cpp | 6 +----- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/src/common/session.cpp b/src/common/session.cpp index 395464e3..a91559f7 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -862,8 +862,8 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int return retBIO; } writeLen = retBIO; - WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,writeLen: %d, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", - writeLen, sslBufLen, bufLen, retSSL, retBIO); + // WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,writeLen: %d, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", + // writeLen, sslBufLen, bufLen, retSSL, retBIO); // ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); } @@ -876,6 +876,7 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); } } + // uv_sleep(2); break; } case CONN_USB: { @@ -1003,7 +1004,7 @@ int HdcSessionBase::DecryptPayload(HSession hSession, PayloadHead *payloadHeadBe int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) { - // WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, bufLen).c_str(), bufLen); + // WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, 30).c_str(), bufLen); int ret = ERR_GENERIC; StartTraceScope("HdcSessionBase::OnRead"); if (memcmp(bufPtr, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 20c139cc..86744589 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -397,13 +397,12 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); return false; } - WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); + // WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); bool ret = false; HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; int left = nread; - int sslRead = 0; - int retBio = BIO_write(hSession->readBIO, ioBuf, nread); + int retBio = BIO_write(hSession->readBIO, ioBuf + hSession->availTailIndex, nread); // WRITE_LOG(LOG_DEBUG, "retBio is %d", retBio); while (left > 0) { // int retBio = BIO_write(hSession->readBIO, ioBuf, nread); @@ -411,13 +410,22 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) // uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); // NOTE: here the encrypted data always bigger than raw data, so it will not make data out of range. // int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, retBio); - int nSSLRead = SSL_read(hSession->ssl, ioBuf + sslRead, retBio); + int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, retBio); if (nSSLRead < 0) { int err = SSL_get_error(hSession->ssl, nSSLRead); if (err == SSL_ERROR_WANT_READ) { // WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ"); // hSession->readSSLStartIdx += retBio - BIO_pending(hSession->readBIO); - hSession->availTailIndex += sslRead; // if read half, the next read will start at this index + // hSession->availTailIndex += sslRead; // if read half, the next read will start at this index + if (hSession->availTailIndex >= MAX_SIZE_IOBUF) { + // WRITE_LOG(LOG_DEBUG, "feed too much, i just want shit, %d", hSession->availTailIndex); + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { + // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + return false; + } + break; + } return true; } @@ -429,16 +437,16 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) hSession->sslHandshake = (err != SSL_ERROR_SSL); return false; } else { - WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); + // WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); // 如果这里队列无法消耗完,会给BIO累计超过150K的缓存,缓存超了这里就crash了 - sslRead += nSSLRead; + hSession->availTailIndex += nSSLRead; left = BIO_pending(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", sslRead, left); + // WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", hSession->availTailIndex, left); ret = true; } } // 什么时候从头开始读 什么时候从中间开始读 - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, sslRead) < 0) { + if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); return false; @@ -473,9 +481,8 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf break; } - if (hSession->sslHandshake && - memcmp(hSession->ioBuf + hSession->availTailIndex, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { - ret = ReadBIO(hSession, hSession->ioBuf + hSession->availTailIndex, nread); + if (hSession->sslHandshake) { + ret = ReadBIO(hSession, hSession->ioBuf, nread); break; } diff --git a/src/host/server.cpp b/src/host/server.cpp index 2e03f3e1..ed13a472 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -597,12 +597,8 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, } else { uint8_t count = 1; // session handshake close - Send(hSession->sessionId, 0, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); - } - - if (SSL_is_init_finished(hSession->ssl)) { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); hSession->sslHandshake = true; + Send(hSession->sessionId, 0, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } return true; } -- Gitee From 949b8dac0e4040aa8447d2784f1ca9e1a7f96928 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Thu, 22 May 2025 18:09:11 +0800 Subject: [PATCH 07/11] feat: support SSL with PreSharedKey TLS connect. Signed-off-by: TaowerfulMAX --- BUILD.gn | 3 + src/common/base.cpp | 37 ++- src/common/base.h | 5 +- src/common/define.h | 1 + src/common/define_plus.h | 1 + src/common/psk.cpp | 232 ++------------ src/common/psk.h | 39 +-- src/common/psk_original_change_1.cpp | 2 - src/common/session.cpp | 424 ++++--------------------- src/common/session.h | 10 +- src/common/tcp.cpp | 445 +-------------------------- src/common/tcp.h | 7 - src/common/test02.cpp | 3 +- src/common/testbio | Bin 33416 -> 33472 bytes src/daemon/daemon.cpp | 39 +-- src/host/server.cpp | 14 +- 16 files changed, 139 insertions(+), 1123 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index d381f6a6..c5f671a1 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -38,6 +38,7 @@ hdc_common_sources = [ "src/common/forward.cpp", "src/common/header.cpp", "src/common/heartbeat.cpp", + "src/common/psk.cpp", "src/common/session.cpp", "src/common/task.cpp", "src/common/tcp.cpp", @@ -141,6 +142,7 @@ template("hdcd_source_set") { "libuv:uv", "lz4:liblz4_static", "openssl:libcrypto_shared", + "openssl:libssl_shared", ] if (build_selinux) { @@ -395,6 +397,7 @@ ohos_executable("hdc") { "libuv:uv_static", "lz4:liblz4_static", "openssl:libcrypto_static", + "openssl:libssl_static", ] if (is_ohos) { diff --git a/src/common/base.cpp b/src/common/base.cpp index bd99ecf6..70fc5969 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -51,6 +51,7 @@ namespace Base { string g_tempDir = ""; uint16_t g_logFileCount = MAX_LOG_FILE_COUNT; bool g_heartbeatSwitch = true; + bool g_encryptTCPSwitch = false; constexpr int DEF_FILE_PERMISSION = 0750; uint8_t GetLogLevel() { @@ -2563,6 +2564,7 @@ void CloseOpenFd(void) UpdateLogLimitFileCountCache(); #endif UpdateHeartbeatSwitchCache(); + UpdateEncrpytTCPCache(); } const HdcFeatureSet& GetSupportFeature(void) @@ -2614,6 +2616,22 @@ void CloseOpenFd(void) return g_heartbeatSwitch; } + void UpdateEncrpytTCPCache() + { + char *envValue = getenv(ENV_ENCRYPT_CHANNEL.c_str()); + if (!envValue || strlen(envValue) > 1) { + g_encryptTCPSwitch = false; + return; + } + g_encryptTCPSwitch = !strncmp(envValue, "1", 1); + } + + bool GetEncrpytTCPSwitch() + { + WRITE_LOG(LOG_WARN, "turn %s encryptTCPSwitch", g_encryptTCPSwitch ? "On" : "Off"); + return g_encryptTCPSwitch; + } + bool WriteToFile(const std::string& fileName, const std::string &content, std::ios_base::openmode mode) { std::ofstream fileStream(fileName.c_str(), mode); @@ -2631,24 +2649,5 @@ void CloseOpenFd(void) fileStream.close(); return ret; } - - - std::string toHex(const uint8_t* data, size_t size) { - if (!data || size <=0) { - return string("input error,cannnot print"); - } - std::stringstream ss; - ss << std::hex << std::setfill('0'); - for (size_t i = 0; i < size; ++i) { - ss << std::setw(2) << static_cast(data[i]); - if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - ss << "|"; - } - } - return ss.str(); - // return string("noprint"); - } - - } // namespace Base } // namespace Hdc diff --git a/src/common/base.h b/src/common/base.h index fad77d67..ba002426 100644 --- a/src/common/base.h +++ b/src/common/base.h @@ -285,16 +285,17 @@ namespace Base { bool CanPrintCmd(const uint16_t command); void UpdateEnvCache(); #define FEATURE_HEARTBEAT "heartbeat" - #define FEATURE_PSK "psk" + #define FEATURE_ENCRYPT_TCP "encrypt tcp" using HdcFeatureSet = std::vector; const HdcFeatureSet& GetSupportFeature(void); std::string FeatureToString(const HdcFeatureSet& feature); void StringToFeatureSet(const std::string featureStr, HdcFeatureSet& features); bool IsSupportFeature(const HdcFeatureSet& features, std::string feature); void UpdateHeartbeatSwitchCache(); + void UpdateEncrpytTCPCache(); + bool GetEncrpytTCPSwitch(); bool GetheartbeatSwitch(); bool WriteToFile(const std::string& fileName, const std::string &content, std::ios_base::openmode mode); - std::string toHex(const uint8_t* data, size_t size); } // namespace base } // namespace Hdc diff --git a/src/common/define.h b/src/common/define.h index 90ab4168..7f79726c 100644 --- a/src/common/define.h +++ b/src/common/define.h @@ -41,6 +41,7 @@ const string ENV_SERVER_PORT = "OHOS_HDC_SERVER_PORT"; const string ENV_SERVER_LOG = "OHOS_HDC_LOG_LEVEL"; const string ENV_SERVER_LOG_LIMIT = "OHOS_HDC_LOG_LIMIT"; const string ENV_SERVER_HEARTBEAT = "OHOS_HDC_HEARTBEAT"; // 1: turn off heartbeat +const string ENV_ENCRYPT_CHANNEL = "OHOS_HDC_ENCRYPT_CHANNEL"; // 1: turn on encrypt channel // ################################ macro define ################################### constexpr uint8_t MINOR_TIMEOUT = 5; diff --git a/src/common/define_plus.h b/src/common/define_plus.h index c78bc6c4..811a8820 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -286,6 +286,7 @@ struct HdcSession { bool isSoftReset; // for daemon, Used to record whether a reset command has been received HdcHeartbeat heartbeat; // HdcPsk psk; + bool supportEncrypt; uv_timer_t heartbeatTimer; HdcSessionStat stat; diff --git a/src/common/psk.cpp b/src/common/psk.cpp index e1e66f8c..6b3f93e7 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -16,237 +16,51 @@ namespace Hdc { const std::string STR_PSK_IDENTITY = "Client_identity"; -const std::string STR_PSK_KEY = "1a2b3c4d"; -HdcPsk::HdcPsk() -{ - -} - -HdcPsk::HdcPsk(bool isServer) -{ - this->isServer = isServer; - this->InitSSL(); -} - - -HdcPsk::~HdcPsk() -{ - SSL_CTX_free(ctx); -} - -void HdcPsk::InitSSL() -{ -#if OPENSSL_VERSION_NUMBER >= 0x10100003L - if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) - { - return; - } - ERR_clear_error(); - -#else - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -#endif - ctx = this->CreateContext(); - if (ctx == nullptr) { - // WRITE_LOG(LOG_FATAL, "create context failed"); - return; - } - ConfigureContext(); -} - -SSL_CTX* HdcPsk::GetContext() -{ - return this->ctx; -} - -// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) -// { - // RSA *rsa = nullptr; - // EVP_PKEY *evp = nullptr; - // string prikeyFileName; - // bool signResult = false; - - // if (!GetUserKeyPath(prikeyFileName)) { - // WRITE_LOG(LOG_FATAL, "get key path failed"); - // return false; - // } - // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { - // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); - // return false; - // } - // if (type == AuthVerifyType::RSA_3072_SHA512) { - // signResult = RsaSign(buf, evp); - // } else { - // signResult = RsaEncrypt(buf, rsa); - // } - // if (rsa != nullptr) { - // RSA_free(rsa); - // } - // if (evp != nullptr) { - // EVP_PKEY_free(evp); - // } -// } - -void HdcPsk::ConfigureContext() -{ - SSL_CTX_set_ex_data(ctx, 0, this); - if (this->isServer) { - SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); - } else { - SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); - } - SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); -} - -// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) -// { -// std::vector encryptPwd; -// Hdc::HdcPassword pwd(); - -// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { -// return nullptr; -// } -// if (!pwd.DecryptPwd(encryptPwd)) { -// return nullptr; -// } -// std::pair plainPwd = pwd.GetPassword(); -// if (plainPwd.first == nullptr) { -// return nullptr; -// } -// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; -// if (localPwd == nullptr) { -// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); -// return nullptr; -// } -// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); -// localPwd[plainPwd.second] = '\0'; -// return localPwd; -// } +HdcPsk::HdcPsk(){} +HdcPsk::~HdcPsk(){} unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) { - // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // thisClass->psk_key[8] = '\0'; - // 动态加载 - // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); - if (strcmp(identity, STR_PSK_IDENTITY) != 0) { + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); + if (strcmp(identity, STR_PSK_IDENTITY.c_str()) != 0) { + WRITE_LOG(LOG_FATAL, "identity not same"); + return 0; + } + unsigned int keyLen = BUF_SIZE_PSK; + if (keyLen <= 0 || keyLen > maxPskLen) { return 0; } - - unsigned char key_bin[32]; - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { + WRITE_LOG(LOG_FATAL, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); return 0; } - memcpy(psk, key_bin, keyLen); return keyLen; } - unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, unsigned char *psk, unsigned int maxPskLen) { - // SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - // HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); + SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { + WRITE_LOG(LOG_FATAL, "Client identity buffer too small, maxIdentityLen = %d", maxIdentityLen); return 0; } - strcpy(identity, STR_PSK_IDENTITY); - unsigned char key_bin[32]; - - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { + strcpy(identity, "Client_identity"); + int keyLen = BUF_SIZE_PSK; + if (keyLen <= 0 || keyLen > maxPskLen) { + WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); return 0; } - memcpy(psk, key_bin, keyLen); - return keyLen; -} - -bool HdcPsk::GenerateRandomBytes(unsigned char *buf, int len) -{ - if (!buf || len <= 0) { - return false; - } - if (RAND_bytes(buf, len) != 1) { - return false; - } - return true; -} - - -void HdcPsk::HandShake(bool isServer) -{ - if (isServer) { - SSL_accept(ssl); - } else { - SSL_connect(ssl); - } - // int ret = SSL_connect(ssl); - // if (ret == 1) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); - // } else { - // int err = SSL_get_error(ssl, ret); - // if (err == SSL_ERROR_WANT_READ) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); - // } else if (err == SSL_ERROR_WANT_WRITE) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); - // } else { - // WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); - // return; - // } - // } -} - -void HdcPsk::Event() -{ - int fd = SSL_get_fd(ssl); - if (fd < 0) { - return; - } - char buf[4096]; - int ret = SSL_read(ssl, buf, sizeof(buf)); - if (ret > 0) { - buf[ret] = '\0'; - } -} - -SSL_CTX* HdcPsk::CreateContext() -{ - const SSL_METHOD *method; - SSL_CTX *ctx_t = nullptr; - if (this->isServer) { // TODO: 待重构子类,先按照样例实现 - method = TLS_server_method(); - } else { - method = TLS_client_method(); - } - ctx_t = SSL_CTX_new(method); - return ctx_t; -} - -int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) -{ - long len = 0; - unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); - if (!tmp || len > static_cast(outLen)) { - OPENSSL_free(tmp); - return -1; + if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { + WRITE_LOG(LOG_INFO, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); + return 0; } - memcpy(out, tmp, len); - OPENSSL_free(tmp); - return static_cast(len); -} -void HdcPsk::SetSupportPsk(bool isSupport) -{ - this->isSupportPsk = isSupport; + return keyLen; } diff --git a/src/common/psk.h b/src/common/psk.h index 851a74e1..216db76d 100644 --- a/src/common/psk.h +++ b/src/common/psk.h @@ -31,25 +31,10 @@ namespace Hdc { class HdcPsk { public: HdcPsk(); - HdcPsk(bool isServer); - SSL_CTX* CreateContext(); ~HdcPsk(); - void InitSSL(); - // bool EncryptPsk(string &buf, AuthVerifyType type); - // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, unsigned char *psk, unsigned int maxPskLen); - void HandShake(bool isServer); - void Event(); - // void Dispatch(); - static int HexToBin(const char *hex, unsigned char *bin, int outLen); - - bool environmentSupportPsk = false; - SSL* GetSSL(); - SSL_CTX* GetContext(); - void SetSupportPsk(bool pskStatus); - static bool GenerateRandomBytes(unsigned char *buf, int len); static int RsaPubkeyEncrypt(const uint32_t sessionId, const unsigned char* in, int inLen, unsigned char* out, const string& pubkey); static int RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out); @@ -57,34 +42,12 @@ public: protected: SSL *ssl; SSL_CTX *ctx; - static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; - constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; void ConfigureContext(); - // char *clientPskIdentity; - // char *serverPskIdentity; - // char* psk_key; - bool isServer; // unsigned int maxIdentityLen; private: bool isSupportPsk; }; - -class HdcPskClient: public HdcPsk { -public: - HdcPskClient() { - isServer = false; - InitSSL(); - } -}; - -class HdcPskServer: public HdcPsk { - public: - HdcPskServer() { - isServer = true; - InitSSL(); - } - }; -} +} // namespace Hdc #endif diff --git a/src/common/psk_original_change_1.cpp b/src/common/psk_original_change_1.cpp index 0b787bd5..3d60344b 100644 --- a/src/common/psk_original_change_1.cpp +++ b/src/common/psk_original_change_1.cpp @@ -25,7 +25,6 @@ class HdcPsk { HdcPsk(bool isServer); SSL_CTX* CreateContext(); ~HdcPsk(); - void InitSSL(); // bool EncryptPsk(string &buf, AuthVerifyType type); // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); @@ -454,7 +453,6 @@ HdcPsk::HdcPsk(bool isServer, std::string& inputKey) HdcPsk::HdcPsk(bool isServer) { this->isServer = isServer; - this->InitSSL(); } diff --git a/src/common/session.cpp b/src/common/session.cpp index a91559f7..87c5a19b 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -610,11 +610,17 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) #else Base::CloseFd(hSession->dataFd[STREAM_WORK]); #endif + if (hSession->readBIO) { + BIO_free(hSession->readBIO); + } + if (hSession->writeBIO) { + BIO_free(hSession->writeBIO); + } if (hSession->ssl) { SSL_shutdown(hSession->ssl); SSL_free(hSession->ssl); SSL_CTX_free(hSession->sslContext); - WRITE_LOG(LOG_DEBUG, "free ok"); + WRITE_LOG(LOG_DEBUG, "SSL free finished"); } ERR_free_strings(); EVP_cleanup(); @@ -631,16 +637,6 @@ void HdcSessionBase::FreeSessionOpeate(uv_timer_t *handle) { StartTraceScope("HdcSessionBase::FreeSessionOpeate"); HSession hSession = (HSession)handle->data; - if (hSession->connType == CONN_TCP) { - // BIO_reset(hSession->writeBIO); - // BIO_reset(hSession->readBIO); - // BIO_free(hSession->writeBIO); - // BIO_free(hSession->readBIO); - // SSL_shutdown(hSession->ssl); - // SSL_free(hSession->ssl); - // SSL_CTX_free(hSession->sslContext); - WRITE_LOG(LOG_DEBUG, "goodbye"); - } #ifdef HDC_HOST if (hSession->hUSB != nullptr && (!hSession->hUSB->hostBulkIn.isShutdown || !hSession->hUSB->hostBulkOut.isShutdown)) { @@ -827,8 +823,6 @@ HTaskInfo HdcSessionBase::AdminTask(const uint8_t op, HSession hSession, const u int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo) { StartTraceScope("HdcSessionBase::SendByProtocol"); - // WRITE_LOG(LOG_DEBUG, "SendByProtocol buf:%s bufLen:%u", - // Base::toHex(reinterpret_cast(bufPtr), bufLen).c_str(), bufLen); if (hSession->isDead) { delete[] bufPtr; WRITE_LOG(LOG_WARN, "SendByProtocol session dead error"); @@ -840,9 +834,6 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); int writeLen = bufLen; if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { - if (BIO_pending(hSession->writeBIO) > 0) { - BIO_reset(hSession->writeBIO); - } int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); if (retSSL < 0) { WRITE_LOG(LOG_WARN, "SSL write error,ret:%d", retSSL); @@ -854,7 +845,6 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int } } int sslBufLen = BIO_pending(hSession->writeBIO); - // uint8_t *buf = new uint8_t[sslBufLen]; int retBIO = BIO_read(hSession->writeBIO, bufPtr, sslBufLen); if (retBIO < 0) { WRITE_LOG(LOG_WARN, "BIO_read error"); @@ -862,9 +852,6 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int return retBIO; } writeLen = retBIO; - // WRITE_LOG(LOG_DEBUG, "SSL encrypt write to buffer,writeLen: %d, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", - // writeLen, sslBufLen, bufLen, retSSL, retBIO); - // ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, sslBufLen); } if (echo && !hSession->serverOrDaemon) { @@ -876,7 +863,6 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); } } - // uv_sleep(2); break; } case CONN_USB: { @@ -992,19 +978,8 @@ int HdcSessionBase::DecryptPayload(HSession hSession, PayloadHead *payloadHeadBe return RET_SUCCESS; } - -// std::string toHex(const uint8_t* data, size_t size) { -// std::stringstream ss; -// ss << std::hex << std::setfill('0'); -// for (size_t i = 0; i < size; ++i) { -// ss << std::setw(2) << static_cast(data[i]); -// } -// return ss.str(); -// } - int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) { - // WRITE_LOG(LOG_DEBUG, "OnRead bufPtr%s, bufLen %d", Base::toHex(bufPtr, 30).c_str(), bufLen); int ret = ERR_GENERIC; StartTraceScope("HdcSessionBase::OnRead"); if (memcmp(bufPtr, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { @@ -1034,152 +1009,6 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) return ret; } - -unsigned int HdcSessionBase::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - if (strcmp(identity, "Client_identity") != 0) { - WRITE_LOG(LOG_FATAL, "identity not same"); - return 0; - } - unsigned int keyLen = 32; - if (keyLen <= 0 || keyLen > maxPskLen) { - return 0; - } - if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { - WRITE_LOG(LOG_FATAL, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); - return 0; - } - return keyLen; -} - -unsigned int HdcSessionBase::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *pskInput = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - if (sizeof("Client_identity") >= maxIdentityLen) { - WRITE_LOG - (LOG_FATAL, "Client identity buffer too small, maxIdentityLen = %d", maxIdentityLen); - return 0; - } - strcpy(identity, "Client_identity"); - int keyLen = 32; - if (keyLen <= 0 || keyLen > maxPskLen) { - WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); - return 0; - } - if (memcpy_s(psk, maxPskLen, pskInput, keyLen) != EOK) { - WRITE_LOG(LOG_INFO, "memcpy failed, maxpsklen = %d,keyLen=%d ",maxPskLen,keyLen); - return 0; - } - - return keyLen; -} - -int HdcSessionBase::FetchSSLIOBuf(HSession hSession, uint8_t *ioBuf, int read) -{ - WRITE_LOG(LOG_DEBUG, "hdc tester SSL FetchSSLIOBuf"); - HdcSessionBase *ptrConnect = (HdcSessionBase *)hSession->classInstance; - int indexBuf = 0; - int childRet = 0; - StartTraceScope("HdcSessionBase::FetchIOBuf"); - if (read < 0) { - constexpr int bufSize = 1024; - char buf[bufSize] = { 0 }; - uv_strerror_r(read, buf, bufSize); - WRITE_LOG(LOG_FATAL, "FetchIOBuf read io failed,%s", buf); - return ERR_IO_FAIL; - } - if (hSession->heartbeat.GetSupportHeartbeat() && !hSession->heartbeat.HandleMessageCount()) { - WRITE_LOG(LOG_FATAL, "Rehandshake is required because no heartbeat message is received for a long time"); - FreeSession(hSession->sessionId); - return ERR_IO_FAIL; - } - hSession->stat.dataRecvBytes += read; - hSession->availTailIndex += read; - SSL *ssl = hSession->ssl; - while (!hSession->isDead && hSession->availTailIndex > static_cast(sizeof(PayloadHead))) { - - // HdcPsk::OnClientEvent(hSession, ioBuf, read); - WRITE_LOG(LOG_DEBUG, "hdc tester SSL check SSL_is_init_finished"); - if (ssl != nullptr) { - WRITE_LOG(LOG_DEBUG, "SSl accept check begin"); - BIO_read(hSession->writeBIO, ioBuf, read); - if ( !SSL_is_init_finished(ssl) ) { - int ret_hs = SSL_do_handshake(ssl); - WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret %d", ret_hs); - if (ret_hs < 0) { - childRet = ptrConnect->OnRead(hSession, ioBuf + indexBuf, hSession->availTailIndex); - } else { - uint8_t bioData[4096]; - int bioLen = SSL_read(ssl, bioData, sizeof(bioData)); - if (bioLen > 0) { - childRet = ptrConnect->OnRead(hSession, bioData + indexBuf, hSession->availTailIndex); - } - } - } else { - uint8_t bioData[4096]; - int bioLen = SSL_read(ssl, bioData, sizeof(bioData)); - if (bioLen > 0) { - childRet = ptrConnect->OnRead(hSession, bioData + indexBuf, hSession->availTailIndex); - } - } - - // if (!SSL_is_init_finished(ssl)) { - // if (hSession->serverOrDaemon) { - // // is hdc server also ssl client, only connect - // int ret = SSL_connect(ssl); - // WRITE_LOG(LOG_DEBUG, "SSL_connect ret %d", ret); - // } else { - // // is hdc daemon also ssl server, only accept - // int ret = SSL_accept(ssl); - // WRITE_LOG(LOG_DEBUG, "SSL_accept ret %d", ret); - // } - // } else { - // WRITE_LOG(LOG_DEBUG, "SSL_read"); - // int ret = SSL_read(ssl, ioBuf + indexBuf, read); - // // int ret = SSL_read(ssl, ioBuf, read); - // WRITE_LOG(LOG_DEBUG, "SSL_read ret:%d", ret); - // if (ret > 0) { - // WRITE_LOG(LOG_DEBUG, "SSL_read ret:%d, %s", ret, ioBuf); - // } else { - // int err = SSL_get_error(ssl, ret); - // WRITE_LOG(LOG_FATAL, "SSL_read error:%d, %s", err, ioBuf); - // break; - // } - // } - } else { - childRet = ptrConnect->OnRead(hSession, ioBuf + indexBuf, hSession->availTailIndex); - } - - if (childRet > 0) { - hSession->availTailIndex -= childRet; - indexBuf += childRet; - } else if (childRet == 0) { - // Not enough a IO - break; - } else { // <0 - WRITE_LOG(LOG_FATAL, "FetchIOBuf error childRet:%d sessionId:%u", childRet, hSession->sessionId); - hSession->availTailIndex = 0; // Preventing malicious data packages - indexBuf = ERR_BUF_SIZE; - break; - } - // It may be multi-time IO to merge in a BUF, need to loop processing - } - if (indexBuf > 0 && hSession->availTailIndex > 0) { - if (memmove_s(hSession->ioBuf, hSession->bufSize, hSession->ioBuf + indexBuf, hSession->availTailIndex) - != EOK) { - return ERR_BUF_COPY; - }; - uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf + hSession->availTailIndex); - Base::ZeroBuf(bufToZero, hSession->bufSize - hSession->availTailIndex); - } - return indexBuf; -} - -// Returns <0 error;> 0 receives the number of bytes; 0 untreated int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) { HdcSessionBase *ptrConnect = (HdcSessionBase *)hSession->classInstance; @@ -1238,25 +1067,6 @@ void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_bu buf->len = std::min(size, static_cast(sizeWanted)); } -void HdcSessionBase::AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) -{ - WRITE_LOG(LOG_DEBUG, "before uv time--5, sizeWanted:%u", sizeWanted); - HSession context = (HSession)handle->data; - Base::ReallocBuf(&context->bioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); - Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); - buf->base = (char *)context->ioBuf + context->availTailIndex; - int size = context->bufSize - context->availTailIndex; - buf->len = std::min(size, static_cast(sizeWanted)); -} - -void HdcSessionBase::AllocBeforeRead(HSession& context, uv_buf_t *buf) -{ - Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); - buf->base = (char *)context->ioBuf + context->availTailIndex; - int size = context->bufSize - context->availTailIndex; - buf->len = size; -} - void HdcSessionBase::FinishWriteSessionTCP(uv_write_t *req, int status) { HSession hSession = (HSession)req->handle->data; @@ -1323,13 +1133,20 @@ void HdcSessionBase::ReadCtrlFromSession(uv_poll_t *poll, int status, int events delete[] buf; } -void HdcSessionBase::SetHeartbeatFeature(SessionHandShake &handshake) +void HdcSessionBase::SetFeature(SessionHandShake &handshake) { - if (!Base::GetheartbeatSwitch()) { - return; + Base::HdcFeatureSet feature = {}; + if (Base::GetheartbeatSwitch()) { + feature.push_back(FEATURE_HEARTBEAT); + } + if (Base::GetEncrpytTCPSwitch()) { + feature.push_back(FEATURE_ENCRYPT_TCP); } // told daemon, we support features - Base::TlvAppend(handshake.buf, TAG_SUPPORT_FEATURE, Base::FeatureToString(Base::GetSupportFeature())); + if (feature.size() == 0) { + return; + } + Base::TlvAppend(handshake.buf, TAG_SUPPORT_FEATURE, Base::FeatureToString(feature)); } void HdcSessionBase::WorkThreadInitSession(HSession hSession, SessionHandShake &handshake) @@ -1345,152 +1162,9 @@ void HdcSessionBase::WorkThreadInitSession(HSession hSession, SessionHandShake & // told daemon, we support RSA_3072_SHA512 auth Base::TlvAppend(handshake.buf, TAG_AUTH_TYPE, std::to_string(AuthVerifyType::RSA_3072_SHA512)); HdcSessionBase *hSessionBase = (HdcSessionBase *)hSession->classInstance; - hSessionBase->SetHeartbeatFeature(handshake); -} - -// void HdcSessionBase::OnSSLReadEvent(uv_poll_t *poll, int status, int events) -// { -// WRITE_LOG(LOG_INFO, "OnSSLReadEvent"); -// HSession hSession = (HSession)poll->data; -// if (!SSL_is_init_finished(hSession->ssl)) { -// return; -// } -// HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; - -// char rawBuf[16384]; -// uv_buf_t buf = uv_buf_init(static_cast(rawBuf), sizeof(rawBuf)); -// // while(true) { -// if (events & UV_READABLE) { -// WRITE_LOG(LOG_DEBUG, "OnSSLReadEvent read memset"); -// memset(rawBuf, 0, sizeof(rawBuf)); -// AllocBeforeRead(hSession, &buf); -// int ret = SSL_read(hSession->ssl, buf.base, buf.len); -// if (ret > 0) { -// WRITE_LOG(LOG_DEBUG, "read cnt: %d buf:%s", ret, Base::toHex(reinterpret_cast(buf.base), ret).c_str()); -// pTCPBase->ReadStreamFromSSL(hSession, ret, &buf); -// } else { -// int err = SSL_get_error(hSession->ssl, ret); -// WRITE_LOG(LOG_DEBUG, "SSL_read %d,errno:%d", ret, err); -// uv_sleep(100); -// } -// } -// // } -// } - -// void HdcSessionBase::StartSSLPoll(HSession hSession) { -// WRITE_LOG(LOG_DEBUG, "before uv time--5"); -// uv_loop_t* loop = uv_default_loop(); -// uv_poll_t* poll_handle = (uv_poll_t*)malloc(sizeof(uv_poll_t)); -// poll_handle->data = hSession; - -// int fd = SSL_get_fd(hSession->ssl); -// int result = uv_poll_init(loop, poll_handle, fd); -// if (result != 0) { -// fprintf(stderr, "uv_poll_init error: %s\n", uv_strerror(result)); -// free(poll_handle); -// return; -// } - -// result = uv_poll_start(poll_handle, UV_READABLE, OnSSLReadEvent); -// if (result != 0) { -// fprintf(stderr, "uv_poll_start error: %s\n", uv_strerror(result)); -// free(poll_handle); -// return; -// } -// } - -void HdcSessionBase::on_ssl_handshake(uv_poll_t *handle, int status, int events) -{ - HSession hs = (HSession)(handle->data); - int ret = SSL_connect(hs->ssl); - if (ret == 1) { - WRITE_LOG(LOG_DEBUG, "SSL handshake success"); - uv_poll_stop(hs->pollHandle[STREAM_WORK]); - } else { - int err = SSL_get_error(hs->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(hs->pollHandle[STREAM_WORK], UV_READABLE, HdcSessionBase::on_ssl_handshake); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(hs->pollHandle[STREAM_WORK], UV_WRITABLE, HdcSessionBase::on_ssl_handshake); - } else { - WRITE_LOG(LOG_DEBUG, "SSL handshake failed"); - uv_poll_stop(hs->pollHandle[STREAM_WORK]); - } - } + hSessionBase->SetFeature(handshake); } -// TODO: Init Failed return false -// TODO: put it into a class, not only a function.(~class will auto SSL_free,which is convient.) -void HdcSessionBase::InitSSL(HSession& hSession) -{ - - // if (hSession->ssl == nullptr) { - WRITE_LOG(LOG_DEBUG, "InitSSL start !!!!!!!!!!!!!!"); - #if OPENSSL_VERSION_NUMBER >= 0x10100003L - if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) - { - WRITE_LOG(LOG_FATAL, "OPENSSL_init_ssl"); - } - ERR_clear_error(); - -#else - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -#endif - if (hSession->serverOrDaemon) { - // server only connect to , is ssl client - - const SSL_METHOD *method; - // WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); - method = TLS_client_method(); - // WRITE_LOG(LOG_DEBUG, "TLS_client_method"); - hSession->sslContext = SSL_CTX_new(method); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); - SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); - SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcSessionBase::PskClientCallback); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_client_callback"); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); - - hSession->readBIO = BIO_new(BIO_s_mem()); - hSession->writeBIO = BIO_new(BIO_s_mem()); - hSession->ssl = SSL_new(hSession->sslContext); - } else { - - const SSL_METHOD *method; - // WRITE_LOG(LOG_DEBUG, "SSL_METHOD"); - method = TLS_server_method(); - // WRITE_LOG(LOG_DEBUG, "TLS_server_method"); - hSession->sslContext = SSL_CTX_new(method); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_new"); - // WRITE_LOG(LOG_DEBUG, "hdc psk key: %s", Base::toHex(reinterpret_cast(hSession->preSharedKey), 32).c_str()); - SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); - SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcSessionBase::PskServerCallback); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_psk_server_callback"); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - // WRITE_LOG(LOG_DEBUG, "SSL_CTX_set_cipher_list"); - - hSession->readBIO = BIO_new(BIO_s_mem()); - hSession->writeBIO = BIO_new(BIO_s_mem()); - - // WRITE_LOG(LOG_DEBUG, "ctx = ctx"); - hSession->ssl = SSL_new(hSession->sslContext); - // WRITE_LOG(LOG_DEBUG, "SSL_new"); - - // SSL_set_accept_state(hSession->ssl); - // SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - } -} - -/// @brief -/// @param hSession -/// @return bool HdcSessionBase::WorkThreadStartSession(HSession hSession) { bool regOK = false; @@ -1513,14 +1187,7 @@ bool HdcSessionBase::WorkThreadStartSession(HSession hSession) return false; } Base::SetTcpOptions((uv_tcp_t *)&hSession->hChildWorkTCP); - // uv_poll_t *pollHandle = hSession->pollHandle[STREAM_WORK]; - WRITE_LOG(LOG_DEBUG, "check hs = %d", hSession->handshakeOK); - // InitSSL(hSession); - // pTCPBase->SSLHandshake((uv_stream_t *)&hSession->hChildWorkTCP); uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamAutoBIO); - // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocBIOCallback, pTCPBase->ReadStreamAutoBIO); - // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStream); - // uv_read_start((uv_stream_t *)&hSession->hChildWorkTCP, AllocCallback, pTCPBase->ReadStreamFromSSL); regOK = true; #ifdef HDC_SUPPORT_UART } else if (hSession->connType == CONN_SERIAL) { // UART @@ -1638,7 +1305,6 @@ bool HdcSessionBase::DispatchMainThreadCommand(HSession hSession, const CtrlStru void HdcSessionBase::ReadCtrlFromMain(uv_poll_t *poll, int status, int events) { HSession hSession = (HSession)poll->data; - // hSession->pollMain = poll; CALLSTAT_GUARD(hSession->childLoopStatus, poll->loop, "HdcSessionBase::ReadCtrlFromMain"); HdcSessionBase *hSessionBase = (HdcSessionBase *)hSession->classInstance; int formatCommandSize = sizeof(CtrlStruct); @@ -1646,8 +1312,6 @@ void HdcSessionBase::ReadCtrlFromMain(uv_poll_t *poll, int status, int events) const int size = Base::GetMaxBufSizeStable(); char *buf = reinterpret_cast(new uint8_t[size]()); ssize_t nread = Base::ReadFromFd(hSession->ctrlFd[STREAM_WORK], buf, size); - // 此处接收主进程的ctrl控制字,非dataFd - WRITE_LOG(LOG_DEBUG, "ReadCtrlFromMain nread=%d, buf=%s", nread, Base::toHex(reinterpret_cast(buf), nread).c_str()); while (true) { if (nread < 0) { constexpr int bufSize = 1024; @@ -1756,7 +1420,6 @@ void HdcSessionBase::SessionWorkThread(uv_work_t *arg) _exit(0); } uv_poll_start(pollHandle, UV_READABLE, ReadCtrlFromMain); - // 这里通过回调设置后面uv_run 需要跑的任务,READABLE // start heartbeat rimer HdcSessionBase *hSessionBase = (HdcSessionBase *)hSession->classInstance; hSessionBase->StartHeartbeatWork(hSession); @@ -1904,7 +1567,52 @@ void HdcSessionBase::ParsePeerSupportFeatures(HSession &hSession, std::mapsessionId); Base::SplitString(tlvMap[TAG_SUPPORT_FEATURE], ",", features); hSession->heartbeat.SetSupportHeartbeat(Base::IsSupportFeature(features, FEATURE_HEARTBEAT)); - // hSession->psk.SetSupportPsk(Base::IsSupportFeature(features, FEATURE_PSK)); + hSession->supportEncrypt = Base::IsSupportFeature(features, FEATURE_ENCRYPT_TCP); + } +} + +void HdcSessionBase::InitSSL(HSession hSession) +{ + WRITE_LOG(LOG_INFO, "session enable SSL encrypt, sid:%u", hSession->sessionId); +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) + { + WRITE_LOG(LOG_FATAL, "OPENSSL_init_ssl"); + } + ERR_clear_error(); +#else + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); +#endif + if (hSession->serverOrDaemon) { + const SSL_METHOD *method; + method = TLS_client_method(); + hSession->sslContext = SSL_CTX_new(method); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); + SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcPsk::PskClientCallback); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + hSession->ssl = SSL_new(hSession->sslContext); + SSL_set_connect_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + } else { + const SSL_METHOD *method; + method = TLS_server_method(); + hSession->sslContext = SSL_CTX_new(method); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); + SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcPsk::PskServerCallback); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + hSession->ssl = SSL_new(hSession->sslContext); + SSL_set_accept_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); } } -} // namespace Hdc +} // namespace Hdc \ No newline at end of file diff --git a/src/common/session.h b/src/common/session.h index 254a8580..d9489dce 100755 --- a/src/common/session.h +++ b/src/common/session.h @@ -91,7 +91,7 @@ public: static void on_ssl_handshake(uv_poll_t *handle, int status, int events); static void AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); static void AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); - static void InitSSL(HSession& hSession); + static void InitSSL(HSession hSession); static void MainAsyncCallback(uv_async_t *handle); static void FinishWriteSessionTCP(uv_write_t *req, int status); static void SessionWorkThread(uv_work_t *arg); @@ -109,10 +109,6 @@ public: int SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo = false); virtual HSession AdminSession(const uint8_t op, const uint32_t sessionId, HSession hInput); virtual int FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read); - virtual int FetchSSLIOBuf(HSession hSession, uint8_t *ioBuf, int read); - static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); - static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen); virtual void PushAsyncMessage(const uint32_t sessionId, const uint8_t method, const void *data, const int dataSize); HTaskInfo AdminTask(const uint8_t op, HSession hSession, const uint32_t channelId, HTaskInfo hInput); bool DispatchTaskData(HSession hSession, const uint32_t channelId, const uint16_t command, uint8_t *payload, @@ -228,11 +224,11 @@ private: bool NeedNewTaskInfo(const uint16_t command, bool &masterTask); void DumpTasksInfo(map &mapTask); void StartHeartbeatWork(HSession hSession); - void SetHeartbeatFeature(SessionHandShake &handshake); + void SetFeature(SessionHandShake &handshake); void StopHeartbeatWork(HSession hSession); map mapSession; - uv_rwlock_t lockMapSession; + uv_rwlock_t lockMapSession; std::atomic sessionRef = 0; const uint8_t payloadProtectStaticVcode = 0x09; uv_thread_t threadSessionMain; diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 86744589..77d84e34 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -69,324 +69,6 @@ void HdcTCPBase::SendUDPFinish(uv_udp_send_t *req, int status) delete req; } - -// static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { -// ssl_uv_client_t *ssl_client = static_cast(handle->data); -// if (!SSL_is_init_finished(ssl_client->ssl)) { -// int ret = SSL_accept(ssl_client->ssl); -// if (ret == 1) { -// std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; -// continue; -// } else { -// int err = SSL_get_error(ssl_client->ssl, ret); -// if (err == SSL_ERROR_WANT_READ) { -// continue; -// } else if (err == SSL_ERROR_WANT_WRITE) { -// continue; -// } else { -// break; -// SSL_free(ssl_client->ssl); -// uv_close((uv_handle_t *)ssl_client->client, NULL); -// delete ssl_client; -// } -// } -// return; -// } - -// if (events & UV_READABLE) { -// char buf[4096]; -// int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); -// if (ret > 0) { -// buf[ret] = '\0'; -// std::cout << "read from client: " << buf; -// SSL_write(ssl_client->ssl, buf, ret); -// } else { -// int err = SSL_get_error(ssl_client->ssl, ret); -// if (err == SSL_ERROR_WANT_READ) { - -// } else if (err == SSL_ERROR_WANT_WRITE) { - -// } else { -// std::cout<<"disconnected"<ssl); -// uv_close((uv_handle_t *)ssl_client->client, NULL); -// delete ssl_client; -// } -// } -// } -// } - - -// @brief: if hs ok then SSL_write of SSL_read -bool HdcTCPBase::SSLHandshake(uv_stream_t *tcp) -{ - bool ret = false; - HSession hSession = (HSession)tcp->data; - // HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; - // HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; - int sslRet = 0; - SSL_do_handshake(hSession->ssl); - WRITE_LOG(LOG_DEBUG, "SSLHandshake, sslRet = %d", sslRet); - WriteBIOToSocket(tcp); - if (sslRet == 1) { - ret = true; - } else { - int err = SSL_get_error(hSession->ssl, sslRet); - if (err == SSL_ERROR_WANT_READ) { - WRITE_LOG(LOG_DEBUG, "SSLHandshake, SSL_ERROR_WANT_READ"); - // 一般不会走到这里,因为在此之前有BIO_read - } else if (err == SSL_ERROR_WANT_WRITE) { // 将Write BIO的数据发出去 - WRITE_LOG(LOG_DEBUG, "SSLHandshake, SSL_ERROR_WANT_WRITE"); - WriteBIOToSocket(tcp); - } - } - return ret; -} - -int HdcTCPBase::WriteBIOToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax) -{ - if (buf == nullptr) { - return 0; - } - HSession hSession = (HSession)tcp->data; - if (hSession->writeBIO == nullptr) { - return 0; - } - int retRead = 0; - retRead = BIO_read(hSession->writeBIO, buf, lenMax); - if (retRead <= 0) { - WRITE_LOG(LOG_WARN, "BIO ret read fail"); - - } - return retRead; -} - -int HdcTCPBase::HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax) -{ - if (buf == nullptr) { - return 0; - } - HSession hSession = (HSession)tcp->data; - if (hSession->ssl == nullptr) { - return 0; - } - SSL_do_handshake(hSession->ssl); - int ret = WriteBIOToBuffer(tcp, buf, lenMax); - return ret; -} - -int HdcTCPBase::WriteBIOToSocket(uv_stream_t *tcp) -{ - HSession hSession = (HSession)tcp->data; - int retRead = 0; - WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket, "); - - uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); - if (buf == nullptr) { - WRITE_LOG(LOG_WARN, "send allocmem err"); - return -1; - } - retRead = BIO_read(hSession->writeBIO, buf, 16 * 4096); - if (retRead < 0) { - WRITE_LOG(LOG_WARN, "retRead fail"); - delete[] buf; - return retRead; - } - buf[retRead] = '\0'; - HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); - int retWrite = 0; - // if (hSession->hWorkThread == uv_thread_self()) { - // retWrite = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, buf, retRead); - // } else { - WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket00, retRead = %d", retRead); - retWrite = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, buf, retRead); - // } - WRITE_LOG(LOG_DEBUG, "WriteBIOToSocket01, retWrite = %d", retWrite); - return retWrite; -} - -int HdcTCPBase::SendAfterHandshake(uv_stream_t *tcp) -{ - HSession hSession = (HSession)tcp->data; - if (hSession->writeBIO == nullptr) { - return 0; - } - string buf = "Open SSL\n "; - int ret = SSL_write(hSession->ssl, buf.c_str(), buf.size()); - if (ret > 0) { - WriteBIOToSocket(tcp); - } else { - WRITE_LOG(LOG_WARN, "SSL_write fail"); - } - - return ret; -} - - -void HdcTCPBase::ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) -{ WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); - - HSession hSession = (HSession)tcp->data; - // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 - HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; - HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; - CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); - - bool ret = false; - while (true) { - if (nread == UV_ENOBUFS) { - WRITE_LOG(LOG_WARN, "Session IOBuf max, sid:%u", hSession->sessionId); - break; - } else if (nread < 0) { - // I originally in the IO main thread, no need to send asynchronous messages, close the socket as soon as - // possible - constexpr int bufSize = 1024; - char buffer[bufSize] = { 0 }; - uv_strerror_r(static_cast(nread), buffer, bufSize); - WRITE_LOG(LOG_INFO, "HdcTCPBase::ReadStream < 0 %s sid:%u", buffer, hSession->sessionId); - break; - } - - if (hSession->sslHandshake) { - if (hSession->ssl == nullptr) { - WRITE_LOG(LOG_DEBUG, "hsession ssl is null"); - break; - } - - if (memcmp(hSession->ioBuf, PACKET_FLAG.c_str(), PACKET_FLAG.size())) { - // ****************welcom to ssl area******************* - WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream memcmp != 48 57, sid:%u", - hSession->sessionId); - if (hSession->ssl == nullptr) { - WRITE_LOG(LOG_DEBUG, "hSession->ssl == nullptr WARNING !!!!!!!!!!!!!!!!!!!!!!!!!"); - // HdcSessionBase::InitSSL(hSession); - break; - } - // if (SSL_get_state(hSession->ssl) == TLS_ST_OK) { - if (SSL_is_init_finished(hSession->ssl)) { - WRITE_LOG(LOG_DEBUG, "SSL_get_state result is TLS_ST_OK"); - // ******************TLS handshake ok******************************// - if (BIO_wpending(hSession->readBIO) > 0) { - WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_wpending > 0"); - BIO_reset(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_wpending reset %d", BIO_wpending(hSession->readBIO)); - } - int retBio = BIO_write(hSession->readBIO, buf->base, nread); - // if (retBio <= 0) { - // WRITE_LOG(LOG_WARN, "HdcTCPBase::ReadStream BIO_write failed:%s sid:%u", - // ERR_error_string(ERR_get_error(), NULL), hSession->sessionId); - // // BIO_free(hSession->readBIO); - // break; - // } - WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); - uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); - int nSSLRead = SSL_read(hSession->ssl, buffer, retBio); - if (nSSLRead < 0) { - int err = SSL_get_error(hSession->ssl, nSSLRead); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); - } - ret = hSession->cntErrorSSL < 3; - hSession->cntErrorSSL++; - WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", - ERR_error_string(err, NULL), hSession->cntErrorSSL); - uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - Base::ZeroBuf(bufToZero, hSession->bufSize); - // SSL解密失败,注意清理这段数据。 - delete[] buffer; - break; - } else { - WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, - Base::toHex(const_cast(buffer), nSSLRead).c_str()); - if (memcpy_s(hSession->ioBuf, nSSLRead, buffer, nSSLRead) != EOK) { - WRITE_LOG(LOG_DEBUG, "after SSL_read memcpy failed, source buf len: %d, target buf len: %d", - nSSLRead, nread); - uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - Base::ZeroBuf(bufToZero, hSession->bufSize); - ret = true; - delete[] buffer; - break; - // 内存拷贝失败,直接break掉,记得先清理这段数据 - } else { - memset(hSession->ioBuf + nSSLRead, 0, nread - nSSLRead); - // 如果这里拷贝ok,那么就继续往下走到FetchIOBuf了。 - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - break; - } - ret = true; - break; - } - } - } else { - // *****TLS handshake NOT ok continue handle handshake data*******// - // int retBio = BIO_write(hSession->readBIO, buf->base, nread); - // WRITE_LOG(LOG_DEBUG, "BIO_write ret: %d", retBio); - // int retHs = SSL_do_handshake(hSession->ssl); - // WRITE_LOG(LOG_DEBUG, "SSL_do_handshake ret: %d", retHs); - // WriteBIOToSocket(tcp); - // uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - // Base::ZeroBuf(bufToZero, hSession->bufSize); - // ret = false; - break; - } - - - - // // 将读到的SSL密文写入到BIO对象 - // // 这里直接用buf->base是可以的。当然,用hSession->bioBuf也是可以的,只是后面的指针需要注意生命周期。 - // if (!SSL_is_init_finished(hSession->ssl)) { - // bool hs_ret = SSLHandshake(tcp); - // WRITE_LOG(LOG_INFO, "SSLHandshake continue sid:%u", hSession->sessionId); - // ret = true; - // if (!hs_ret) { - // break; - // } - // } - // // 读取SSL密文 - // uint8_t *buffer = new(std::nothrow) uint8_t[16 * 4096](); - // int nSSLRead = SSL_read(hSession->ssl, buffer, 16 * 4096); - // if (nSSLRead < 0) { - // int err = SSL_get_error(hSession->ssl, nSSLRead); - // if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - // WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE"); - // } - // ret = hSession->cntErrorSSL < 3; - // hSession->cntErrorSSL++; - // WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", - // ERR_error_string(err, NULL), hSession->cntErrorSSL); - // // uint8_t *buf = new(std::nothrow) uint8_t[16 * 4096](); - // } else { - // WRITE_LOG(LOG_DEBUG, "SSL_read buf is (len:%d) %s", nSSLRead, Base::toHex(const_cast(buffer), nSSLRead).c_str()); - // } - // ret = true; - // break; - - - } - } // leave the world - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nread) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - break; - } - ret = true; - break; - } - if (!ret) { - // The first time is closed first, prevent the write function from continuing to write - Base::TryCloseHandle(reinterpret_cast(tcp)); - hSessionBase->FreeSession(hSession->sessionId); - } -} - -// SSLPSK server -// 首先,此处一定会多次调用,需要注意的是TcpBase有哪些公用变量可以共享同对象,对象析构如何保障不crash -// 其次,需要注意,此处数据已经是从socket读到buffer包括TLS握手Client Hello的数据,需要回一道Server Hello -// TODO:通过SSL转换为私有明文数据 - bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) { if (hSession == nullptr || hSession->ssl == nullptr) { @@ -397,39 +79,22 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); return false; } - // WRITE_LOG(LOG_DEBUG, "ReadBIO nread:%d", nread); bool ret = false; HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; int left = nread; int retBio = BIO_write(hSession->readBIO, ioBuf + hSession->availTailIndex, nread); - // WRITE_LOG(LOG_DEBUG, "retBio is %d", retBio); while (left > 0) { - // int retBio = BIO_write(hSession->readBIO, ioBuf, nread); - // WRITE_LOG(LOG_DEBUG, "HdcTCPBase::ReadStream BIO_write %d sid:%u", retBio, hSession->sessionId); - // uint8_t *buffer = new(std::nothrow) uint8_t[retBio](); - // NOTE: here the encrypted data always bigger than raw data, so it will not make data out of range. - // int nSSLRead = SSL_read(hSession->ssl, hSession->ioBuf, retBio); int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, retBio); if (nSSLRead < 0) { int err = SSL_get_error(hSession->ssl, nSSLRead); if (err == SSL_ERROR_WANT_READ) { - // WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ"); - // hSession->readSSLStartIdx += retBio - BIO_pending(hSession->readBIO); - // hSession->availTailIndex += sslRead; // if read half, the next read will start at this index if (hSession->availTailIndex >= MAX_SIZE_IOBUF) { - // WRITE_LOG(LOG_DEBUG, "feed too much, i just want shit, %d", hSession->availTailIndex); - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { - // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - return false; - } + ret = true; break; } return true; } - - WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", ERR_error_string(err, NULL), hSession->cntErrorSSL); uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); @@ -437,31 +102,23 @@ bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) hSession->sslHandshake = (err != SSL_ERROR_SSL); return false; } else { - // WRITE_LOG(LOG_DEBUG, "save BIO len = %d, nSSLRead = %d",hSession->saveBIOLen, nSSLRead); - // 如果这里队列无法消耗完,会给BIO累计超过150K的缓存,缓存超了这里就crash了 hSession->availTailIndex += nSSLRead; left = BIO_pending(hSession->readBIO); - // WRITE_LOG(LOG_DEBUG, "sslread = %d, left = %d", hSession->availTailIndex, left); + DEBUG_LOG(LOG_DEBUG, "sslread = %d, left = %d", hSession->availTailIndex, left); ret = true; } } - // 什么时候从头开始读 什么时候从中间开始读 if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { - // if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, nSSLRead) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - return false; + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + return false; } - // hSession->availSSLIndex = hSession->availTailIndex; // if the unencrypted data left half, the next read also start at this index. return ret; } void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { - // WRITE_LOG(LOG_DEBUG, "ReadStreamFromSSL ----66 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); - HSession hSession = (HSession)tcp->data; - // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); @@ -502,10 +159,7 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { - WRITE_LOG(LOG_DEBUG, "ReadStreamFrom ----4 , buf %s, size %u", Base::toHex(reinterpret_cast(buf->base), nread).c_str(), nread); - HSession hSession = (HSession)tcp->data; - // 注意这里是uv_read_start传参过来的,所以在uv_read_start前进行初始化即可。 HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); @@ -537,26 +191,6 @@ void HdcTCPBase::ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf } } -// int HdcTCPBase::WriteBIOToBuf(uv_stream_t *tcp) -// { -// HSession *hs = (HSession)tcp->data; -// int len = BIO_read(hs->writeBIO, hs->ioBuf, ); -// if (len > 0) { -// uv_buf_t wbuf = uv_buf_init(buf, len); -// if (!reqWrite) { -// WRITE_LOG(LOG_DEBUG,"new uv_write_t error"); -// return; -// } -// if (n < 0) { -// WRITE_LOG(LOG_DEBUG,"uv_write error"); -// } -// } else { -// WRITE_LOG(LOG_FATAL,"BIO_read error"); -// } -// return -// } - -// SSLPSK client ? int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) { std::lock_guard lock(writeTCPMutex); @@ -577,7 +211,6 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) #ifdef HDC_EMULATOR int rc = write(fd, reinterpret_cast(data), cnt); #else - // WRITE_LOG(LOG_DEBUG, "WriteUvTcpFd fd:%d, buf %s, size %d", fd, Base::toHex(data, cnt).c_str(), size); int rc = 0; rc = send(fd, reinterpret_cast(data), cnt, 0); #endif @@ -590,13 +223,13 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) if (err == EINTR || err == EAGAIN) { #endif if (++intrcnt > intrmax) { - WRITE_LOG(LOG_WARN, "WriteUvTcpFd fd:%d send interrupt err:%s", fd, ERR_error_string(err, NULL)); + WRITE_LOG(LOG_WARN, "WriteUvTcpFd fd:%d send interrupt err:%d", fd, err); intrcnt = 0; } std::this_thread::yield(); continue; } else { - WRITE_LOG(LOG_FATAL, "WriteUvTcpFd fd:%d send rc:%d err:%s", fd, rc, ERR_error_string(err, NULL)); + WRITE_LOG(LOG_FATAL, "WriteUvTcpFd fd:%d send rc:%d err:%d", fd, rc, err); cnt = ERR_GENERIC; break; } @@ -607,70 +240,4 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) delete[] buf; return cnt == 0 ? size : cnt; } - -int HdcTCPBase::WriteToSSL(HSession hSession, uint8_t *buf, int bufLen, bool echo) -{ - if (hSession == nullptr || hSession->ssl == nullptr || buf == nullptr || bufLen <= 0) { - return -1; - } - if (BIO_pending(hSession->writeBIO) > 0) { - BIO_reset(hSession->writeBIO); - } - int sslBufLen = GetSSLBufLen(bufLen); - uint8_t *sslbuf = new uint8_t[sslBufLen]; - int ret = 0; - int left = bufLen; - int idx = 0; - int sslIndex = 0; - while (left > 0) { - // put huge buf into 16K size series - int seriesLen = (left > BUF_SIZE_DEFAULT16) ? BUF_SIZE_DEFAULT16 : left; - int retSSL = SSL_write(hSession->ssl, buf + idx, seriesLen); - if (retSSL <= 0) { - int err = SSL_get_error(hSession->ssl, retSSL); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - break; - } else { - WRITE_LOG(LOG_FATAL, "SSL_write err:%d", err); - ret = -1; - break; - } - } - int pieceBufLen = BIO_pending(hSession->writeBIO); - int retBIO = BIO_read(hSession->writeBIO, sslbuf + sslIndex, pieceBufLen); - if (retBIO <= 0) { - WRITE_LOG(LOG_WARN, "BIO read fail"); - BIO_reset(hSession->writeBIO); - ret = -1; - break; - } - left -= seriesLen; - idx += seriesLen; - sslIndex += pieceBufLen; - if (sslIndex > sslBufLen) { - WRITE_LOG(LOG_FATAL, "sslbuf overflow"); - ret = -1; - break; - } - } - if (ret < 0) { - delete[] sslbuf; - delete[] buf; - return ret; - } - - - if (echo && !hSession->serverOrDaemon) { - ret = this->WriteUvTcpFd(&hSession->hChildWorkTCP, sslbuf, sslBufLen); - } else { - if (hSession->hWorkThread == uv_thread_self()) { - ret = this->WriteUvTcpFd(&hSession->hWorkTCP, sslbuf, sslBufLen); - } else { - ret = this->WriteUvTcpFd(&hSession->hChildWorkTCP, sslbuf, sslBufLen); - } - } - delete[] buf; - return ret; -} - } // namespace Hdc diff --git a/src/common/tcp.h b/src/common/tcp.h index 9b35737f..fd044fd3 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -22,16 +22,9 @@ public: HdcTCPBase(const bool serverOrDaemonIn, void *ptrMainBase); virtual ~HdcTCPBase(); static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); - static bool SSLHandshake(uv_stream_t *tcp); static bool ReadBIO(HSession hSession, uint8_t *ioBuf, int nread); - static int WriteBIOToSocket(uv_stream_t *tcp); - static int SendAfterHandshake(uv_stream_t *tcp); - static int HandshakeToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); - static int WriteBIOToBuffer(uv_stream_t *tcp, uint8_t *buf, int lenMax); - static void ReadStreamFromSSL(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); static void ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size); - int WriteToSSL(HSession hSession, uint8_t *buf, int bufLen, bool echo); inline static int GetSSLBufLen(const int bufLen) { return (bufLen + (((bufLen - 1) / BUF_SIZE_DEFAULT16) + 1) * BUF_SIZE_SSL_HEAD); diff --git a/src/common/test02.cpp b/src/common/test02.cpp index 3f4ba61d..01cfe83e 100644 --- a/src/common/test02.cpp +++ b/src/common/test02.cpp @@ -291,7 +291,8 @@ int main() { nr = BIO_read(writeBIO_c, buf, nread); std::cout << "Client: " << "Server: ["<@p=`TxpRf8ylul|5)z3C4$*4j=KEk>Q`Q=vOV{X|KzL8m4NyT#J;m*UO}ws;Lhujc>-AKTCi0QqFy)&||M36fje@ z>hDU(QC$AfQX&}}WPeWMP$WB0HO&($7leZA=g+$!)I28?47Yd8>8PGRXa2mhSfs3y zx09F~KN`LjtC|>wrJFDrMpm#*&`KY*jg{@hUp(^d4~B2{e=D=7_0Ikq=Y4SC*I%1L zJY+Y?5Dyj7Cx=|q^RPuc6ps>i2Xna@BdiL)`S=|PywE!5J>yHI_l#N!GHs|W&pY4;;AB4j^$z+g9Q53QpybojE{=FOQ$(Czb2LKL%$NHEn{X z{fZZ(cJ)f5IS>tO494Pt=<1bALy>S`wQqeWzzkz!Yb0#M;=X9yFc@de%ecC((TD}2 zHw2nr zZ06g+m=O#IwW%Byj}Tc<&(B*z9qF+7~Cz|5YeQq7`$m^v_(o97Oz@ntlvVhBgh|*hL~}6WBkH! zB;FE@Z01BLR_kw!S5)|0d{HAF^#$VqJe~$%bJzP~LBA1+#nDx3?P_Cnx#4M?Z#2fM zjK)CxWb%!^lPkHlT3Mb?0mp3#<8V#~G z>}w_V%Pr3RQ~k|_LDZwMv7^Ii!(5AmeW74{i*ZA_(B1&m3*-nIabS&cjNv~vg#OhS zz$&BuazEMF7|(Udbk$*89D}5T@fm|GF;Q=aZVWnNa(yxb5Bg=!n;^3f1; zhla=WwGp$J8BO8M!Em$D5Qw$6(t76a@X<t_PImord296r!;%5(Q%5k)u#;g` zpvvF21x;AE{F@Aa%O+!kFBoEwjm1KAW;~a+{n0IL@rWj4@n-+5SwzmK){TDjLsSLl z75Iv!OO3f@jEWKn{{i*Q{B*q}Hf_30%pV zHE5VuRyjYHtgw=_>KEYrn*I%!TZ%5kx%DtMf)(-lRJ0Rvisl;5PQ&(aDJ|p+fQ;mt zTx=B1&t0;$0J7933gOK-hoSR)H-7c!Z5heHzZDo27c@j=dp+o}!Qg0y-fofD&O7eL zY5%EgyQF{2=_2-ZNw-f3o=R6G4}zvb{VkVmZqV*oZIB<%_E_2%4r(7}X&=s-WIO45 z>HC{Njbu+q?1q7_!LN;3mf9^g{;7lH;6+UW( zz>947I>}#R!|N$nC`IzPuJkDSP(-xDd48=VD8>$3a0E`59t%E3qm1=h@YxnTW5LTT z_;Cwq?wcytC+>8Z3)53q;g46u~RR%1$yoDv2 zTkyRWyuyNaTkuK?KD0R$fuRTtMPMib zLlGE?z)%E+BJkfc0`C`p?r+}CV@2L%;jgd2X?a(7ydZnn+xc|S0UnTSRplzi`m@vL zqAH%kh`)te`ukqbX0tmuO&6H`eMdA+7nc2f`!!7$l>L1_&@^30_V?YdX}W;y@4G|O zbm7?FceAGH;-|mwdQH=XVt=1c({$n9-*=^^>4LGpZ?UH7Lb1QELeq4C*xxr*({y3j z-#13nr*qn+>0(a5_lfeCE&$=brs)O&{MR&H2*Q6&(*+>>*EC)D!GBHD1t0v^G+pSy ze@)W`9{krdUD&~YP16M({MR&H$iaV2(*+#-*EC(Y!GBHD1snX=G+n6m_qjAp7ij%` z@BLl*@8}E^fuVw6m4Q0hsZoy7~1wOTCDrCK>!UJi*>3;=GwDg~v?Jb_Njrb188vO53W2)*cs%C!TO&s^`fA>=F{()g$*Fo=*PvT>t z;9F8bQMPvj->;NB9UrzWdJ}!I_E}Bd&P5I2WZuM^@loF7qOXF;1W#nMnPx1u2MZqu zpKC2-b^j#aw;7GJ(F8dhtZKZ8n=;-+d#^Xq)RS2Ga$Ul6Xjx+AVQyNYz~CIiIQ|pQ5+AK4%UofXgmG{IZ6T>g}{I}xe`Cmp?z-N@B+2Hjkdi+ zKYPGpLb=TZ)%DSjb=Ri)qFnVoR`s_JR^RBo`Pd;GQoV`Cy;y?1iJ#Q)YF9O?W^Z!% zbXx!5V5Xwmo9bG}8`GIHs253gc9(clrFAgdn|Ou12ynX&JW02VGHt*U2fc~cGM8XU z^rpMkKm{7u+h2Z?4&9kciQy@WGNEJ#_v0yVGQ|x_ayhT-Q1N4|__1!%_@9|cq%qk= zrg}RwF7E=)6q{^O2Fu>SiY_htEm_vdxm*w=Q@j^(`QopHG48;46jHl{quialA+$rO zgnQ?48pGf0oh8B(pYiro8ZU3+fQ9dqzd>Q5ha%DmXENWT&SeM5wFBl5Fa83J!a9tC zE#R4JxQecBvNI_vXnTefCAtm~y0^RoPkHh4?yJP#xwMt=bYrp}^6s4ns*1PG$KMM( zI%psd(?s^BJl#(q@Bq@8F4C83>P8o&Q_s}D3xjz-snQG|5FU}?WR_q?e7kT2mGS); z4Vn4e=yWD5%sdR0nQ0QcT3|iGA+8w)tmdsuAGbd2oJtR;h>eV5Qa0F{|q ziQOzPCMFSA0M38mtzAU|{L=q!vr}1aD&hzATpfw?`gyF>mL7m$&mRm$&PeTaJ4ZT_wU@s`inXj{Bn@WwYt7 z9dH;kkEOeI>aBb9*1d8|ha{c(2`oVXb|L`9w>(FSm6`|X%y-b1;3_*GC&jM#ImunL zA$i1Na@Sw7+0KE2_7Qs_&E78DOa04m{uw8XA{O^8r7iRaGrh^u&vBB6^CgaS(Nz2y ziSDC6Pn?E7#2*SW^_hI{3Q_2rY4SbG`3@w7W&Xohzv}t$ z2^WOzFVe8f2I}**Oq9fur5`V*2=EZ?Aw=<{Ge^z;bcF}H`XOOp{ z+x&yf_haGK+fb3{qREUXKQdJrvrHOuE%lH)$X_ID_#odc*)hoT1Rr#?o8S~BOzOqR zPtw9ynS39?P#lPo!VHHI{X5MCHClW`cavDMbY_hn(N_skJn2mKeHu~jn;y}_(ObzHKBCV{c8utH!G{rjzywz+VNx$f z^fE2nW%5nud>B!_xHydHESd{ywD^d=0RJ$eS6!kn#F1c!mEz?+sRI**|_kCZ!7R_?(L4`P{g4W(hUq#_>`S9k6ee?1G#Cc3s#ljjzWr&7cS`)Q}$M|Z2_)PEHU zda2px2gH;r9IK`8lG2X|X|x?X zTX=)9xLc{DArva_5}twY1(Pq#`LJwrI*oE5W`_YdW#u4DcFuJY7NJQ>1y13aCspKvmFR`AAQ@)qqBA*@=K5fShX)&+f z;oYS(h1@61D|3tsxb1ZAyh*ZS;Er-jz(<OO3zPKOb`PA-GjDeH5s$ch$#Yx@;DJQhEt@{X%-HWgo zv0H-|7-j56lOi*AWyFvwT&AtPkF(cahHA1K({6>MpV? zS^6$sEtNrd08E{a(>}q96Dx6>FV9Y${Ui1BWAJo7PJauEyXgOgVMKn2M^?h~k+Rcs zc&8^>wSG^^_^=lVV|=DDXF*s5-+NDT7Y&8i|4Z*o+y~na&r2u(uKlt>EUR)-zr!OT z4`-9LQ8#ea>5Pc)NsL;ljf#=|$SP2 zayNoT2f%$eyH`QG1e{{;N$!%fn-8u!Gv}uZU;l$8vg@V2slxxsJ4|Qxk$O6*HP`c> z3X@7qlb!*Sp4~r%0eNQkRNl{CKD+5}LGdjqGBs7`(w)wcoqANK#3&ZRCDbWDwd)z9 zV>+4h(S$3aX_H82z6nH3`!T}G>u}Fq25t&*4?0b7@pz>(KX`+;Qh;(#n~Pw0?&8GT z<;46AcZ)}Nue#L0J>{Kg&%N^avlD&Vk3T!fOm(-X2TtZW{@dH$fVR?^H^^Ha&ULa4Q}hJ^T8}@!Am=&XDJI`TobOYPKaW!U)imW( z`3e$CmiCnC5lIoEc+#2g{hr9er}4mFSUXu-TO~R~ARS`$!Ru<+C-BiKjhUUy;N9vg z$pm$h=&Gg(lPcV<`}zTwNN1kq?Km6>7BTyNOklEfvZ?i#KtAhH?IFnOquN`iD{n85 z7OW5!Sg#|OiO}6QM~AKfOya1vx0gFq1Bb*>?O_3U0qFgnTH%t|P56F)Ke+T!?K*A5 zcX=1-%u|S{ZNGn#>`Io7H;s56OnSd}II7L${rnsgvGZ~IYaZ2pH(GgKB|BZoJ3Yw( zWE3gmlc`b|lbo$1QUl@7bW|G$K|LHRv{Adc>U2iL_asJbeoYy5AK9NQ{mU$E)FUt$ ziwBK`48QfLHkl;VrP}Mb(;%k(d9vqANI3U~!bLnnbX0pnvSYtJOYxa&^qInvkZH+O zVoDWWrhDn;ZRt!8j1aqcld1B60Ikb@x99~rJ{~D7Mc3cteEE)Q++}f8yPw8N?dE*+ zmXTPp^!f93puR$g;=%K(SMl5zD>E*uo9MCPSpL+t_!jyP?tPo^$9%e2pC$X#nKp>X zr;F2J>R^T|Oorik8OltCH(<_S4Wmtlr}8o!JF0ECKQF^COonZF8NO>W7=oC5jw#v z8%PuoZrb4}5V8sIxA5f45pH@jA<_PaL{l%cWs)`H6P^=EPcQoMK@1U~wxG87kVY!%CJSPU*Mb_@S3}JeLUdW?B#=)BF140H_GYE-++dLKDh0N?-z(~%F*lj^h!Rx zhEGTOQ}H_uKb(Z)%LSs~z|V_%+mhb1WLx={XBK-Jjf%=@W5v>yMx%FeWz~EZb4NB& zVScqi-*WIYG+fbOT(x-BYU8Sg+SMKw4aD8S7;}gD$6uE6FW4+}U&Ge2M*fkVg>I%m z#y<<=W}MXxNnf*@g#sJmZia8*X#Q*H+b|1RSbRig4tjNq?S;gKPvx}4$mTyKZu{fC zk3v0jO&oU7gK!bI+ZcN>o9#h$_y|rA5u{$!<5BN^Ih*YUp7>QZOW)-i^-4Bdk9rg8 z9jO2OpSYAjeK%gcpr9T@?M7XQ_XElyKM{33>I&3tsF$MNfjW+Q59)_dA4WY2Z-^X6 zU5&Z~`n;%nQB%RKP+nX&HZWI5iEHAh5k;hfa6H9jJuhXm^jbYzHUhU%7&{j~+{tC` z7oeMToL;j0^zoM!kKA0eja@on;rVmVod%T4UyJ(CVf0CWETlJ%UpMe>X#+J;U$^7; zJf7L(E{XtuT8Z|V=B-Hmo059Qwqv;B6oUx|2kTICCF z)cPMq`;XCX$9Vy;FcqKnd5>+p&`DJ9XS6)$DJl zc43FOee}5Js@Zd+Y5UcZaqm>Ke;@NPoP6laaoZQLSI+z{BvWUP`~CuU_-xvtc1;?0 zcmaEPQaAYTcaM8-0n4~E;6FNT+?@;A*UotttJa<8kNeR=_QLsJf$Y%>#=Q)@{AsLY znG45#xR9l*Uxc2aG8BQK2nKkij1m=2pu`3qcJQ**D{6iYflc+DFuX;_i#qqj`(V7N?}E|! z2NgQEr1Ie>*$CBpa7sW$cFT(Bq6LMnW2p4XcDjzC^1fuGYZ@x_58i3;8~;)R|WQ&D)EbV%9VA_FVU)cw=LbSjDu|4oMb2X+p9BI!0f zMx=s^Fy5~GJ}&7Kc)msj|7{?rU7-K({;Kbl+clQE1yUpHdRecNb(^fW$$E#ZcguQ@ zth;4>Sk}F=J}zr~l%AIoS-WLjF6$au*UNgHtlMP0P1ZYPy<66MWZf<6!?Ny`^>JCN zkI|M)6Lz>|T`ubyS=Y;Yovhnry-n6TWW8I~dt}`$>%+3{m9^;Yv;S4!$x|BeO~!@p z8BOck!|`@^MFl>lSU#tsos$(`uB+p8DL%C%$ zU4!J~r~RM+UrjtdT{6nbEpa!$xHa46N?fgLs-+eiE?m{rUoQ}{k4h7MF6^ypUEv`9 zY{ifIRqLg~Z^MQQUu0A3l)@jzMn3z0$oVI+D{cMm=lB_{s9tDL_Pi$XQ*HR)C4QO> zp9(=2zO+2jhA)=*D2dBuiqU#Q{3SM=?imn1)`mYO@$okNsKh7P@WKM2$8E!BN&H+J zex<}`*znB~pKZf;OT65MAC&k!8-7gU)i(Sr%s=w?VjI3#;x#sWqr|-uSL4oUHjWSUnM~zZQ2gg} zJ!dofIz5-;6ZCOS@z(<9_hA$u>uVhF%?|i>2mDdsC2S%a-I7)<+{YFU7Wv!70(on zbZ>^rHyrf5?tmBLL?)j-7dYSz4tN0gn1YG=yQ#t&#-hL}o_KRfB!!Ji*y1 z1yTe@!^)m_;Gcp6XFhxU4)_)a{4NK4j{|t1YAo-J$pYD-T`Kbf{ zZ-CQ0Z}AE~eh(CzCnP?7g~0i}Y;2x|@yeG!U^Z}C$L#CO0*+5&YvgfXXk+XWKJJP# z>$MK}W(RzS)NhaTy$<}{4)|CMA;saK^ml_aX%X;z#zeZZ&0(5YN_%xZEIC(vVedRCqXwj^?~wHg7Q zY{r^gC8tA`e#I_^+#SAEJk^R(i{v89TjLu-zKyX)GTJG1MUG;FlD@>7gJGjRCNtnr zzM7njI<`*9L0g&{8%J(34ACEwP*9QykqZN6f3`#{Ikqc9$lyG=aBM~m%GhITCvBw3 zn!m@!BGPu`_=9;L6FGb+sS*5&G&l~2ncE~cTTPxcB_eeUWi_#STvl1Z`|w97xlYcA z4@wN=7s-iK!XKL_%dRTJ@>u4OB*vOp=by?wLkVDV4W7^V!4Z3%Eg_1IBC?S1R5Chc z%srKgAB^ElFOrxcwZ{tQ3r<{>(XS+L1uUD>Z*9e8|YY4 z#j{w|U*6KnMeUi%28kg#6xJ%9sL1a@Y9gJsi1IU4(CUu^LwL|C!H)|vNm7ohSjLd- zi~=3Sc_(sYaWkyh$!sPl2azVs)?y|Nvo#n7vKpx_@+XhVwdu1Cr5O!M;$+jAleCIr zi169gQsj3+0CCLE&6Jg^C{KE=8cWV3n#_Y^qvn4wSJ%n%m?$*m4;D zk0#cm5zM>0A?$No0v%YybapTP(qYV+h0iv&YC6yX6juQ>nQRUdPNsMLI%O%ev$qJfZ)1msp*D9+0GC0ZFa%Qi+p(nc)c zXJyFn1(I?Kf;+-b>&gNx@*1$E8QK(uK9RdC(82Qs!bhAzaINA>Qs_|Iq=(FaN^Y{R zHHf~1cI;NH3>T@bxc1an`=5P-o)6P49^BsN#hy=EJs+0MoL6mAeGYyj@Kf?md6S8k z3U15gl=+~n^7j16=jL$Jv!UElYm-;c!&L3gWgjGe725H7Xhhkso_njhT*~8iD=&8Y zeL!(bNc*pzi>rDD?mtr@A1TgCUOgWV0>dp~Ew7%lt6Du*2MaHx!&>OJ7(KIA_N(XA zs+N!0^>cg0r|K_5o}Pg#T0I9>wHk1;pIlM)W0RK@{?eFed3mEoJ)c+4i;e6 zkz!h2(NEgs)pGz<<91t4vB&QjDX-0}m+Z2hLdIE&8b1X+j}2l`^6Gh;svlI0vbOjC zTbul$D+Qyf?^TMWyuJT7ZSu|X`Jk%rmvXAIxx+p}1HBqT`!E&tJX_^USK}mF&H1bB z7zTy(>WPw9&(Djl6%vZiNxm5JWRsFt&reIFJRTS16uZ7j5T<=c$*bp@ZYf_b<45~H z6(z6ydIXrYfAwBZ{g*g9+e3|(qU2RQ9qm?megA)*5K{ZOQlaD&JqyBwDf?AEzwzq? z2mSv7YpJmk*e;j-m)me9Kg)(Ib=KN8#khoboe->{g9FMG{AS{(>{ou#_$b@4smpDf b#OC9+9Z>bF7-_l8C-2!JI2PChY$W?H&y;(N delta 9730 zcmb7K3wRS%_Mb@`nnFtx+K{A$rVoKa3oT$NZ;DDuc_=Se@lS>FP+5us()9&|0$GV6 zDjW)e?o!qlx~`V3y1)lmWFh+D0*VT_77D%w1qBtXikm&>+&hygvitvbzOVPr{hf2q z^WJl(GieN1Rt7AOyB&316uwGDr}$QPe?GC^DMt0Hj~6C7^Tfaj4z+Oj#dtB&d&Mrs zDt2w?c8VA)RjqrsoOdhKs4hpIdVKXL$1-&inM6Ll0i~dB>hruqrOEb6=FH8)sKmD{7Xa5Oyv86~nu6-PA77+v);) ze34oV!{c4*E^ZrOete;t&G$7>i5#WzZqSgc9qh5X)Guh3I+y7?iLRc-87`bbZ3pJ5 zBPz7abgQY%k@8WZAQWts~bua-0EK$JH)(mSpIUp zznj|^nR*{-SYvam2Z;fSZ1<~|S!omOvAI0^F$NCBtz^lFQ%LBlY`9>{R~ri2UW$in zQp)@)25XX4;k0HUeO%WE+9^tsQiT{@Du#W!q>saK+U(iMiqckDD6zGx*WofqRF=r` zt30+TK{>8YpPi^ER%I=Y=^}moBrQu({7P2-JQNVG)R`E1#26$!&P0z_Mo2mdJo3sM z9JNzkme}uF)>{-MLD??H^LgAxc}tELc3)#t6pL~c$BHr<|73&^Ga>j-=$JCNvIuc5p#Khot1kO{f(r5S@Z(oe52V zFrupvtv8`rK=`*o6{zqQpiM+PmR`Go|gCj$_tj<=6(^s3_k?y9{dRk+s88jCW0A6eY!b zgQ9$wlKB&kt8ty1$8)b3&l=tEV@}8dfA7+Hbm}NY`TmYxDc%)qkS{!BI3m8Vbs%*E zS{6EeA?u}bybm-kOpG?Cc$X66UfCnRgZYcwj)H=&8R|apb2R@ImgS5WTzOM1ad~im-i>NM zh~#y%wEr2-=MB%C^Am9g-Xc*U(V>ieEF*9jZt6a<_%PCTqcBtu(S9LHC_osh)yNQ` zHjM-sglFMs_e}pW!>Ug^ASdAc_&Moj*jQk-!reE?NSSz*ELuopJY!ydxi>s34(983jAJ+J ziB*zuF`c?dF0v1Xi@cz&Duqi7>LFu0%F{}s}M0a`T} zm;>3mrkPUH6q?>T6_ZI7r{Zm@kX7`vaQASztR_ zXJKh!uD_gj2RnL#SYug8!C|PDrx{r|M$U*VG_t=k3mW4QtsT4k|7F4YU8^jNn4hJ` z#>>`3G#8l?a@Gwa0vlJ%$W^j128CgIc#BNm{jDhpWRqcebIfuNTh5M!tv~WXLbYfO zD~o84kigb?d6<-QUe3Y!qO{_@auQ}|tjcLJnEqW zda{qJ;;GKM8B>PP9UhcuHZFmt!A7VSFd~n|h_)Ap<|ARcA;Kd?IE09eFtP7wRfA1^ zon;)lu(gN5yPoAow8zLA@|rkA9#@I!)|dqwg~_5E5B^49YZ!t`m`CA^5sYCwa{*E(%-aR?jl|5~>(#0Q5D z3xFtPzHpL7R}e5s-p^ji&C!^ldo_%0j%X!F7CYeyNyC+pBft>XI<-+a+ZkQ!C0Or| zv9_Q=MmbU&$sW_OP*a@i_YE|n(?ra%z0n?rLPt1FiS2CD_Snhp${e>bjGx6KBU%M3 zZhEnZ&VhUTYO;_&3#ZT3!K~Dd(n2t!26paC2r^}2L9T2`D z-`5^t0`lF>e0T)2b>>)SL1Ia++6X;MJeJ>|g}PpyvbC?sk9y(9N+~34J=LGYMYQ8* zp}xf1aSL(b$#PQLEreq*#0ltMY>JLc{3`i3zM+!|A$@qwvL(YjM zB!+FJKwup6bivl=nHJGDiP=cQH!Ped6#0lQGM3+mg?{8a?NXE+N+>c;XU3}~BM+Pd za&LUKpJ72cTOb~nF!T?izhi>cDiWU|?f8HUYoQH|pdWSrW zTt?ZMW>`_jDk9nwnxDkBsynr0S;*NwX2sJOqUF12?m>izx`a#flVl{!I!c!1RarC=KqOMEd}2<<2_&Z z!@l4ibd}CTpSnj9LIG0(&ap)@0YeNU*0Jb__9(}X)`0@sOFH^13>)qx^Fq$E_zq6m zP(!?-FvVJicL(J_ZmBq$sh9Snsk*nFq@pxdgdrwV#9DW70O+5oS0#JUe^fh*a<0h5 z8CL9^9y8?!VhUSJ4K=SbEuy_FW+QF1F7v3i;nyP933HI|LI+_g?z8!y!?_^|9k_;? zcUgaEGc>o`-rhzeZe{gG%?W-+){L#AC`Mu2&@?|e8LE}*k+ak47<}PVQ>>Or1H#rf zSwlqILGoHJ$G?%rkh3Ue!#-p(mgC)CuJ|P#dz=f?#B@GwLK>>D} z+8@Y1T&L#hy^&1A<0EFk7UUAuJM$Fr2THMki0Yjz03QOzZXv3%()cw^0&*FZrMbNx zj4Ww|`?Oz}VR~wG3M(GP&kJ%@=AsqGcKHw0`>|$H^mpDZ)W)j!1ViheStPznWYf8D zit4?9Ci9k9Nnr^&)tK^i$SiW;``@bfTy~x7NZ7h7S$DmoG@^aX2(I2uCv_XXBTC3w zg>TGd08~c86l)n?bM;)~6xT|2s@_#PW9$iU zwlL*%zG2FJ#1ytR;scp@fbS>O^b)g?c0kf_qj`QUvZJAUevI$JNgEkS4~=l(hK%AL zC=L2%;>2u3Cow43$1FKUh|Uwy5>GaGC&~r z#t=6nNfTno4=}CFnbbQ5e8_-32E4|=H%*4>wG14L0rxWSml!aC0LQ8r&>P*+roi)M zeGAU?px{QdI?@ofuEq~5qB0$3!hZZfF_*E3wz#3q$ls}|((sTkkg%rX!oQA7RsD*Z z5jUs~Yd9XGO46Zd^nL8#c{dupjQz*hr(uC#^?o$E6UWsbM56`xoYR8+80>HPFdAKj z{XdUJqpxCLfUmkPW4{dhPH~FzB=!Y3e=GK5u#aG0h5d2tS7G1w(lycOOL#LF-_yN= z{hzQui~T|DlTgqJ>_4`^{_#1T-#QYF^5?}H60qhf3ce}k?|?-IqtQmNP8jB_#|ip{ zuO5_D_;)8vp5Rq0-~ntW!Uk+dz;a2q)*JW?D!rAPRvw?!{mux z^%;0zVvmlCQA|cgQiAPqw22hb-(J{0v0D%C2hr$wd}9*-C_*FJ+kbDlKDo`PN8^^q z#|`a_Gsu9!XwXmJLEA~0Y94f-HdV>wZ6ad zN5{{o>A6(bw*Jb8sW0L;&9KLHyuWhTvkhg{c5?mHUwOY%Bl2&~ay>af(Xuq;Z_07) z9H6Yv{TjchuIb@w8lW8Pu?*)n6}tX~coE|zu1y1#3nhmv4RJSLYy*uJw?qHDtAEZd zg~Tb|;q=9sE)>iceWIpIAJZ3S^O!!Fo5#~(_7rain@^zlKeM>1VB?fb)ehUI6k5*P z;7c5Q0*Mucj$7{*40`r#P+sA6Y{AD8y6D3vU8V3q#Z77{yj|f{--k05cdB^}<8Qx5 zg}0_^>S5SA&E-+#*Jm+7{M5mMU-L`h)U-m>?5K35>n`g&EAd8E@ZYAYhU+TZTku`v z_!+MB(lSB+jbuB50Vhf8%3#@yUg|j5I)i?{aB7CjqyLOU7uYwR1g0yuf@9`mY8Gss zS?I_dDX91W#+MyV&0L@Ojr_Vj9%^Q7@|=?@b)M6xvID9N!hkypE&nWo-`;V%YJ<1$ zxCMWNk$tC2&E4V~*rlAy>}^ouhIm-sPZ- zZ)I?({?K(o;;+bnU~c$oLENEqQuOcrb}6wv`fgY7z19^rXF%m_7bajew!^rc%VG@vlkUQ z&fA0xz5fI%5q%$@Vd&EPD%iZJFtHS$>gXzk`UxwJyb3!G=4m#FS%K;c}ZcSzUyspe91`sc1|r!{ntUiS8=F>V^$C(zjh69A8>u kl#p9*7d%@ayC#Y?H+xx0;=DNm+XR)%O4JnCu&mp^0jpV>`~Uy| diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 2cfe5057..086c0e17 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -801,11 +801,6 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan WRITE_LOG(LOG_DEBUG, "BIO_write failed"); } } - if (!hSession->isSetSSL) { - SSL_set_accept_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - hSession->isSetSSL = true; - } if (!SSL_is_init_finished(hSession->ssl)) { int ret = SSL_do_handshake(hSession->ssl); if (ret != 1) { @@ -827,14 +822,15 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan } } else { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); uint8_t count = 1; // session handshake 8 Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); return true; } if (SSL_is_init_finished(hSession->ssl)) { - WRITE_LOG(LOG_DEBUG, "SSL handshake ok"); + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); + hSession->sslHandshake = true; } return true; @@ -908,7 +904,8 @@ bool HdcDaemon::DaemonSessionHandshake(HSession hSession, const uint32_t channel #ifdef HDC_DEBUG WRITE_LOG(LOG_INFO, "session %u handshakeOK send back CMD_KERNEL_HANDSHAKE", hSession->sessionId); #endif - if (handshake.authType == AUTH_SIGNATURE && hSession->connType == CONN_TCP) { + if (handshake.authType == AUTH_SIGNATURE && hSession->connType == CONN_TCP && hSession->supportEncrypt) { + WRITE_LOG(LOG_INFO, "server support encrypt tcp status: %d",hSession->supportEncrypt); DaemonSessionPSK(hSession, channelId); } hSession->handshakeOK = true; @@ -982,7 +979,6 @@ bool HdcDaemon::CheckAuthStatus(HSession hSession, const uint32_t channelId, con LogMsg(hSession->sessionId, channelId, MSG_FAIL, authmsg.c_str()); } uint8_t count = 1; - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp CheckAuthStatus send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); return false; } @@ -1014,7 +1010,6 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const ClearOwnTasks(hSession, channelId); if (*payload != 0) { --(*payload); - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, payload, 1); } ret = true; @@ -1027,14 +1022,10 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const break; } case CMD_PSK_MSG: { - WRITE_LOG(LOG_INFO, "when it comes, bug comes."); - // 收到了就直接起SSL然后握手好吧 - // 好吧,收不到。。 - // ret = DaemonSessionPSK(hSession, channelId, payload, payloadSize); + WRITE_LOG(LOG_WARN, "recv unsupport command CMD_PSK_MSG for session %u,", hSession->sessionId); break; } case CMD_SSL_HANDSHAKE: { - // session handshake ssl step ? ret = DaemonSessionSSLHandshake(hSession, channelId, payload, payloadSize); break; } @@ -1045,7 +1036,6 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const } else { LogMsg(hSession->sessionId, channelId, MSG_FAIL, "debugging is not allowed"); uint8_t count = 1; - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp HandDaemonAuthInit send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } break; @@ -1088,7 +1078,6 @@ bool HdcDaemon::RemoveInstanceTask(const uint8_t op, HTaskInfo hTask) bool HdcDaemon::ServerCommand(const uint32_t sessionId, const uint32_t channelId, const uint16_t command, uint8_t *bufPtr, const int size) { - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp ServerCommand send command"); return Send(sessionId, channelId, command, reinterpret_cast(bufPtr), size) > 0; } @@ -1250,18 +1239,13 @@ void HdcDaemon::SendAuthOkMsg(SessionHandShake &handshake, uint32_t channelid, handshake.authType = AUTH_OK; string bufString = SerialStruct::SerializeToString(handshake); - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthOkMsg send CMD_KERNEL_HANDSHAKE"); Send(sessionid, channelid, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); - uint8_t count = 1; - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthOkMsg send CMD_KERNEL_CHANNEL_CLOSE"); - // HSession hSession = AdminSession(OP_QUERY_REF, sessionid, nullptr); - // if (hSession->connType == CONN_TCP) { - // // LRTTODO_ change the CONN_TCP to ohter enum or other 字段 - - // } else { - Send(sessionid, channelid, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); - // } + HSession hSession = AdminSession(OP_QUERY, sessionid, nullptr); + if (hSession->connType != CONN_TCP || !hSession->supportEncrypt) { + uint8_t count = 1; + Send(sessionid, channelid, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + } } void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, uint32_t channelId, uint32_t sessionid, string pubkey, string token) @@ -1270,7 +1254,6 @@ void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, handshake.authType = AUTH_SIGNATURE; handshake.buf = token; string bufString = SerialStruct::SerializeToString(handshake); - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp SendAuthSignMsg send CMD_KERNEL_HANDSHAKE"); Send(sessionid, channelId, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); } diff --git a/src/host/server.cpp b/src/host/server.cpp index ed13a472..a7a8f4b5 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -473,7 +473,6 @@ bool HdcServer::HandServerAuth(HSession hSession, SessionHandShake &handshake) } handshake.authType = AUTH_PUBLICKEY; bufString = SerialStruct::SerializeToString(handshake); - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp HandServerAuth 1send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, 0, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); @@ -488,7 +487,6 @@ bool HdcServer::HandServerAuth(HSession hSession, SessionHandShake &handshake) } handshake.authType = AUTH_SIGNATURE; bufString = SerialStruct::SerializeToString(handshake); - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp HandServerAuth 2send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, 0, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); WRITE_LOG(LOG_INFO, "response auth signture success"); @@ -556,13 +554,6 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, WRITE_LOG(LOG_DEBUG, "ssl is nullptr"); return false; } - - if (!hSession->isSetSSL) { - SSL_set_connect_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - hSession->isSetSSL = true; - } - if (payloadSize > 1) { // session handshake 5 int retw = BIO_write(hSession->readBIO, payload, payloadSize); @@ -595,6 +586,7 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, } } else { + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); uint8_t count = 1; // session handshake close hSession->sslHandshake = true; @@ -695,7 +687,6 @@ bool HdcServer::FetchCommand(HSession hSession, const uint32_t channelId, const WRITE_LOG(LOG_DEBUG, "channelId :%lu die", channelId); } uint8_t flag = 0; - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &flag, 1); return ret; } @@ -725,7 +716,6 @@ bool HdcServer::FetchCommand(HSession hSession, const uint32_t channelId, const sfc->PushAsyncMessage(channelId, ASYNC_FREE_CHANNEL, nullptr, 0); if (*payload != 0) { --(*payload); - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp FetchCommand send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, payload, 1); } break; @@ -1048,7 +1038,6 @@ void HdcServer::DeatchChannel(HSession hSession, const uint32_t channelId) if (!hChannel) { ClearOwnTasks(hSession, channelId); uint8_t count = 0; - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp DeatchChannel send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); WRITE_LOG(LOG_WARN, "DeatchChannel hChannel null channelId:%u", channelId); return; @@ -1060,7 +1049,6 @@ void HdcServer::DeatchChannel(HSession hSession, const uint32_t channelId) // The own task for this channel must be clear before free channel ClearOwnTasks(hSession, channelId); uint8_t count = 0; - WRITE_LOG(LOG_DEBUG, "TaowerADD___server.cpp DeatchChannel send CMD_KERNEL_CHANNEL_CLOSE"); Send(hSession->sessionId, hChannel->channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); WRITE_LOG(LOG_DEBUG, "Childchannel begin close, cid:%u, sid:%u", hChannel->channelId, hSession->sessionId); if (uv_is_closing((const uv_handle_t *)&hChannel->hChildWorkTCP)) { -- Gitee From 3b0b03e98be77615a7d869d58b8f04c837cf5e13 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Fri, 23 May 2025 09:49:04 +0800 Subject: [PATCH 08/11] feat commit Signed-off-by: TaowerfulMAX --- src/common/openssl_client | Bin 17184 -> 0 bytes src/common/openssl_example | Bin 16688 -> 0 bytes src/common/p_main | Bin 33544 -> 0 bytes src/common/p_main_c | Bin 33584 -> 0 bytes src/common/psk_original.cpp | 624 ----------------------- src/common/psk_original_change_1.cpp | 712 --------------------------- src/common/ssl_tcp.cpp | 18 - src/common/ssl_tcp.h | 41 -- src/common/ssl_test.cpp | 78 --- src/common/test01.cpp | 40 -- src/common/test02.cpp | 328 ------------ src/common/test03 | Bin 23352 -> 0 bytes src/common/test03.cpp | 138 ------ src/common/test04 | Bin 29216 -> 0 bytes src/common/test04.cpp | 125 ----- src/common/testbio | Bin 33472 -> 0 bytes src/common/testrand | Bin 19664 -> 0 bytes 17 files changed, 2104 deletions(-) delete mode 100755 src/common/openssl_client delete mode 100755 src/common/openssl_example delete mode 100755 src/common/p_main delete mode 100755 src/common/p_main_c delete mode 100644 src/common/psk_original.cpp delete mode 100644 src/common/psk_original_change_1.cpp delete mode 100644 src/common/ssl_tcp.cpp delete mode 100644 src/common/ssl_tcp.h delete mode 100644 src/common/ssl_test.cpp delete mode 100644 src/common/test01.cpp delete mode 100644 src/common/test02.cpp delete mode 100755 src/common/test03 delete mode 100644 src/common/test03.cpp delete mode 100755 src/common/test04 delete mode 100644 src/common/test04.cpp delete mode 100755 src/common/testbio delete mode 100755 src/common/testrand diff --git a/src/common/openssl_client b/src/common/openssl_client deleted file mode 100755 index 32ba046ce61a3d2f137ce56de61cab9b177d36af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17184 zcmeHOeQ;FO6~CJhh)PVNAOtH}R2&dl5(vnL=t5X{X#<3iv~+~rc2o$0uciQuEF=HBSLj@>ARXcP!b`2M^vFq~bN;&Qwl9C;U3+>X^o0 zrFddY@JD`iS_d*LM0LAv*$JfgCqcc{tgUXryCB!;)xtaWoQ3^)2pOxnl8(246DnTgn^8etF@C z=hUVx?FtDX`o1Hr&gH5ylbOd#<-)Mt6 zSkRw5n%PW0gcu^iAm@O{&_dr}of4PhP zDHr{_T=1hVI1aE-yVtqke{k^=alx-}@$;~Y{*5mBwu}B9F8Z&y=#RMIT`qoFT=Y9! z^dEH5zsUt}bnyc)^TJOrmjU3_LEv#3D}-+ZywLGApn*d848Si38@=GXTg~P$uU|-L zUSnoc+h#LtC9JMU(zX(9n;WC?nAH~Sh+51vyL#d=Gie7CwrL90f{NR>H=DZ?5!+%| zOLnL1aC~=+GmULK%$T)X2rS#|4705*fi0*PiA8KPnT)cw=Iv%E8nI%w*<;z=@i5m8 z#bYrmWIJ9u6PEDb*wkVKTFox-77O+WjG90&lu9JfS18ikZ6&xpx6Nxel<4oZ<1EnH zYW5}~plu}*@kG+>?1f>6`hsR>Bo>TDZpA3T92b&N=m|z*EEx~oY}u^G>PZ6WP1#8n zipG-`>$c;uBum;5&jjn`9+}k_vB3ufF?6#T>b}|R3`U}ix7o=eG3akF98NH3144ll z=Q6B|?oF~-Tj4}*nXk@Q$2K)Lt#34!`Wl?tvdQXF-*P;?hg zy#Vh4RK^v2I)Omb3SOh&rxkpTf=?*;r3y~h8{YqF6}(F7PXkO2l}l$UIL4ofSHbDt ziLwO>j`u|>bqda(=cHhzf@3VG_!S)cM8!~WiYdxk6dVqiQ+6o$`3}n1E(O0p!Mhb4 zP7J5?D)@yC%2=O*S1R~k1;=xh$~_8RO(4)=1y|?MhZI~s+HudY?;`MF<=jt<{in)}!LoOjFlO8} zYM11W8T(%;f0;L$TmD-gW7*vNw}4dEGSu%zNjCFNE|(kTJWll4%yEau2|k-S?C?0T zXEQ%^c%0C)nMWNSC-Q9OK8ME%Je%3)@Hla2Gq*TAPT1K@(BW~S&SthbJWkNr%sPk1 zi8-68cX+%ZW;62~9w+E*rrP0gV$Nnf4v!OZHgo1IjTa|k7{9~g1PtSMc$|1){0@&3 zE{xydaiWFsJ3LOXFn))}i5150@HnBu_#GZ6QW!t+aC9p8(b>TG@d1AMVmw-t{9=ut zukn{@{7j9n(D*Wq{}i6{)%HHt_zyJxq{hFk@h3F?4UK|@|PH-W9wKH6t?gAgn2U)%fO!Jje*oi*chBLe*t$Fn5Z9p5o+uZ z{!3p4r>9sTvqd1Ui9|eV}m&r=Ik+ zpz|C$ei7M2IQ^ur0O>&B=>9!NS$_?LbJhjI>S4#qgPw;1-10m0sKJVU2t&<<`q=I{tX1)Gln*g4+f5Mb7SC55G(<~;dJetqc*nqnp9ut zwD?V^8G|qu&~3!}Kwu2UH73S&-_^qXQ_!LqmkBz9?MK06Y~WXD^dg9m!+I+S_fL2# z?;qvu4VG<__7TUvRFH6DC`<39PR=7#Oi;iXA9#HC^fM*C3I2soyAHEIf@Gx)N7;K*i8;fS} zQ^hVzH-Xygc=y3mir<@@yAgJ^Sc(xSMxYphVg!m2C`OqX8o6qEO_X6Ds^f92PvbkI{&=Vi# za?b;$caxr5TbZY?%5&-TY30N4w2wHxKYR%EuL8<8OyjRfuY_s?{QThm0ImuytlD_t z>@QYcu)BOOyJ61itCwAQIiTErC(whZb2)B^AQbd#!*2v|Y=;WAh5f9Cezo92BXD8W z-6f3`Q%g6MK$l3ZNQ)6DMxYphVg!m2C`O&jkU?KU(XLE7nM`Y3q<+6;) zN3WbMqVkl>$MK(lupG<4>EIxc(Ji?iU)H8XH%87qoYzVs^?~U+-)1)h(`1akl>UrAvKv4GSgw*&gvU zox;xKbS*q@JRrGO9(b=*z)$3b^zpnZVO4BcO?Xi3mvxo6<*$Dm^e=)QHOYyMzncNW?{ZxAAnN#mwa|Fq zbHS&=yje)U2Jq^V8Ydr9khD{soxTv8%$qmu9!O!2$E+l1hT~>eG~N-6nqeDr z%7dvs7K-=uMlIV4L*jNp4NN$Xn88FM*l)u7-$Xy_Oh9(K8BX=|^n;1QiOhLb6;j7d z+e+HLP%q}MZ){z+Iba61Y{0C26ZXiM0YieuhE`^7`0AE*o0}S$xv6>U`gP6b){Pst z2inZGb?ci0rp!(EQ+hdOlJms&JOmT?F}EKx>;05jFY?k&D;%_gGD|+s$ZXmQiSXe_ z%uFS%Fmz2#w9nHdk9?1SNQT#1;hFg7>>SXPu$Sj<3DA@Z>;cd;M5cdU2jLhd<7Rg- z7KV)y*i3;yAPhSMV9$f*j~{CozP7QzX#n#0x2x&uHGF?b~9hNKL$+*YA1vQJ}f2S zTT>omf-GT0gJ>XYy-}O_@M2>=sQS9%vXZny%x7DDz~cM_+Hrny`>bv`BXz^(6^9c( z#4IK(s18j9dm`XWn8RUVKA01G#HX$TGxfg*;kptYN#I#jl-Y1!z(SPPl>!yIR7ZLR z{BSKt_A8}5(K=L8id=p<$O@>b_WJ(ND;-Tyf!j@9!RKz(o}T-Odh@jL89Kjw1=zpB zT9Eor>t&(~q&lsa_5KGzj%#JIACu!JN(*J|BgUERXS%V@me4o+nD{d1{~R zY5WgL`}NWxy&oV-?-S4-ZFKub0mGP(f9H8mKKIdk6HwtrKmLyZs@i*{9nk|?!0B<4 z=o6a#s9YZtB|XvlG(6R)RZ(KSt7dq8z4~aZD~iefealczL7kjS| zJO8U?`%>M($$pW8hzj-n?d^pf z<>g;3e43lNy&~sfROgeaKAmDsPrPG8&6=KARZl#T?W^jm-B7imCXh)6*2)klE(04~ zQ#*IJ3Ah;}Os7%!2Nci#NOql;lm2hZBJZ#N_?zzp;`>(ZI&ok3k7`bBA{~mGY)FR+ z`O_gvp6V6YNJr+w_Xy#B!pQcl^;Yj)(?i^CNS0Tg0C!CuqL}kV@aK!*XN%w;6~QUW zLhaIl6vFov(a#pae_sTrJQ>)$jlL<3pN7A-wD%FCDt&J^a#!4Tw(q^w^ zcPC?_rKQoVYu#sNGnN^((ssNv9*x+R*%^ml7AC9*#Ga=5-NeTeaofyfdK@8HHl^bS zVRetyuMF#(o6S@@p0G_Told4RW@idPM*AWVCn7!Z2PtOsl&FrmHxf^XPHE98x-2`H zvPH(m(WXU8dJtA$+!nAv%hZ|HQ9YXOPua;?mTDWEK-UGT1Jz<@W5c#Ob8TQ+$GMF_^3Ket8U)Yqwx za~XHxbl>1I;li(G5Om6g&v)T7E_{It=j)d4ZB;*Yo*wkmlM#of2mJKpUgi<)r2s{{UC4OBf7`=9>EVYx{1Fd-$irtne6NSM zJp2I<-{$6n?>7vdy)QiYyYS&ZOf|LE2gic1hle-+5oygW-UQ8yoq>uKkK!P4f`&KW z3nV;T)=cEC8GA8K-Eykq)XmF{SF9Kyz0;aPf3?(Kzmmx6%i+PP@X0@K37?#q6ZX9l zK6}}|4i4VO@R%Hw=f*o_-q@bb@4)6uGwe zhUC9e_BMFm0oXe2ll|la5K^TLc0Z@+Uc$?^m^cnY#S%7g4D85()2uk+s^bc+oHz-2 zc(8sdJcMoVRjChtCVcqNjL5D+O4co)&|aOmlQf6QLWqXgC178oYjomnDX5=$-D!n9 zhX)VM!0F6SNhdtKV4igI7Mb1zgCk=V&x}1fW-p~YVSGsV%a_>YdDPs-zrx#fcu*P- zK;$+a)y791r*Z11(Q{Lh<4d&o>-CbTMkzVV}t^q~<7yTBP;- z8gS#`p-KeTME-{tv^x>JDD&FyG`9t{@X)UDq52Eq;l=kTJvjQ)C%N2U{Y7}sRXmA9 z%^sULh?b@K>!)QOlJ^Mbu0VcErIdkE21*$yWuTOSQU*#HC}p6Ofl>zk*D^r=J=zlV z_sOu6Ml@~V_m6@9Lq;^2u&qA)zLCF~0@1Wn{hHM;+A@(YYol>X#`sEA=Ao+SfvZF& zO2_WIVa_J{cS}R^Gk?kDj)D$M<#MB-BcQK=R)3Jor9hWX=W^qq+d%1O!fsId2Xg{6 z1iJpiT&|tQWGM9Sl#1`cX5s6r^xZK3%JLD&2&bQ&FT(e&q_F);`Mcs~RBNz>5CgR> z7FO<9xa3O}S3gibAhs;qc-y+0R}xJ2U&Zzs^rRtyD1_VC#(*CO^EpHvMHRw|_olrm7tKq&*I43siZ%0MXtr3{oZ@L$OQ&-3DWU3&N;=ZaAP%+p*n zH&5dpDss#~6+IZiuP9k=rU41cQbnBk#5ZW3#vW9bDI$2D8I32Xu>7x=b4lVy^<*rb zdzI1^o^y3h%XyB}9vvUgDO*BLP!=oV?6sLl>G@PV7i>yv=)({^hwFNcSL*;7-=`}a z_c^V{bGf+vSO`5iAn$mPY(-BRNYdWgwn5JI;|BUDPhCA!(HX5tiIjmlO zI&tRn>|vG`@^eaxuXX0jv-aDl_{8uT<5%eFyMs(83W)6pH+&0oo;T3FYkufiLne z6@0z2@G0#lt`97>Y4@5@nwg)0W-MuT^&~qYJ!Z_NS@4l; zpNJ-VQ$3b##V|R&paxBmkDHNnI?``i2|L{{I@6I}%Zz1vd;4MH;?!h(w<@N`o3@p) z1JM-CxZlydbyvMvzk55a3NW!Y#H(YZoiKMc?%B4r(cH6RM@xOH z*}8RGW4-xlGyFrm96-&oS5x*wJlURR*qc@?Vn?tRVGri`$KnZEVGu(Q?nMB3267ER zfrSH}rjWBt((H~TVzlsKf3TJoB*f*K0yCMi63D#U0ArIp97=;#VcpEh-{c3py&P8H&r3V&scy#r`i@c^x6H6`F{6Dhv z#1n)FWcqvUNC&8$R*lIa$KSbqXdC~Bvb1S?@O@nj;8F(FG^JrOd{wN#HS0`imvPz`h?!BQn-MMXgV z?g&t?g?3V2^#Q9}_tWkeyfLSIsJ<VwLQ~nQgRi3uV!ciDsFr4dO`Z{;x7FBXN=y% z-1ht)$kbp(O}+MC2L3m^qjUT`j$yh=+wnNY8-E0H8pE*tIeq+0pQhxZP>fV%dmeAZ zfsqN@^SFsAkCUJxi+0DXxF0ndgRni1JD9H2njAmtF?|?v8q+Y(;~J(ZZBOx2oE*P~ z1--XWPT8KvSxkAH#qF~_AOAPB{Wk58$8AifG*0$p<$ z@z}H5mpu0TUdxof7qGrJe=lo$rx`d>d-a)T`T=Y!T=x8(WM36P6xLJREYJ8Q2$NL&VyOR7VLLwm-vdU6$oBl5B(;XL@sC^)XV3ObuYj@JUWBx2wW8b(J77EJ z>EAJ7+`bV~lFB0Xh7vn_`ff$-Yjp=_``aBvRY;eLoAR}zBx)bh4oCF`L+f+t{hj0I l`_DXJ9J{hq`>7g5BOW2Q%evIvJStMOw^nH^^B8zo@ek1HPuu_i diff --git a/src/common/p_main b/src/common/p_main deleted file mode 100755 index 5bfa9a9958c243541fb2857e0f710b86c07a875c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33544 zcmeHwe|(hHneRzLAS#$(iKQqy3VJ~#k`R6>bRY~2N;DFp_-kK=$%Kp~nQ?w#(8k7w zc$to~O%+_L)eXJ6>+O%bSgS=U7^MRGe0u%LjcRK%7t;@mR?;+7dDcgh10H(SUi z;Mc{@XJf&S;h4yG3xZscjuht75{VaqQn|@=kcXZtV5X?DkSLXNN&{0wj-sqg@Kmmt z4qfzv&A;{CUt z_tkSs?)mmHk|DdP49QR;dD-Ne_u`0TcsvT8EZoH=6%uw8{%Y|z5cp+l#Iwnv-Yy3{e{jGp2R(Zo={YS>T{2>`?Dl9PmdR@PtD=&vuZ%(Lw$j4)K54LC;kVdPW@d{MI23tq$^6 zJJkEEL;UAD*zmA}V9sXX3GWK*O(^MD0x_$pk*!-(Z$$%vE(o9Nny<;`g<*Z1njz^L!NvD(8rLyjU3#_$Q*E@M%Uv1UTv({Bw9#m;XILaD<565nxSds3<_(VNnQZY;5(R-O(ieR&-4+?TZE4 z(ZyQ>tvLNDtIZ$YN)+b_NF$fWup1!}%Cbn6f3xLp-fT7bf-MZ{F`UsI+gv&pC$?te zTj;QoOT`-fvt|)HpV&=)Sfw-l0$){AW6iCYqsIjtgIl#`_3|34s-jvSRb~(8W)G_> z=CPXf>z6HGZB@dW>|wSAxZ@N5=y(k7JIC_8G59S8 zPm)FaxPXm=@Mar6 zI78qiaz3Ht6@Mrs^2r>pIOM+r23~65M+{s&Go$Q517Bjurwx3$fe#yaje(yu@Kpw0 zChezb)#V1R=2ZwGe=ec2)clEXdRC#5nr{)lMuDJeK1cX!16T7o!ml*&Lo{(m8izkQ z)#Lntfuo^yI%43MD(W<7;F#L$ls0gxTcu$GmtBZwoiuQ=NvAe(M3`!OLP`uA9bBg} z13z7(cz$Z&=-@iJ41Bys8Jl6?6AXNgfuCvM3k{skLzUbHK2d?7UIRDp1L_R?3x@o9 z1E=R>Ds3?Eas`4m8~E7<9yahV8hE>bPd4yQ1OJkNZ#QuHD4FN>82CAc{DTHg_ev`D z8u)n%1bxE5&o}Vh2JSNOJqCV(f%h4>c|UZ>z^57V0|q|bz>gUCMFu`-;1?Ts+Q9#Z zfe#zF9NKv9NduQdq$nlF6YBq$7+^ z(Flx2U^D{%u?T!rdfuPBUGJ87lf}Qg2Gh6hzF1*qz}xlHk^@{pX5M|ZjE!V2x*w$U zd`9xklru8)Rwk3_;XF;WM}}U}JWa4ihF;J-O{_`%0Yn~>q@L%&ZVI3JN&^%34M}|K9RQd1X z{9Br*i7EWoJWWX9zvgKo3jZ}v6HxfCd75~_f6dc`6aH(SCYtbH^EAPP|C*f_^)}I*rEOZEd9r5kh+RS15DKD{0HB$I+u^z_*NSqu<^Ip_y!waYvVmO zeu<5rXX9tv_={}(R2yGz<0shoVjKUdH`o6^+W7Zu{4pEg8^6=Wr)+$;jqkAWaU0)i;{!JS78~DS<7;ia$Hp(Q@$+o_Y#V=(jh|}c z%WeDw8((bWKV4;Oe;favjX!4N-?Z_s+4x`B_?K+_J{$kEjsJm-f854DV&iw(_>_(B zHu=i;RwrKh8*k!mZ`aY`x^z4ExQ>o7^*AjvSbBaZ$sLds^0#sMdAAao`I$E{?0w<=FMD4&S>!D^=zZn0 z*d!>pNGd4F3^ws`NtLJZsdGs&hAS4I)!^+~@@u+V^d^qQ#(R@X#-dnyCdRdNBQEv_ zi{HEwPYrKDSzSMsAG%%51R78fvn7`|(Qy)XBpTA&Jtw?L&&h+(NyJ@HK(zFkh7;TC zTy*G7^r!o&%A_Yv$9JMOZ{h`>)zvq7ZwWW&mz1@e2H2Mm@Hv&NsZ7-LAF9O%O(;$l zo27Y8Np}g=(DtYNHIPi{Gj7+mzSx;u9IdoCZEf7kc+8u zT$0ebuand=7;t=wk@rK)Q)S-M$TM;}FyoLpvqU2pQ4FIEp718(y=dHurICW0n1B=+ukIAl-XJD_34xlMjJiul9 z(>EZ*3D0vt`Z+>*9b9{V+9ORsNm+dtk5KvdYjj0-1L^8`j@?y~^gOr7vm-i=S9yFD z^xUmA3VZw0ACc$D@|J9QY7dn3`UkwJ+5vd`pf|z$eLF-c15MoMoi&NaHddVWK|bef z_-UuDCDtT7+gBuNdmLJ%_v1V*a$JCiVDzKYRfx85EBn(+d2`uYVuo;K*K!?-EkL?D zc9h&Mqy8!dn;d$UK2!)c2HL!dl74qd3~z`Jy2smFWGSy0;{rOQXpwo^l;gaX{`6BP zMW@KN$cKa^%co?`_yCB}B0aiAa>Be_hIt~DPZg)9DX%+aRbHX^g=N~m2Y}>hkzWDM zX_0sN_yo^SdXsJ(_ov4rGCAYK-S5)-J8#$c>G*kfjyJLI$OoCsDJ|Abs8Vu0lq9;- zK)UwPFKe&yCbJT$)G)xkT(9Us_xzCxyvqyFFT3jtNzQs7Jh-ixq}lO;9-XgPxMVj$6Q z*zRY)CylOx{?I`6K#Gr4?}$D*?Ct6pX0g(w=P;clbir8kV#kG4;oj>Csnmoe7g8JX zvxe;1g9}sU_#!S!14!*K4hN*b1!ORlrEe`!wjf*fAmYUf*-p9lQ6%e2JsPY%(Qz+) z=`qCi*2y#=M;c!s-G{DTX~KpI*ubkk9P`VYLWazAb&q`M2ruvBr6 z7X6s#^{1Z~q6@R46NG3~iyoGuJA~+jtmxZ>q>69SqPwJMP>8<0R2%SPAkP=T;Ph0| zpY(KM+{KlMl|I9+h?ef?+wS>$;UPKlE$N8wqfDmsnOfvD^dh%UG{Z4!J8FgU%6 zdvr@~w<}9@e3FQt?CSWWAb$DX9nga*PZjJxeYt3eCq;nH;&FHp86PgAjDwgyy^lLU z(tajvG%mvXNrwp3{pe`7m~#skohym>(L}?b=t)pO!vOtt_EHR>?=$k*GmLIs5WfO7 zK7c0;qIZnpR`jP2lWWOx4>y3H3{y~st3mmtFnQ=nQkK=5Y#0`2&D|f8@)KPhCko@@ zGM_5H31;r6mZjQzp!@h1g~Bv^yUtMZVZ8kFd`+M{we+L?8C2lc411Gr8` z#hdIVar92F7!$p6P%Pa>|8ED`G(?iWE{b;d8{oS3(JvId4Of%hR7KZdL3dy2wqKL) zVgQvT&2e<;FliX%8t9kZwKmDw>^O>WeR>W>fliI3JRbe&vE+RMeX5(rTFS!&=0mg( zn)cSqNt!q9mmzk%KDm=r%i2Z8GXN6ZNAcUWkA4edv&BJCe7f>KRsKCZkkXC!6to{7 z*K>SKPo9zeVpNnnj;*JuLn8i|8EK4TT^*0HtzLLit$q5L>;hF}e&RsV^B6)K;10sA z->0Vtx9-P77U@TnC3RcjQn# zB+)=S`nI8!26-zrU`m9dB7Yi>8RVu;)mU>pmh>Z-?sVX)c$(T4d81jlTwrI6b{&ieO<%&l6xp;lV`DZpGA6 z2{^|uOy3gqk%B>QqKpdD|1x0v@dumw)AYFQ_(b4`G&Jvhvf4vKqrN=*xE^zqtGAs> zUYtsMV0_}~AJOm5-T1XNFnSM3h_gq`G2}!-4^lHxkB)pwoKiwki@XkzME3v`b?u|y zg3|7L$(dB~cszR*4N%1+-k<&xxkBec@!2vD=fW`#9)LAA&4=G3>Hc&z8A<2O@6*rn zSd>>SB+a~UjN={%M^feQ(`i5frE=eg@X(bQ(Q;KMcaoW+^bPNl@xKAzwU2%a<1Q7I zRQWDbnMKMzg=!&KWD2&MC*OP${EY||4=*gaPZ(+Q?_BavdriGZxA`*IrLt&f+6I05 zsT-1CM^SDl0wmc@ttv;ajiO4kj#P?9lf4-{qnG_}>v8gz#>_50(6YONatNi#ARpGy zIGuQ?E*fqt9uv8Y#8d644q5}B@D&5DXvc=Zot z)nRTG{T7yP+kpaI`-mwj-S$7JbgK9hJo^`By^W{9WY%|in98SdmUoAfB5*43Uqa=% z^-{6_g(zgvoWLJ~DJlzhj%7ONAt)B3Y0imwgx8mQB6hvYM^xL{mflCAxCs`cUxsWr zb@W?LLj1nw#r?OhHci+ps_IYgfHDkZL9~;b*~8q3_3dp(PvhUXJK8 z`(Re0`(8Nxd@qG-Dlgl;M}$id8LqPQZjsrC%;Zig<4vZdBw_N@zE#w~Gg9UK2#r1| zekEc;!g}8K=VK^|AsX0TeDj+P>UaK)Dk$Gfwu}7zlusV^3quZ3rMM=5u+nW0!G1)8 zIJ)gSy>weLi%_YzP*Vao)hS*sDPzE!`gJHo>pY6qiP0(lES`>vmbsLNu0MT3SksDE zg))-MxiiJHWPAKyXg@v`2IP1*73k1Z+@$bXZL0VVt@u^0sXzU&P&_HCcnHYx#js+7 z7XAk*+$MzI!3#`j#d91feq5S)3q@18hUdd%6n{{Xa{>4*FJ!*}OqO?mT^&c+)>_n$ z|4=2PaIviaeNs8lV#x~V ziEnY?f886ZZV$$qU1IGGmp{}RZV6x^lN!D}2%`l^TuqTss}z9h#$Z&gUV(*6@PF+2 z|Fd7i*TImLh{aJ{Vr`5HBw7c9R@aajv~B8J8RSUR^N_MJm!Uj|+%ki~18eK4w zuWb?xwJ~Y7)aatRC{9@kS1ja`#YJ!!7Uxj;*`OdUCN85pV@uEnH#Ww%%;d|gEc4V` zl~oI^RW-F%y?0sFy!i}Y6S+1Awz`7R#dOTSETV6USf#IO<6M7rBSS7NIl?9CqMPga z$}u%+i4-6;eDM~Ikd{y+xQP~HsPKowtRd>#6mYp{1qN4?xkQ>hI~18cTX8(k?+S+D zhu^hCHrA!CD2|2qmm(8PV<;92G}3XXN#>vkD>$d<@*|*A@b}y=GMVvs=zaK=Or{$2 z4bU}2U&~}pAphX&nap~0$vMBxWZFU7K=**&2l@u+VbD)NFFlgUoQr3|KLWi1bm>25 zGB<+`{7WW7YyO-7{Wj>MZ)7shfgS~Y19bPBC=Ytm?=zX{cs%$d=nBxEfi}X9j|Vdu zdJ)zBb|&)}=(3}k%puU9;o;T0p!eVbXc_ANIo=CZgW{<+PX%|ZWd-eJ1?P+(SJDGH z!q3Iu;BPV+eDKHEig9?L#n^QGRpal8!_b3z*_mZ4&zyW^=^3||bh0l`S$xUd=@$a! zm&wCtQS)%rO3LLu?X=p|0av$b^ch8ZI*l<>?9EPwaYr zkkzvgd2NWPhkQ`BdZDL!jMj5AWWIqH7~g`3mVrHmNiM>D>V!-aVjMJO3O8^8ib*f> zcO!qPnIF%VC%E8_x;4D@#ywns&j8L*ZRkQCwb%ba`DvhI{vOJdtv6o(;7GtQfD=HzeJ z`Hvxg4bBttL6I=WiWT^jW{e=g(0L8Bv zc6}fD-vb?E88Xzj9ua+l+G-8-T!!=ZIvi*9)M`6gkRL!kUaM#G>x3Ny;k`WlO{_gy z@ULqI^cG7b6f&(OIj!C21&z`c1qeKX|JTaCGC@RK+-`;hb3hf zFrLaJbxAr$Qn#dal5UVRENQ2tJ(BiHx?9pdNe3hylyq29wfJY*g~AS(q;n*7OIj!C z21&z`c1qeKX|JTaCGC@RK+-`;hb3jxr2mq-B%LFvThcm7H%J~d0L47@e!UO1toDwyw`@$ zmAD#rr8r+htN`o24o3w-_EBoUUjarFHSTc`KVQKg)vLyHg>T0}0XtidqYD2=9OSc~ zzH6j2X=fe;xRRu>bM-0^#?CINSqV4w*`nQ~GF>M5(oKhz^VVdQ7z>7vkDyk&_RAs z%2zBF^8A?u4nKB~{~|8z`Rt$NfY&+T5eK{*_{72~%s$@U=OF*TIbO!r%SFuiJv!`v z&O!b);1r+B+``{)3Brmnf6C|A8VCFi2Yd(c3t+!m_mNMMP{(cu`Mrb}PSo>HX%6di zkblzwf5!pO0MECM_e4wt^Z7f?0l$pnWvp7pd73nIrGvcXfZrwc%(+A;*dX=X51iWN zCb}>o-7Wk1UI#sgalX@d=$6;Di$yUu=pa8G4Ux~^`40FB2mA&HJmi2s<$w=3;3E$B zXAbyS9tY{XLB8OCPawPycR?;g7>5AbU#w~HP0Tdtb>p9sxLWrV?(=jII9(U)m&_El2c-)OaATP-4%c)1 z)azgqa5^9VaJf*xpF`ttEZU9YX4l^#_1Nbp_d3-39pEl$n@RRN$iF7_|GV^Sku3CY z4)PxX&$r(}3A%p1I9%X>FXng|>$yZ!xLwwJ18|o-Hc7Js{xt{v4*@4T)q1_E|L=B? zA8^1&9B@|ekHjh~LRkOXw=rnNe47}6Xe{2;RN-gYeHpA+E3LNQ7NC{K8$;Hnme59D zi`5tlMWU83-pc{cuqwd@^NaHpm1SFT-F>#;mnub{muEbKsKdAt(z zu2{>g6*pYHtaf#cuKb#nE9*U2%zxSPH6Ff}zqFxp5p8-A#XbjOAB(^i#LH8+NNq`8^ak43g_Z}~JUlDwo2=GWBend0$6f_) zzB+w&HF@c&e0i;2np*+B9SAbTUKG~qYp{?$me;r9QM`fAdby$sTNOY|?o^>d%G*$E z>T!yn|CwD8?AGV*As}+G@;*r_u}h4t z7^~dn05L+_jXvTOM4Ow)Kwuo(9XkQguv8*HWJbXOZ!p~OP z+@;BWzGh|l06-g_$bbeK5zi{>t>P;U3MiyM|Lz;KV};p>wBLg2(`v&R8DNK&G4_73 zxw_)|ib$ZTBJW-yFkSBI!mlS7XK8N=V;c+|SnMAGVY#sj`AGY;V51b%YOxcBE<$I6 z*bYNO*pLER^!72?$S(4tx$5a_AKHS%*mFY{C2ct;62?E9r&)CiXqy%Uknd-rM#jo2 zIea@^0n~Y5Y!`G&4fV0lzsZR|CrEt5lNt0)P~JvV(6(DC9&g7jwKWYIkwoGSEoXDODLNFZ@P7ScP?8FLQUg8-%!i4uq}=9 zlt!*o_uw&I5WD5%n3(m5<~)DxWbf2{jEw$oL``kIBquv`6%y^9bEea@lMlpvGpQU0 z{^AB{IU5DJ)h;_(59gvfRFpkm`QBCaG1@39rxpr6%|%YRmQaQmL~V_dt)y~3xI4MM$8h%=B?;D)ai z_a)}d?SJB!-lNkaAG{vm$-b|(dXFx%xvV-SO3xed$Vr!X+P|4(DXHg0f@6$cznJCi z`#4Wmf|BC#cTQRj&MdFq%PH#0k*0TCx#@baSeh!N{8!%xD0+ny$KzU_?DqSB;*o~- zUwuEIXdM}cM1YH+e2kLb1iQY}m2fMTl4(~CYN^&NxyenHi5_y6x8OXZhSAtd!Z zgreB$iYFrUF410o7ch#6($8FAD7pAAp5Wvrd;5PI*=Bi{OUNtAzjZZKl*wa7{}H@d ze$I3ups12lDip8iZd-Y`EU&1&!>V$MK5H*OL)4_6zi(F^O&XxeNtQ2xYTAFuEpil9 z-{B~Ed;DHP29;Osuiob=>eCrQgK9se?-#c6>b7M_{}$Qb-KR` zF5CZA`BIdpzOTxw_upYz-Yw%Vhas&`+4Vh?C7)Dz_5ITBTSSd@4(+GvpNzt0dHwu< zgD7w7e!6~<%h-7+OuAJ4?yxMkLC`%aL$J&(sUp*4{c{u`>EsRKV3rLhTPc~;<|5Dc zZs3Hqsy7yrM3b#mi>Pk Cra2@4 diff --git a/src/common/p_main_c b/src/common/p_main_c deleted file mode 100755 index fc2f76d2e14ff5d12a0a4fbe8d4f2dcd5f67991d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33584 zcmeHQe|%KcmA^>{L`4%;(o*opfM`)9CgHb=2EyP(3C4sd{(KoG6EY>q#Q6b18ylLW zWjf9_T4|}R7I*E|?T-~*wJd@}QIhW3Hrl$fTdmQB?L@SV5w~nrX20kDnmdnq{jBbO z_Mgq=lR58v@44rmbMAfj-S>lgzvN!MDmN#Gsg%dAV8k`d5lDs1D7{l2fK;$0>~#FP z*tu*X_z4^n`4xg7SENI^nY2LSd7xBo8XaVzX9<`osw^Z*<(yK{43VQKD-t}F%cnyZ z{UEvcuco)p6uhElIbL6ll(*6RNdi~YEJv}axmo1bY|NyC(uqe@K%|`%E-Ke7%Qee# zidM*YDyoW;I{I58<7ua*$fKmFy_XQwMgF{UWhL8$mA-%T={tX9_N)DF931&UHXp>#=0VEv*6m$Wp_YYDVPJLYvPSu}6af|78s zq@3qdF&F-*PhGX9o}pR#36o)Dxm|)+`Y3Oz%qRI}tKuae!qjB3movv9Pq0g@EQmF zJO?|A&^X!byaOE|8-Bn+PoaaqH#^7=JH$EUP;a+`p0^$FjShPDILP-n*z>wWeC~J9 zbHV{{a%dN~gPna2@>e^=`7a&xv^(gz%|ZTIhd7+(;McVd@!9Wy&vUTnfCGM~L%m;h z(7)LsK8qdne9@uaZ4UU~I^f$K;`tc|`6dVXuRFy56$d>xIOrL3(DSN899kXZZ*r*j z1&8=w>0r-?4(;+!4*FpxbK%dPW;*D9%0bU6D9ARBZE?WQ2JXV2JzWgIWe36g@Rv>h zbq@H$4!GqIpHlcc3uWx-ddN>QVS-CEg|Fl^$kQt*y2i{UQH`Kse$Lt*x$X3AXvyde^u3nPqKg4Ypa~h&L3mEFqdz zu&!>kwZR{;ni|>K)pb_bAKK&(S*`v^bFh(7=H^f!;^#+|Yu8zA{>}W@>+|{BBm6Kd zN|S6LYz5i^P=?=dvtKBnVkG15uo}G)FE11FdmGucHSRUM6cq`FTX+uH;tz#_A#RSZ zCE#z1nCAF`ZEb#^sF^f3h5Tvjs2X3Oy%`>~ASPTP32~)H^_5jM9(OH=+q|u!JjswX zkk{o%Uwe3?ii*$M(z4#`+sN}(B&eJ(8VZq}qVAK5OD{5tbGtJl;0tYOj|6p8n*AN& zNT_^$w28TEYpwQB02T1agsrA_R#|&v&Dv{)`_WBS#Mf@E541Hh95?!#ywR43)e;Q0 z6CaAU5or&$w1^Ht92E$*`+1J9B^dS-*c52-w*~14Rf|@@F@;hH2HF=`-p0m|Qb3I@ zq(x1#S4j1$slf8Om9#VjMXZ||TWU77g086xwuIdQeiT`3S-y^rva+)B_1<{q7 zZK>t1TZFSiR$p_CP&3~bXcLw!2?WCyiuo5*!PS+b9${o#hr4`w%UDv>5#X z^Lc+ZD}=R%DG01-%3`Z_O`VhXbqlPzh1S|K%Z)0n4ILd;yFU~Tws~6ukuBDyQZo1& z$I_0mTgbyJ~Iu+8gnA zpo_QqTQL++R-3PV3sIaWAdOreLvV;hD9a*MzKxczd85_j4YV+*$IwQ1b@S<1oaCB~ zZlc37E){9?&7Di^B4RiAV3p4F3H++cN^5>esU9P64DPDcRVym3@{$Gms4RUrKYdtU zvXE7-Teo~gl~o37(uXBWMagyRpk2y~aOza0GL;jU2qBW?ojPABr*3HZ$i zPqKOZIEPJw>_k?8Ux7~qm%~m$E*<4cO{dCy(ndN6pNQkrxb$Rjq?2kDc2FLbpTH^I zr{=KV;2KHywJ!YCT(IRd#wN4(fl;FT$Blf~+;-g7=CcoV{scB6^J^eKH4r$Ru~XS8 zkRqM;-SbTx6|gfU{{-hJv2!FJogO%ao{U@wo)UTcqM`3skJ25`X>6gC-}2Igca z$H0rE{WQ(G+`!d53nApsFI1MAPZ3VfG*nXaFT$%82&(3HgkNpoYJNxfH3r^K6L}y$DQV!c3-PQ`1DB5!Iey&0RonB7HldMZ z(ZO{pFz{0~igU%l(ZO|^X5f=GihgY1ryKYj13$ySOAWlxz?T^K6a%j?aPz*vW8h~R z@-+rd&(Ty`XW+#O1Z^NoK74EaF=pKahn27bPQA2RR@41CzY zKX2ek1D|8yqXsUAJf3^pz%Mf7nH*=R|Ian>0t2UeQI(1ee4YY9rx|#Ofx8U+5(A%O z;H3s$YT$HLR%wZW%ORd;RT%huB@F5@@C625W8e!7e4T+WGVlfiUu@vb2EN3=+YNlF zfp-}Ar3T(*;FlTrHUnQ~;C%*urGf7-@CpOpY2eEZ{1F3RVc@$A+-=~y4Sbb>_Z#?C z20nf`9)a-)j7Q-AO9b98Jm*iI?sp12@%(?e7MGvi{zz_W$kY9N!2uqE)WWY-Gd7kw zKMqoOE+hG7${8DZGnGp9ah@j7VvHgcWjY2rIJvRv~t;T;<((>zUd$3|vqo+h|s zBU3bg2Iq4$UQPAGrrh6?^`o+h^NU-LAfh5wqTi7forJWXKXzvgM;3jZ}v6IS@I zd77xgf6dbb75;0UCZ_OT^E4ra|C*%~*E~%y;lJi-VhR5>PZLV`uX&nC!hg-v1QPyho+gg)U-L9! zg#VhSi6Z>hJWUYczvgLT2>&%t6GHf}d722qf6ZUQ`S(6j{?o({?XP*7@WFr0(?k#c zYn~=}@L%&Zv4j7brwJYW*E~(+;J@Z+0tf#!PZKxzuX&oV!GF!uL=FCHo+fDUU-NVW z4*xYz6E*m+d3pc<|20n&HnjhT%Kr+^zo~eP4xQJ~=&+LU@d3QQDwDs}#@E~UY8&si z@yl%dLK{EN#-DHF&$jW!HvV)QpKs$o_GJ3=fsKFH#vifquiN-nZ2Zq{{0laIpN)Ug z#{a~|f8WMGVB@#j_=Jt`weg)cK5FAzZM@&c-)iIQZG5$jciZ@7Hh!UvpJ(IGxAAA& z_+lG>x{c4b@gL(J!R+53*!XvC{1F@fx{ZIu#{b;LzhL9{+4v`I{7-EB_ig+GHh#N} zPuTcg8{cW;qc*Kk> zZVv_(Oh6LLwgT}a^6wzB^mwEgQjH$^fso}zNyGZVUq>#Uk%P+i|$b~07u~E;n zzrWJ+?D0HL&Oy&hCn8g!AYUpdNDVjfc2wnQ{?fJV$kk98om=neUiLWMC3<2n{s(#oyTEEtUkHTeasVgA3q44 zL@IJ}h!#Foe{5Tgiw-@pf#d*H8Fwe?_)gU3i9O4+y8EZ?Dd6V(g0gnefcvupe9k3n zDiSsQw`%c16N;0?W@%niyrO_=xb08bYap4zrz%`M{gE@cJY>IySt$^+K>T|4KfNx&)icTr7Ej{FcgMm>_!M^@z<1OiV=uG>80i)dKL6+(He!l1IhQv^LX* z;mTG#kCHLp1f;w3zJkp%>c663lSBVNA1nkK{cWCD!9Ybp1aF5AR!p|H$Rb`b#szdp z(IWG-DgVT48A$&9anUK#E%F{A@!~%%*Jk_yh|wZ_x-Fvi_6&U6?0R}xZ5Ik23T{Fp)$bB`W9C7Jsl;t=_x+=Q?Lm zg?p@ADs}q8S=4y^tRZ`L&C5iefIcFO%8 zMbf_1p}{(0op-~RF4K`D2EBxPCk5eS6zJ}}JE!pLPjR>M|BhEeLrZQ2RX31)o7Yub ziJJ`R?h-OAk$;aCeU;}8B=-x^X=%~Zg=j>J{#c6MCq&=9LTi1CkVO8?T6C)v4G7Wa z(xN{FvOfm~C(kDRad#KSU0jJ+;ZyALaN&LZ+uYw19+D$lq$Ah8pGp-zRgIkboyhGM z&2WU;4jj4qeRPSZp%yJAfOhI5GF0Wq&_@qpkV~cqxl51Er|##89Z)5%K#8N1(jbrW zA5pUhWl_ahFgSS?_vqHlZdVlR{3sSZ-rf08PV};^ozR0RPdV&=d%0+c$3%d}a5qR- zn?(LgJmVmyPru;UK=KUOXk3J!Asr%6-#|yZ)tptWUhcwi#Ts+MLg zB(q}A#ofom#dte6s`xJ4S<6lw=7#5A&U@8Ba_U&x>TQ`(^kfc!6&L~sF(SpDe4c){ z_v6<*yD+8b-bY!iaNF5%#S`x(ar91)7!y5mP%P}B|JQ?T8Y0PG7e%}GHE`Yg=obp! zf~)afs-k;1r? zB=2MBQ@u3S${ECaXdg7~)t8YpZ`vy%cC;?Oom9)(MaJI%i1i-EZ}&d>&5g_x2YJ!i z%Kt?1kMO`sH{Rbv`_V~#M5oYKwQsta0qip4%I;t4Rl|B4_fIGD2vzcMu|a@n@<7abGHsW{1d@{h+8m_jPW|q zSNDp(IwA~w8BdL*?g5fW)IUM`B=qawQxlN65W*#+yK{&|=K#UggIac_RQ@6=MkDs7 zmEA$gxZFT;4X@gLD9&{s61FZyk^M9^Os1%C%uNFX{^~J+_3fnoCs>%$_Xt=~csSO# zOEJ|{0(W3K~qlt!0kJSP>_e}$VnkZcpy4=mB4*vk?3 zpf3INyWAZbl=Z~mcU;IEU+Ziqu?HvdZb-$Re1d+r@4~OGYoXtggg9@->_$#u^zis7 z@^zah#K|lqwa6{-KGr(~!R~$Zn^V|(H~fXSUz?`9-ND@(NOn=1(pi{)pUlH;#6}Jt zfHgMFwd6Ru_8u<4yY`j5QxxyO^GMlE5*!hZB#M7eCm_Y1%9SH)>$LkLK`ms(Yho9jiDW(*Sv8prme@b*A<)jzyV z{?cgO&4+k)S3nNlG!5kgDjMem9{-DO`UV~Zlc@t_YK(?YJ~E2a`0)(;cfz{(c77oc z^~x$&Q!BhcrrTP9L`5r9ajWP=?%qegxrIIVp@3lW3VXgvrSUvQo8^&am2wM;V|aWm zyTe_=CKdSaQ5VXnm%O>qh;FDB4^T#o;~6L7ZM?qB6S4apK9<|g zwqzxV;`UpNyS-$?$>Z*C3FdcH&porbmb=}DmosE_9?#uPth2LUf^>=XDF?6gV34Lbbrk; zYC8Qqiw4nc6G+Lv4m`B5x8PPP5$o+kmT1I&3Vp112LTPRHu+o{;JM9i743prCsn{bCA5|6^8GqX&>C zhzsR|5Nyy$jLsF!kJ56yP9;g|7wERUJSzWwjKw5VzzIUUL{C~oHy z5f_c`iTtPV^iOoGi_1lzrt)4>+=^FY()IO(B=R57qB&A@gkpj_oOrLQ;#H~?MF}&Lo~2G_{umP)HytW#V_Htq0E1V^2x($ zVaOm=ifaN0E9|)+_9Gg^(GBORg+1{!LZvpKrWkJL6TDnp#(+2VEl`Noc@V7=p*hdu zDO3@i^7m5pD13*o=2v*BDO+ZcBl-96*bXEE(0=r67?9!JHx6UaIUBb}d_JAXKTc0= zxZq z0Mq2XXLsjewxt^N-=*unn^!oHj8OeF+8#zoen492s`^Iq7Gc+ucm*t@^Ftuw9=C|Z z68TkH*_Be+=S88ebfGAaK2Mws6YoU%Hx~M<3N+_<8jrwu1jZvU9)a-)j7MNR0^<=F zkHB~Y#v?Euf$<3ZA4Y)w-!>&IuHkC-wl#*Ey&L_ma1<+ugu^zJ{>!|-@lqG7_51vR zP5clGZD1t{mspO%*BoeRto27AA{LvFIP^z1x$r;jjVd+=BF!$b_J+$BY;AAxV?piPezU(MIPkd=tVQCwm@j1nYT`+`>2kQuaA z02Zp?Ic4RGxr#D&vd_W>R4L2x^*0(_Fp{rr5(u_2X|~kpqPi%4X$e;(=#s@n&=^+q zQ2FVgATA~@qdsR-zza9lM>k!_mswfvuCvO@msnR-R$FzR<>d<(F?>bj+UVcn3g9iH z`l5)wC1PdX^7Zq53mO@6X~_{TQ4`)+$5)Q2R7<1)spN~dXoR!`LxByn00Y)X@V0I6 zV;urtdpoNSdpG!9E?R!U6=p7x=FJO+=FL+a&-1wg?O5l>wM;hJ#jY@pMHDVZ9+<{p zB;s$R<6x7_p}v`3L_wm0E`` zTl#7$)dAWDx*POf(APj;1pNr~;zOy_S$H!01nA|USNv-#bqnawZ&Il*f*u3?F6e`= zrBZuA4}-o2y6bh62fg`?RBARJ(me*c67(NI8)3&Ehf^tf9n|qwD)lhv(|9g52)Yu_ z-QEFZct~A@`rUZ%vH%oM$9c-Rqn71#6y?mAJgJ}$a)jfn0yg~XR0<#bLBS+ER$^>6 z{_q@~ZF@15a-m*!M$xJ>rd?fl+U9~TcIEU-FPcAl7EoUP7SOIC)JK3!q&I@U4#KIt zOjH-W7`*Mbsnk5O(|tzKS8^*)pO`m02PSb_=#|1o__;MBzk}zykoO|}!T(D5rOUg! z^YRwvk_tvLqxd_D*u)S+Epr`Yf_YkID)iUjS=!TPJ*4L+yeh6|3G$M7$m%8^l&v1f zESRA6+ya?X@S^0~5YaNwlN;wE+@~(cG$FGA~U+)=Zd zx89`hyoo+KL$#p`dDLEihw|rvPWT>_DO+z!>zIIekqllsr}Nv>`LmHfi2MdKKlcW0 z<4WWgp#N{n$p4bgZ$y4O@?)r8*Pqv=+qDPz|BCbGo{ao$I{#thuf};oKIrm>{m&!6 z2KhfU^K&24^&ckv$X{jVcc%TDKz-p~QYq>`T7T{VEScVMsi3dcV zptf2KJ(u9Ty&lJDJ=NNd7UcVpkJtR^{2E~gL3le(e^aUt=X^Pj?as}AH|)7nUsCJQ1i z!Z@b?(n_guxuASZ#GzV`Xoi6K8cK9Xb1zD2{UI7}DdDot(+4L~K|0t)V>yznmaU`z zTZ=SN5H>3FPnCSL%#dOXA0F|9&lWP0EXE#b6)-L-JWZ43Xm$XaLK1p{u6XYWFMt^{N-R&QR5#6@$*IeQN3zhSNJv@ZvdYKJFmo7Y?SzYALz5d<g2M+K^gQi=&qqJb=I;szyb5>` zuDa9OMZM~`#zFoT2mE!MNG`g1+w}M$KZPu+5t`L?DZ=#>u`wCv^JK-{4*C-g_@fT^ z$G~SPXAC+G24suRTnD_G<3(&isZc`qhLma@tb(K&`?esA=2zM5@jBpNcfkJ^_)OTZ)_LTUDAe(SgZwWE&z+*@r_vnuii7-^ z1OAZ%J{1$fZ0mSm06d$&OC0c(94}&PWt`8GhTiNTA929HA@$T;Bos7AJ&ypVcDa)- zSV&uCKmVnJo;Pv6(>SU2=ea->V;?xkFGWLS^YnOmzy}@hBM$f^?w54N zAZI$@GaT?a4)`p>b8(mCGL+-65;&cA_Hp=H2R%NAI9m?#U*>obd+uUU?>(}8AE$aT z4^iu!s&(TBC9c*vMYwqS4RE?%*vI)K$7itPa$X_D*}K5AwfiF6m{I?kC9ij@WPw_a ztI}!ecfh~ofbVp`_c-7OffpeT_V~Z-Apai@cmZxO$*-#~6t)MX3#&Pv_D3DHNO}8p z@J`@#KK5KLB>D4a92TP8vgyB9>aovT9&)Jnr@&px2!sC0LH=#2|1%c};ia<7hYs=u z=;GP-J2)G7*8bptU(4|#woBH#P1f56+$E1q(&>PI%R&F6z{yUvKCkNkFF42_alj|x zK}R;fSe-8vDJuzL&2R7efEDp>U;x6AXj4;(kEQozup+G%-te{gX|?gjptYeTxE^o7 z8Y96_*z!g@n0hzah_$@4O7Q&@EN>{}-C|*zfzTG#6vDOzR%5iam6jYgII;hNDeC;% zjaJNGy~MHtLB2A-b<=_}zI=HEOYRdApoP-C5xkDH@Y)vJ3SiyysE_ld0W8&j)#__k zEMJWx(e+l9h2`fLc^ZB6-ml!f{?9CA@3?$Bt!uxkc6qhia<5rQn^suZqRMi6B2XAv8H<3o3cexlYWnDQ zl)Us*zQtB=&n-XS7er=eZc1TQU5gdmVU*y~DOgF$%eE1-`CmMpbj*+{Zh^=F6#ZVpX zoRAR|b^2v)o?F7JY~qr%<4cqM z+)c~!!GKOy8Bl*C;#rP(N}d7==}*252W?$pHX?1jp!&4hg+>P0p=FE>VQj9hyrCrI zZz{>UX$VZ0+q>|K48~mAq{7$_LkAWcNkCY9bi;k54O_5difOgj5PD3vHgJ)h(v|S`a|Kv56Wb%gW_Y?sPR! z=Yg?@&`CAaMLzj%C%%jz@tsdH5QN0ook#A9Q<1Sj2XzLV$^R?nG-p&!{gt<++|VW? zllQ^Q-I8o3z;-$z_!I)i;fUA@D81v4eM=OfpYK;Qh^Ky z{_L)489N45sO@&r9?nN~s0aZxH?gXV(2h|VwNUVBE^^Yfgfhe+YHO5qC1s1yC7J>o zq9LPie4-8A_?~Si>8H-Gd%E1~=cGN~Y^78uqHB=fX-bVXH+#d)tfX;E z8>$dA5)wJs$SzFZQgSiLSjY?cTf9_29<{ebSP37#N^n@RAqbWZ!hRnsp)-?}(0+E1 z4)S?wiN9IiaW!KnG|izJY}w@RpndUhGf128ajoLMP3Ta^sNCBcfO?@2XCN!VU0^Hj zQOrBuPj^i3-RTh!UL){i-~U>@cbC~*Rvi^5KP|s=>*AJhIpJb7lBR;E!Ue%hL-%B=y~c`rbj+Z}`ouWUm zm9LmB1Qb_^H?veyl~eQ|Y~|H+ctvw5Xhu@y6to`)X8r2> z97WZ4J4)Ub4)%g9ui9U|-&1s}&JY?@`zd`tx0P4#e-(XA2})|O|2MYs4Ru0LQ8f-I zHTL?C*vh{n-&ZSY3m=b_(na)-_&WoC^0e3Q-_`!^_IRuM70pBN3yt#XeSgEv0FjiO z;L^Op={Yd zKA=IAQsbP`p~@-#926!@)nCyr%QXnPTV)8ARYL*zw+x8U^WwhFm|Yg6E@d&0;zgME -#include -#include -#include -#include -#include -#include -#if !defined(OPENSSL_SYS_WINDOWS) -#include -#include -#include -#include -#else -#include -#endif -#include - -// #define STR_PSK_IDENTITY "psk_identity" -// #define STR_PSK_KEY "1a2b3c4d" - -#define server_port 21111 -class HdcPsk { - public: - HdcPsk(bool isServer, std::string& inputKey); - HdcPsk(bool isServer); - SSL_CTX* CreateContext(); - ~HdcPsk(); - void InitSSL(); - // bool EncryptPsk(string &buf, AuthVerifyType type); - // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); - static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); - static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen); - void HandShake(); - void Event(); - // void Dispatch(); - static int HexToBin(const char *hex, unsigned char *bin, int outLen); - - bool environmentSupportPsk = false; - void run(); - private: - static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; - constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; - bool serverRunning = true; - typedef struct { - uv_poll_t poll; - SSL *ssl; - } ssl_handshake_t; - - typedef struct { - uv_poll_t poll; - SSL *ssl; - uv_tcp_t *client; - int fd; - } ssl_uv_client_t; - void ConfigureContext(); - // char *clientPskIdentity; - // char *serverPskIdentity; - SSL_CTX *ctx; - SSL *ssl_cls; - char psk_key[8]; - - bool isServer; - // unsigned int maxIdentityLen; - -static int create_socket(bool isServer) -{ - int s; - int optval = 1; - struct sockaddr_in addr; - s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) { - perror("socket"); - exit(EXIT_FAILURE); - } - if (isServer) { - addr.sin_family - = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_port = htons(server_port); - if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - &optval, sizeof(optval)) < 0) { - perror("setsockopt(SO_REUSEADDR) failed"); - exit(EXIT_FAILURE); - } - if (bind(s, (struct sockaddr *)&addr, - sizeof(addr)) < 0) { - perror("bind"); - exit(EXIT_FAILURE); - } - if (listen(s, 5) < 0) { - perror("listen"); - exit(EXIT_FAILURE); - } - } -} - -static void on_ssl_handshake(uv_poll_t *handle, int status, int events) -{ - ssl_handshake_t *hs = static_cast(handle->data); - int ret = SSL_connect(hs->ssl); - if (ret == 1) { - std::cout << "SSL handshake success" << std::endl; - uv_poll_stop(&hs->poll); - } else { - int err = SSL_get_error(hs->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); - } else { - std::cout << "SSL handshake failed: " << err << std::endl; - ERR_print_errors_fp(stderr); - uv_poll_stop(&hs->poll); - } - } -} - -static void on_ssl_event(uv_poll_t *handle, int status, int events) -{ - if (status < 0) { - return; - } - SSL *ssl = static_cast(handle->data); - if (ssl == NULL) { - return; - } - int fd = SSL_get_fd(ssl); - if (fd < 0) { - return; - } - char buf[4096]; - if (events & UV_READABLE) { - int ret = SSL_read(ssl, buf, sizeof(buf)); - if (ret > 0) { - buf[ret] = '\0'; - std::cout << "Received: " << buf << std::endl; - } else { - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(handle, UV_WRITABLE, on_ssl_event); - } - } - - } -} - -static void on_new_connection(uv_stream_t *server_stream, int status) { - if (status < 0) { - std::cerr<<"newcon error"<loop; - uv_tcp_t *client = new uv_tcp_t; - uv_tcp_init(loop, client); - - if (uv_accept(server_stream, (uv_stream_t *)client) == 0) { - uv_os_fd_t client_fd; - uv_fileno((const uv_handle_t *)client, &client_fd); - SSL_CTX *ctx_tmp = (SSL_CTX *)server_stream->data; - if (!ctx_tmp) { - std::cout<ssl = ssl; - ssl_client->client = client; - ssl_client->fd = client_fd; - uv_poll_init(loop, &ssl_client->poll, client_fd); - ssl_client->poll.data = ssl_client; - on_ssl_server_event(&ssl_client->poll, 0, UV_READABLE); - } else { - uv_close((uv_handle_t *)client, NULL); - } -} - -static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { - ssl_uv_client_t *ssl_client = static_cast(handle->data); - if (!SSL_is_init_finished(ssl_client->ssl)) { - int ret = SSL_accept(ssl_client->ssl); - if (ret == 1) { - std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; - uv_poll_start(handle, UV_READABLE, on_ssl_server_event); - } else { - int err = SSL_get_error(ssl_client->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(handle, UV_READABLE, on_ssl_server_event); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(handle, UV_WRITABLE, on_ssl_server_event); - } else { - uv_poll_stop(handle); - SSL_free(ssl_client->ssl); - uv_close((uv_handle_t *)ssl_client->client, NULL); - delete ssl_client; - } - } - return; - } - - if (events & UV_READABLE) { - char buf[4096]; - int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); - if (ret > 0) { - buf[ret] = '\0'; - std::cout << "read from client: " << buf; - SSL_write(ssl_client->ssl, buf, ret); - } else { - int err = SSL_get_error(ssl_client->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - - } else if (err == SSL_ERROR_WANT_WRITE) { - - } else { - std::cout<<"disconnected"<ssl); - uv_close((uv_handle_t *)ssl_client->client, NULL); - delete ssl_client; - } - } - } -} - -void runServer() -{ - uv_loop_t *loop = uv_default_loop(); - uv_tcp_t *server = new uv_tcp_t; - uv_tcp_init(loop, server); - - struct sockaddr_in addr; - uv_ip4_addr("0.0.0.0", server_port, &addr); - uv_tcp_bind(server, (const struct sockaddr *)&addr, 0); - server->data = ctx; - - int r = uv_listen((uv_stream_t *)server, 128, on_new_connection); - if (r) { - std::cerr << "Listen error" << uv_strerror(r) << std::endl; - return; - } - std::cout << "server listen...." << std::endl; - while (serverRunning) { - std::cout << "uv_run" << std::endl; - uv_run(loop, UV_RUN_ONCE); - } - uv_stop(loop); - std::cout << "server exiting...." << std::endl; - -} - -// void runRawClient() -// { -// uv_loop_t *loop = uv_default_loop(); -// uv_tcp_t *tcp_client = new uv_tcp_t; -// uv_connect_t *connect_req = new uv_connect_t; -// uv_tcp_init(loop, tcp_client); - -// struct sockaddr_in dest; -// uv_ip4_addr("127.0.0.1", server_port, &dest); - -// int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); -// if (uv_status < 0) { -// return; -// } -// uv_run(loop, UV_RUN_DEFAULT); - -// uv_os_fd_t uv_fd; -// uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); - -// uv_poll_t *poll_handle = new uv_poll_t; -// poll_handle->data = tcp_client; -// uv_loop_t *loop = uv_default_loop(); -// uv_poll_init(loop, poll_handle, uv_fd); -// uv_poll_start(poll_handle, UV_READABLE, on_tcp_event); - -// uv_run(loop, UV_RUN_NOWAIT); -// // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 - -// char buffer[1024]; -// while (true) { -// memset(buffer, 0, sizeof(buffer)); -// char *txbuf = fgets(buffer, sizeof(buffer), stdin); - -// if (txbuf == NULL) { -// break; -// } -// if (txbuf[0] == '\n') { -// break; -// } -// if ((write(uv_fd, txbuf, strlen(txbuf)) <= 0)) { -// std::cout << "server closed connection" << std::endl; -// break; -// } -// uv_run(loop, UV_RUN_NOWAIT); -// } -// std::cout << "client exiting ..." << std::endl; - -// uv_close((uv_handle_t *)tcp_client, NULL); -// } - -void runClient() -{ - uv_loop_t *loop = uv_default_loop(); - uv_tcp_t *tcp_client = new uv_tcp_t; - uv_connect_t *connect_req = new uv_connect_t; - uv_tcp_init(loop, tcp_client); - - struct sockaddr_in dest; - uv_ip4_addr("127.0.0.1", server_port, &dest); - - int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); - if (uv_status < 0) { - return; - } - uv_run(loop, UV_RUN_DEFAULT); - uv_os_fd_t uv_fd; - - uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); - SSL *ssl = SSL_new(ctx); - SSL_set_fd(ssl, uv_fd); - - ssl_handshake_t *hs = new ssl_handshake_t; - hs->ssl = ssl; - uv_poll_init(loop, &hs->poll, uv_fd); - hs->poll.data = hs; - - on_ssl_handshake(&hs->poll, 0, UV_WRITABLE); - uv_run(loop, UV_RUN_DEFAULT); - - if (SSL_is_init_finished(ssl)) { - std::cout << "handshake success" << std::endl; - std::cout << "Cipher: " << SSL_get_cipher_name(ssl) << std::endl; - - int fd = SSL_get_fd(ssl); - uv_poll_t *poll_handle = new uv_poll_t; - poll_handle->data = ssl; - uv_loop_t *loop = uv_default_loop(); - uv_poll_init(loop, poll_handle, fd); - uv_poll_start(poll_handle, UV_READABLE, on_ssl_event); - - uv_run(loop, UV_RUN_NOWAIT); - // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 - - char buffer[1024]; - while (true) { - memset(buffer, 0, sizeof(buffer)); - char *txbuf = fgets(buffer, sizeof(buffer), stdin); - - if (txbuf == NULL) { - break; - } - if (txbuf[0] == '\n') { - break; - } - if ((SSL_write(ssl, txbuf, strlen(txbuf)) <= 0)) { - std::cout << "server closed connection" << std::endl; - ERR_print_errors_fp(stderr); - break; - } - uv_run(loop, UV_RUN_NOWAIT); - } - std::cout << "client exiting ..." << std::endl; - } else { - std::cout << "SSL connection to server failed" << std::endl; - ERR_print_errors_fp(stderr); - } - SSL_free(ssl); -} - -static void on_tcp_connected(uv_connect_t *req, int status) -{ - if (status < 0) { - std::cout << "tcp connect error" << uv_strerror(status) <isServer = isServer; - this->InitSSL(); - strncpy(this->psk_key, inputKey.c_str(), 8); -} - -HdcPsk::HdcPsk(bool isServer) -{ - this->isServer = isServer; - this->InitSSL(); -} - - - -HdcPsk::~HdcPsk() -{ - SSL_CTX_free(ctx); -} - -void HdcPsk::run() -{ - if (isServer) { - runServer(); - } else { - runClient(); - } -} - - - -void HdcPsk::InitSSL() -{ - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); - ctx = CreateContext(); - // if (ctx == nullptr) { - // // WRITE_LOG(LOG_FATAL, "create context failed"); - // return; - // } - ConfigureContext(); -} - - -// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) -// { - // RSA *rsa = nullptr; - // EVP_PKEY *evp = nullptr; - // string prikeyFileName; - // bool signResult = false; - - // if (!GetUserKeyPath(prikeyFileName)) { - // WRITE_LOG(LOG_FATAL, "get key path failed"); - // return false; - // } - // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { - // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); - // return false; - // } - // if (type == AuthVerifyType::RSA_3072_SHA512) { - // signResult = RsaSign(buf, evp); - // } else { - // signResult = RsaEncrypt(buf, rsa); - // } - // if (rsa != nullptr) { - // RSA_free(rsa); - // } - // if (evp != nullptr) { - // EVP_PKEY_free(evp); - // } -// } - -void HdcPsk::ConfigureContext() -{ - SSL_CTX_set_ex_data(ctx, 0, this); - if (this->isServer) { - SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); - } else { - SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); - } - SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); -} - -// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) -// { -// std::vector encryptPwd; -// Hdc::HdcPassword pwd(); - -// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { -// return nullptr; -// } -// if (!pwd.DecryptPwd(encryptPwd)) { -// return nullptr; -// } -// std::pair plainPwd = pwd.GetPassword(); -// if (plainPwd.first == nullptr) { -// return nullptr; -// } -// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; -// if (localPwd == nullptr) { -// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); -// return nullptr; -// } -// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); -// localPwd[plainPwd.second] = '\0'; -// return localPwd; -// } - - -unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - thisClass->psk_key[8] = '\0'; - std::cout<< "psk key is:" << thisClass->psk_key << std::endl; - // 动态加载 - // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); - if (strcmp(identity, STR_PSK_IDENTITY) != 0) { - return 0; - } - - unsigned char key_bin[32]; - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - std::cout<< "key_bin is:" << key_bin << std::endl; - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { - return 0; - } - std::cout << "PskServerCallback" << std::endl; - memcpy(psk, key_bin, keyLen); - return keyLen; -} - - -unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); - std::cout<< "psk key is:" << thisClass->psk_key << std::endl; - if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { - return 0; - } - strcpy(identity, STR_PSK_IDENTITY); - unsigned char key_bin[32]; - - // int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); - int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); - std::cout<< "key_bin is:" << key_bin << std::endl; - if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { - return 0; - } - memcpy(psk, key_bin, keyLen); - std::cout << "PskClientCallback" << std::endl; - return keyLen; -} - - -void HdcPsk::HandShake() -{ - SSL_connect(ssl_cls); - int ret = SSL_connect(ssl); - if (ret == 1) { - WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); - } else { - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); - } else if (err == SSL_ERROR_WANT_WRITE) { - WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); - } else { - WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); - return; - } - } -} - -void HdcPsk::Event() -{ - int fd = SSL_get_fd(ssl_cls); - if (fd < 0) { - return; - } - char buf[4096]; - int ret = SSL_read(ssl_cls, buf, sizeof(buf)); - if (ret > 0) { - buf[ret] = '\0'; - } -} - -SSL_CTX* HdcPsk::CreateContext() -{ - const SSL_METHOD *method; - SSL_CTX *ctx_t; - if (this->isServer) { // TODO: 待重构子类,先按照样例实现 - method = TLS_server_method(); - } else { - method = TLS_client_method(); - } - ctx_t = SSL_CTX_new(method); - return ctx_t; -} - -int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) -{ - long len = 0; - unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); - if (!tmp || len > static_cast(outLen)) { - OPENSSL_free(tmp); - return -1; - } - memcpy(out, tmp, len); - OPENSSL_free(tmp); - return static_cast(len); -} - - - -int main(int argc, char **argv) { - bool isServer; - std::string inputKey; - if (argc < 2) { - std::cout << "Usage main s" << std::endl; - std::cout << " --or--" << std::endl; - std::cout << " main c ip" << std::endl; - std::cout << "c = client, s = server, ip = dotted ip of server" << std::endl; - exit(EXIT_FAILURE); - } - isServer = (argv[1][0] == 's'); - std::getline(std::cin, inputKey); - HdcPsk psk(isServer, inputKey); - // HdcPsk psk(isServer); - psk.run(); - return 0; -} \ No newline at end of file diff --git a/src/common/psk_original_change_1.cpp b/src/common/psk_original_change_1.cpp deleted file mode 100644 index 3d60344b..00000000 --- a/src/common/psk_original_change_1.cpp +++ /dev/null @@ -1,712 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#if !defined(OPENSSL_SYS_WINDOWS) -#include -#include -#include -#include -#else -#include -#endif -#include - -// #define STR_PSK_IDENTITY "psk_identity" -// #define STR_PSK_KEY "1a2b3c4d" - -#define server_port 21111 -class HdcPsk { - public: - HdcPsk(bool isServer, std::string& inputKey); - HdcPsk(bool isServer); - SSL_CTX* CreateContext(); - ~HdcPsk(); - // bool EncryptPsk(string &buf, AuthVerifyType type); - // static uint8_t* GetPlainPwd(const std::string& privateKeyFile); - static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); - static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen); - void HandShake(); - void Event(); - // void Dispatch(); - static int HexToBin(const char *hex, unsigned char *bin, int outLen); - - bool environmentSupportPsk = false; - void run(); - private: - static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; - constexpr static const char *STR_PSK_KEY = "1a2b3c4d"; - bool serverRunning = true; - typedef struct { - uv_poll_t poll; - SSL *ssl; - BIO *write_bio; - BIO *read_bio; - } ssl_handshake_t; - - typedef struct { - uv_poll_t poll; - SSL *ssl; - uv_tcp_t *client; - int fd; - } ssl_uv_client_t; - void ConfigureContext(); - // char *clientPskIdentity; - // char *serverPskIdentity; - SSL_CTX *ctx; - // BIO *read_bio; - // BIO *write_bio; - SSL *ssl_cls; - char psk_key[8]; - - bool isServer; - // unsigned int maxIdentityLen; - -static int create_socket(bool isServer) -{ - int s; - int optval = 1; - struct sockaddr_in addr; - s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) { - perror("socket"); - exit(EXIT_FAILURE); - } - if (isServer) { - addr.sin_family - = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_port = htons(server_port); - if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - &optval, sizeof(optval)) < 0) { - perror("setsockopt(SO_REUSEADDR) failed"); - exit(EXIT_FAILURE); - } - if (bind(s, (struct sockaddr *)&addr, - sizeof(addr)) < 0) { - perror("bind"); - exit(EXIT_FAILURE); - } - if (listen(s, 5) < 0) { - perror("listen"); - exit(EXIT_FAILURE); - } - } -} - -static void on_ssl_handshake(uv_poll_t *handle, int status, int events) -{ - ssl_handshake_t *hs = static_cast(handle->data); - int ret = SSL_connect(hs->ssl); - if (ret == 1) { - std::cout << "SSL handshake success" << std::endl; - uv_poll_stop(&hs->poll); - } else { - int err = SSL_get_error(hs->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); - } else { - std::cout << "SSL handshake failed: " << err << std::endl; - ERR_print_errors_fp(stderr); - uv_poll_stop(&hs->poll); - } - } -} - -static void on_ssl_handshake_bio(uv_poll_t *handle, int status, int events) -{ - ssl_handshake_t *hs = static_cast(handle->data); - int ret = SSL_connect(hs->ssl); - handle->data = hs; - write_bio_to_socket(handle); - if (ret == 1) { - std::cout << "SSL handshake success" << std::endl; - uv_poll_stop(&hs->poll); - } else { - int err = SSL_get_error(hs->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(&hs->poll, UV_READABLE, on_ssl_handshake); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(&hs->poll, UV_WRITABLE, on_ssl_handshake); - } else { - std::cout << "SSL handshake failed: " << err << std::endl; - ERR_print_errors_fp(stderr); - uv_poll_stop(&hs->poll); - } - } -} - -static void write_bio_to_socket(uv_poll_t *handle) -{ - ssl_handshake_t *hs = static_cast(handle->data); - - char buf[16 * 4096]; - int len = BIO_read(hs->write_bio, buf, sizeof(buf)); - if (len > 0) { - uv_buf_t wbuf = uv_buf_init(buf, len); - uv_write_t *reqWrite = new uv_write_t(); - if (!reqWrite) { - std::cout << "uv_write_t allocation failed" << std::endl; - } - ssize_t n = uv_write(reqWrite, (uv_stream_t*)handle, &wbuf, 1, NULL); - if (n < 0) { - std::cout << "uv_write error: " << uv_strerror(n) << std::endl; - } - } else { - std::cout << "BIO_read error: " << uv_strerror(len) << std::endl; - } - - -} - -static void on_ssl_event(uv_poll_t *handle, int status, int events) -{ - if (status < 0) { - return; - } - SSL *ssl = static_cast(handle->data); - if (ssl == NULL) { - return; - } - int fd = SSL_get_fd(ssl); - if (fd < 0) { - return; - } - char buf[4096]; - if (events & UV_READABLE) { - int ret = SSL_read(ssl, buf, sizeof(buf)); - if (ret > 0) { - buf[ret] = '\0'; - std::cout << "Received: " << buf << std::endl; - } else { - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(handle, UV_WRITABLE, on_ssl_event); - } - } - - } -} - -static void on_new_connection(uv_stream_t *server_stream, int status) { - if (status < 0) { - std::cerr<<"newcon error"<loop; - uv_tcp_t *client = new uv_tcp_t; - uv_tcp_init(loop, client); - - // constexpr uint8_t GLOBAL_TIMEOUT = 30; - // uv_tcp_keepalive(client, 1, GLOBAL_TIMEOUT); - // int bufMaxSize = 511 * 1024 * 2; - // uv_recv_buffer_size((uv_handle_t *)client, &bufMaxSize); - // uv_send_buffer_size((uv_handle_t *)client, &bufMaxSize); - if (uv_accept(server_stream, (uv_stream_t *)client) == 0) { - uv_os_sock_t fdChildWorkTCP; - int childRet = uv_tcp_open(client, fdChildWorkTCP); - std::cout << "childRet: " << childRet << std::endl; - uv_os_fd_t client_fd; - uv_fileno((const uv_handle_t *)client, &client_fd); - SSL_CTX *ctx_tmp = (SSL_CTX *)server_stream->data; - if (!ctx_tmp) { - std::cout<ssl = ssl; - ssl_client->client = client; - ssl_client->fd = client_fd; - uv_poll_init(loop, &ssl_client->poll, client_fd); - ssl_client->poll.data = ssl_client; - on_ssl_server_event(&ssl_client->poll, 0, UV_READABLE); - } else { - std::cout << "accept error" << std::endl; - uv_close((uv_handle_t *)client, NULL); - } -} - -static void on_ssl_server_event(uv_poll_t *handle, int status, int events) { - ssl_uv_client_t *ssl_client = static_cast(handle->data); - if (!SSL_is_init_finished(ssl_client->ssl)) { - int ret = SSL_accept(ssl_client->ssl); - if (ret == 1) { - std::cout << "uv ssl handshake with client complete" << "Cipher" << SSL_get_cipher_name(ssl_client->ssl) << std::endl; - uv_poll_start(handle, UV_READABLE, on_ssl_server_event); - } else { - int err = SSL_get_error(ssl_client->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - uv_poll_start(handle, UV_READABLE, on_ssl_server_event); - } else if (err == SSL_ERROR_WANT_WRITE) { - uv_poll_start(handle, UV_WRITABLE, on_ssl_server_event); - } else { - uv_poll_stop(handle); - SSL_free(ssl_client->ssl); - uv_close((uv_handle_t *)ssl_client->client, NULL); - delete ssl_client; - } - } - return; - } - - if (events & UV_READABLE) { - char buf[4096]; - int ret = SSL_read(ssl_client->ssl, buf, sizeof(buf) - 1); - if (ret > 0) { - buf[ret] = '\0'; - std::cout << "read from client: " << buf; - SSL_write(ssl_client->ssl, buf, ret); - } else { - int err = SSL_get_error(ssl_client->ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - - } else if (err == SSL_ERROR_WANT_WRITE) { - - } else { - std::cout<<"disconnected"<ssl); - uv_close((uv_handle_t *)ssl_client->client, NULL); - delete ssl_client; - } - } - } -} - -void runServer() -{ - uv_loop_t *loop = uv_default_loop(); - uv_tcp_t *server = new uv_tcp_t; - uv_tcp_init(loop, server); - - struct sockaddr_in addr; - uv_ip4_addr("0.0.0.0", server_port, &addr); - uv_tcp_bind(server, (const struct sockaddr *)&addr, 0); - server->data = ctx; - - int r = uv_listen((uv_stream_t *)server, 128, on_new_connection); - if (r) { - std::cerr << "Listen error" << uv_strerror(r) << std::endl; - return; - } - std::cout << "server listen...." << std::endl; - while (serverRunning) { - std::cout << "uv_run" << std::endl; - uv_run(loop, UV_RUN_ONCE); - } - uv_stop(loop); - std::cout << "server exiting...." << std::endl; - -} - -// void runRawClient() -// { -// uv_loop_t *loop = uv_default_loop(); -// uv_tcp_t *tcp_client = new uv_tcp_t; -// uv_connect_t *connect_req = new uv_connect_t; -// uv_tcp_init(loop, tcp_client); - -// struct sockaddr_in dest; -// uv_ip4_addr("127.0.0.1", server_port, &dest); - -// int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); -// if (uv_status < 0) { -// return; -// } -// uv_run(loop, UV_RUN_DEFAULT); - -// uv_os_fd_t uv_fd; -// uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); - -// uv_poll_t *poll_handle = new uv_poll_t; -// poll_handle->data = tcp_client; -// uv_loop_t *loop = uv_default_loop(); -// uv_poll_init(loop, poll_handle, uv_fd); -// uv_poll_start(poll_handle, UV_READABLE, on_tcp_event); - -// uv_run(loop, UV_RUN_NOWAIT); -// // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 - -// char buffer[1024]; -// while (true) { -// memset(buffer, 0, sizeof(buffer)); -// char *txbuf = fgets(buffer, sizeof(buffer), stdin); - -// if (txbuf == NULL) { -// break; -// } -// if (txbuf[0] == '\n') { -// break; -// } -// if ((write(uv_fd, txbuf, strlen(txbuf)) <= 0)) { -// std::cout << "server closed connection" << std::endl; -// break; -// } -// uv_run(loop, UV_RUN_NOWAIT); -// } -// std::cout << "client exiting ..." << std::endl; - -// uv_close((uv_handle_t *)tcp_client, NULL); -// } - -void runClient() -{ - uv_loop_t *loop = uv_default_loop(); - uv_tcp_t *tcp_client = new uv_tcp_t; - uv_connect_t *connect_req = new uv_connect_t; - uv_tcp_init(loop, tcp_client); - - struct sockaddr_in dest; - uv_ip4_addr("127.0.0.1", server_port, &dest); - - int uv_status = uv_tcp_connect(connect_req, tcp_client, (const struct sockaddr *)&dest, on_tcp_connected); - if (uv_status < 0) { - return; - } - uv_run(loop, UV_RUN_DEFAULT); - uv_os_fd_t uv_fd; - - uv_fileno((const uv_handle_t *)tcp_client, &uv_fd); - SSL *ssl = SSL_new(ctx); - SSL_set_fd(ssl, uv_fd); - - ssl_handshake_t *hs = new ssl_handshake_t; - hs->ssl = ssl; - uv_poll_init(loop, &hs->poll, uv_fd); - hs->poll.data = hs; - - on_ssl_handshake(&hs->poll, 0, UV_WRITABLE); - uv_run(loop, UV_RUN_DEFAULT); - - if (SSL_is_init_finished(ssl)) { - std::cout << "handshake success" << std::endl; - std::cout << "Cipher: " << SSL_get_cipher_name(ssl) << std::endl; - - int fd = SSL_get_fd(ssl); - uv_poll_t *poll_handle = new uv_poll_t; - poll_handle->data = ssl; - uv_loop_t *loop = uv_default_loop(); - uv_poll_init(loop, poll_handle, fd); - uv_poll_start(poll_handle, UV_READABLE, on_ssl_event); - - uv_run(loop, UV_RUN_NOWAIT); - // 这里需要是no wait 否则无法接收到后续的信号,也就是需要按照不阻塞的方式往下走 - - char buffer[1024]; - while (true) { - memset(buffer, 0, sizeof(buffer)); - char *txbuf = fgets(buffer, sizeof(buffer), stdin); - - if (txbuf == NULL) { - break; - } - if (txbuf[0] == '\n') { - break; - } - if ((SSL_write(ssl, txbuf, strlen(txbuf)) <= 0)) { - std::cout << "server closed connection" << std::endl; - ERR_print_errors_fp(stderr); - break; - } - uv_run(loop, UV_RUN_NOWAIT); - } - std::cout << "client exiting ..." << std::endl; - } else { - std::cout << "SSL connection to server failed" << std::endl; - ERR_print_errors_fp(stderr); - } - SSL_free(ssl); -} - -static void on_tcp_connected(uv_connect_t *req, int status) -{ - if (status < 0) { - std::cout << "tcp connect error" << uv_strerror(status) <isServer = isServer; - this->InitSSL(); - strncpy(this->psk_key, inputKey.c_str(), 8); -} - -HdcPsk::HdcPsk(bool isServer) -{ - this->isServer = isServer; -} - - - -HdcPsk::~HdcPsk() -{ - SSL_CTX_free(ctx); -} - -void HdcPsk::run() -{ - if (isServer) { - runServer(); - } else { - runClient(); - } -} - - - -void HdcPsk::InitSSL() -{ - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); - ctx = CreateContext(); - // if (ctx == nullptr) { - // // WRITE_LOG(LOG_FATAL, "create context failed"); - // return; - // } - ConfigureContext(); -} - - -// bool HdcPsk::EncryptPsk(string &buf, AuthVerifyType type) -// { - // RSA *rsa = nullptr; - // EVP_PKEY *evp = nullptr; - // string prikeyFileName; - // bool signResult = false; - - // if (!GetUserKeyPath(prikeyFileName)) { - // WRITE_LOG(LOG_FATAL, "get key path failed"); - // return false; - // } - // if (!LoadPrivateKey(prikeyFileName, &rsa, &evp)) { - // WRITE_LOG(LOG_FATAL, "load prikey from file(%s) failed", prikeyFileName.c_str()); - // return false; - // } - // if (type == AuthVerifyType::RSA_3072_SHA512) { - // signResult = RsaSign(buf, evp); - // } else { - // signResult = RsaEncrypt(buf, rsa); - // } - // if (rsa != nullptr) { - // RSA_free(rsa); - // } - // if (evp != nullptr) { - // EVP_PKEY_free(evp); - // } -// } - -void HdcPsk::ConfigureContext() -{ - SSL_CTX_set_ex_data(ctx, 0, this); - if (this->isServer) { - SSL_CTX_set_psk_server_callback(ctx, PskServerCallback); - } else { - SSL_CTX_set_psk_client_callback(ctx, PskClientCallback); - } - SSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"); -} - -// static uint8_t* GetPlainPwd(const std::string& privateKeyFile) -// { -// std::vector encryptPwd; -// Hdc::HdcPassword pwd(); - -// if (!ReadEncryptKeyFile(privateKeyFile, encryptPwd, pwd.GetEncryptPwdLength())) { -// return nullptr; -// } -// if (!pwd.DecryptPwd(encryptPwd)) { -// return nullptr; -// } -// std::pair plainPwd = pwd.GetPassword(); -// if (plainPwd.first == nullptr) { -// return nullptr; -// } -// uint8_t *localPwd = new(std::nothrow)uint8_t[plainPwd.second + 1]; -// if (localPwd == nullptr) { -// WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second); -// return nullptr; -// } -// memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second); -// localPwd[plainPwd.second] = '\0'; -// return localPwd; -// } - - -// unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -// { -// SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); -// HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); -// thisClass->psk_key[8] = '\0'; -// std::cout<< "psk key is:" << thisClass->psk_key << std::endl; -// // 动态加载 -// // WRITE_LOG(LOG_DEBUG, "Server received PSK identity: %s", identity); -// if (strcmp(identity, STR_PSK_IDENTITY) != 0) { -// return 0; -// } - -// unsigned char key_bin[32]; -// int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); -// // int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); -// std::cout<< "key_bin is:" << key_bin << std::endl; -// if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { -// return 0; -// } -// std::cout << "PskServerCallback" << std::endl; -// memcpy(psk, key_bin, keyLen); -// return keyLen; -// } - -unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - - -unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - - - -// unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, -// unsigned char *psk, unsigned int maxPskLen) -// { -// SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); -// HdcPsk *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); -// // WRITE_LOG(LOG_DEBUG, "Client received PSK hint: %s", hint ? hint : "none"); -// std::cout<< "psk key is:" << thisClass->psk_key << std::endl; -// if (sizeof(STR_PSK_IDENTITY) >= maxIdentityLen) { -// return 0; -// } -// strcpy(identity, STR_PSK_IDENTITY); -// unsigned char key_bin[32]; - -// int keyLen = HexToBin(thisClass->psk_key, key_bin, sizeof(key_bin)); -// // int keyLen = HexToBin(STR_PSK_KEY, key_bin, sizeof(key_bin)); -// std::cout<< "key_bin is:" << key_bin << std::endl; -// if (keyLen <= 0 || static_cast(keyLen) > maxPskLen) { -// return 0; -// } -// memcpy(psk, key_bin, keyLen); -// std::cout << "PskClientCallback" << std::endl; -// return keyLen; -// } - - -void HdcPsk::HandShake() -{ - SSL_connect(ssl_cls); - // int ret = SSL_connect(ssl); - // if (ret == 1) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake completed"); - // } else { - // int err = SSL_get_error(ssl, ret); - // if (err == SSL_ERROR_WANT_READ) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake want read"); - // } else if (err == SSL_ERROR_WANT_WRITE) { - // WRITE_LOG(LOG_DEBUG, "SSL handshake want write"); - // } else { - // WRITE_LOG(LOG_DEBUG, "SSL handshake error: %d", err); - // return; - // } - // } -} - -void HdcPsk::Event() -{ - int fd = SSL_get_fd(ssl_cls); - if (fd < 0) { - return; - } - char buf[4096]; - int ret = SSL_read(ssl_cls, buf, sizeof(buf)); - if (ret > 0) { - buf[ret] = '\0'; - } -} - -SSL_CTX* HdcPsk::CreateContext() -{ - const SSL_METHOD *method; - SSL_CTX *ctx_t; - if (this->isServer) { // TODO: 待重构子类,先按照样例实现 - method = TLS_server_method(); - } else { - method = TLS_client_method(); - } - ctx_t = SSL_CTX_new(method); - return ctx_t; -} - -int HdcPsk::HexToBin(const char *hex, unsigned char *out, int outLen) -{ - long len = 0; - unsigned char *tmp = OPENSSL_hexstr2buf(hex, &len); - if (!tmp || len > static_cast(outLen)) { - OPENSSL_free(tmp); - return -1; - } - memcpy(out, tmp, len); - OPENSSL_free(tmp); - return static_cast(len); -} - - - -int main(int argc, char **argv) { - bool isServer; - bool isBIO; - std::string inputKey; - if (argc < 2) { - std::cout << "Usage main s" << std::endl; - std::cout << " --or--" << std::endl; - std::cout << " main c ip" << std::endl; - std::cout << "c = client, s = server, ip = dotted ip of server" << std::endl; - exit(EXIT_FAILURE); - } - isServer = (argv[1][0] == 's'); - isBIO = (argv[1][0] == 'b'); - - std::getline(std::cin, inputKey); - HdcPsk psk(isServer, inputKey); - // HdcPsk psk(isServer); - psk.run(); - return 0; -} - -/** - * - * L0 用例1 - * data输入加密接口, - * 从解密接口输出data - * 校验data一致 - * - **/ diff --git a/src/common/ssl_tcp.cpp b/src/common/ssl_tcp.cpp deleted file mode 100644 index 945c0929..00000000 --- a/src/common/ssl_tcp.cpp +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "ssl_tcp.h" - - diff --git a/src/common/ssl_tcp.h b/src/common/ssl_tcp.h deleted file mode 100644 index 8f12184f..00000000 --- a/src/common/ssl_tcp.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef HDC_SSL_TCP_H -#define HDC_SSL_TCP_H -#include "common.h" - -namespace Hdc { -class HdcSSLTCPBase : public HdcTCPBase { - public: - HdcSSLTCPBase(const bool serverOrDaemonIn, void *ptrMainBase); - virtual ~HdcSSLTCPBase(); - - static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) override; - int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size, HSession hSession) override; - - private: - SSL_CTX *sslCtx; - SSL *ssl; - // 其他 SSL 相关的成员变量... - - void InitializeSSL(); - void CleanupSSL(); - void PerformSSLHandshake(); - int ReadSSLData(uv_stream_t *tcp, uint8_t *buf, int size); - int WriteSSLData(uv_tcp_t *tcp, uint8_t *buf, int size); - void HandleSSLError(int sslError); - }; -} - \ No newline at end of file diff --git a/src/common/ssl_test.cpp b/src/common/ssl_test.cpp deleted file mode 100644 index 3098e3f0..00000000 --- a/src/common/ssl_test.cpp +++ /dev/null @@ -1,78 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#define SERVER_PORT 4433 -#define BUFFER_SIZE 1024 -#define CERT_FILE "server.crt" -#define KEY_FILE "server.key" - -void initialize_openssl() { - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); -} - -void cleanup_openssl() { - EVP_cleanup(); -} - -SSL_CTX *create_context() { - const SSL_METHOD *method; - SSL_CTX *ctx; - - method = SSLv23_server_method(); - ctx = SSL_CTX_new(method); - if (!ctx) { - perror("Unable to create SSL context"); - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } - - return ctx; -} - -void configure_context(SSL_CTX *ctx) { - SSL_CTX_set_ecdh_auto(ctx, 1); - - if (SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) <= 0) { - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } - - if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0 ) { - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } -} - -int main(int argc, char **argv) { - int sock; - SSL_CTX *ctx; - int opt; - - initialize_openssl(); - ctx = create_context(); - - while ((opt = getopt(argc, argv, "sc")) != -1) { - switch (opt) { - case 's': - configure_context(ctx); - // Server code here - break; - case 'c': - // Client code here - break; - default: - fprintf(stderr, "Usage: %s [-s|-c]\n", argv[0]); - exit(EXIT_FAILURE); - } - } - - cleanup_openssl(); - return 0; -} diff --git a/src/common/test01.cpp b/src/common/test01.cpp deleted file mode 100644 index 40a2a6d4..00000000 --- a/src/common/test01.cpp +++ /dev/null @@ -1,40 +0,0 @@ -#include -#include - -struct PskInfo { - unsigned char bin[32]; - size_t len = 32; -}; -using HPreSharedKey = struct PskInfo *; - -std::string toHex(const uint8_t* data, size_t size) { - std::stringstream ss; - ss << std::hex << std::setfill('0'); - for (size_t i = 0; i < size; ++i) { - ss << std::setw(2) << static_cast(data[i]); - if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - ss << "|"; - } - } - return ss.str(); -} - - -int main() { - - HPreSharedKey psk = new PskInfo; - unsigned char* buf = psk->bin; - RAND_bytes(buf, sizeof(psk->bin)); - - std::cout << psk->len << std::endl; - // to hex - std::cout << toHex(psk->bin, psk->len) << std::endl; - memset(psk->bin, 0, psk->len); - RAND_bytes(buf, sizeof(psk->bin)); - std::cout << toHex(psk->bin, psk->len) << std::endl; - RAND_bytes(buf, sizeof(psk->bin)); - std::cout << toHex(psk->bin, psk->len) << std::endl; - // delete[] psk->bin; - delete psk; - return 0; -} \ No newline at end of file diff --git a/src/common/test02.cpp b/src/common/test02.cpp deleted file mode 100644 index 01cfe83e..00000000 --- a/src/common/test02.cpp +++ /dev/null @@ -1,328 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#if !defined(OPENSSL_SYS_WINDOWS) -#include -#include -#include -#include -#else -#include -#endif -#include -static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; -unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - strcpy(identity, STR_PSK_IDENTITY); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - - -unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - -std::string toHex(const uint8_t* data, size_t size) { - std::stringstream ss; - ss << std::hex << std::setfill('0'); - for (size_t i = 0; i < size; ++i) { - ss << std::setw(2) << static_cast(data[i]); - if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - ss << "|"; - } - } - return ss.str(); -} - - -int main() { - - -// #if OPENSSL_VERSION_NUMBER >= 0x10100003L -// if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) -// { -// } -// ERR_clear_error(); -// std::cout << "sss" << std::endl; - -// #else -// SSL_library_init(); -// OpenSSL_add_all_algorithms(); -// SSL_load_error_strings(); -// #endif - - - const SSL_METHOD *c_method; - c_method = TLS_client_method(); - - SSL_CTX *c_ctx = SSL_CTX_new(c_method); - - unsigned char word[32] = "0xxx1xxx2xxx3xxx4xxx5xxx6xxx7xx"; - RAND_bytes(word, 32); - // unsigned char *p = word; - SSL_CTX_set_ex_data(c_ctx, 0, word); - SSL_CTX_set_psk_client_callback(c_ctx, PskClientCallback); - - SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); - - - BIO *readBIO_c = BIO_new(BIO_s_mem()); - BIO *writeBIO_c = BIO_new(BIO_s_mem()); - - - SSL *ssl_c = SSL_new(c_ctx); - - SSL_set_connect_state(ssl_c); - SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); - - - - const SSL_METHOD *s_method; - - s_method = TLS_server_method(); - SSL_CTX *s_ctx = SSL_CTX_new(s_method); - SSL_CTX_set_ex_data(s_ctx, 0, word); - SSL_CTX_set_psk_server_callback(s_ctx, PskServerCallback); - SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); - BIO *readBIO_s = BIO_new(BIO_s_mem()); - BIO *writeBIO_s = BIO_new(BIO_s_mem()); - SSL *ssl_s = SSL_new(s_ctx); - SSL_set_accept_state(ssl_s); - SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); - - if (SSL_is_init_finished(ssl_s)) { - std::cout << "s okkkkk" << std::endl; - } - if (SSL_is_init_finished(ssl_c)) { - std::cout << "c okkkkk" << std::endl; - } - uint8_t *buf = new(std::nothrow) uint8_t[1024](); - memset(buf, 0, 1024); - int ret = 0; - int nread = 0; - int nr = 0; - int nw = 0; - // cliend hs - if (!SSL_is_init_finished(ssl_s)) { - ret = SSL_do_handshake(ssl_c); - if (ret!=1 && SSL_get_error(ssl_c, ret) == SSL_ERROR_WANT_READ){ - std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; - } - - nread = BIO_pending(writeBIO_c); - int nr = BIO_read(writeBIO_c, buf, nread); - std::cout << "ret is"< s - nw = BIO_write(readBIO_s, buf, nr); - } - - - // server hs - - // int nwrite = BIO_wpending(readBIO_s); - // std::cout << "ret is"< c - // client hs - // sleep(1); - nw = BIO_write(readBIO_c, buf, nr); - ret = SSL_do_handshake(ssl_c); - if (ret!=1 && SSL_get_error(ssl_s, ret) == SSL_ERROR_WANT_READ){ - std::cout << "SSL_ERROR_WANT_WRITE" << std::endl; - } - memset(buf, 0, 1024); - nread = BIO_pending(writeBIO_c); - nr = BIO_read(writeBIO_c, buf, nread); - std::cout << "ret is"< 0) { - // std::cout << "?/" << std::endl; - // BIO_reset(writeBIO_c); - // } - - uint8_t buff01[12] = "hello world"; - uint8_t buff11[12] = "happy world"; - nw = SSL_write(ssl_c, buff01, 12); - std::cout << "write " << nw << std::endl; - nread = BIO_pending(writeBIO_c); - std::cout << "nread " << nread << std::endl; - - - memset(buf, 0, 1024); - - nr = BIO_read(writeBIO_c, buf, nread); - nw = SSL_write(ssl_c, buff11, 12); - nread = BIO_pending(writeBIO_c); - nr = BIO_read(writeBIO_c, buf + nread, nread); - - - - std::cout << "Server: " << "Client: ["< 0) { - // BIO_reset(readBIO_s); - // } - nw = BIO_write(readBIO_s, buf, nr*2); - std::cout << "read " << nw << std::endl; - uint8_t *buff02 = new uint8_t[1024]; - int nwrite = SSL_read(ssl_s, buff02, nr); - std::cout << "read " << nwrite << std::endl; - std::cout << "Server: " << "Client: ["<2nqs21|kJ3bs!8*+JKP+q_*}s%uL9vNhZv^VDQuy zi@0QCPO;V2Dm_KdZtI@9E4#Hl_Q%#JYSh!Z($-zvt}WZvJ(Gf6O#P9%>g?xx@BO~H zb2HC%J^Rm|&CSVt-}iIB-|xNmdw;z5?tAb1`Dn|AiaPtNJM9hZ`KDO z5wS|lz;C?>imBkINKEBN6hW>^$0|x`wZ&h@S^~g8Xmn*&MmQq@y^?FH&k}i+jMbNO; z8`gSE8?--}vOmcj{jbvgw5e5XVe55jJ)5qFO-f9u3`%V;yU7nyUaQud9aeU1`mllp zQ!ejn=&`G`$a@m)PO({+=hqM8y4_4^oKRZUmEOLxaamV#X;-?ZuYYO(s+CJuHimMU z&~lki^$Oyj#?+OYwg_~~Fk#x9sMw=;wnurhbw0`W9*aDF&e4NcUjEIw)1JTM)Vw<@ ze)JKNp?Z@J$xtGDy30L&9*#&x`Qr}E!x}*trTO@OKJ{Gpg6`=}wRcZ%l3e3=gpSOoEJr<6~* z=Rq)N3xi+cgKq#{u76#h`nV`}UK#r*AwLUeqwB9$nKj@keG2k~M_LunxNw@=H#*5w zHnk(2b5q&&jZIydo>Y5$dsj+0&W`R(kCSubS=VutXj#GbmNqAs%I->Ko$i#|nMsPa zwiY0+lgRY+q!KRKa8nX(YTxGcq;8bQ*;G6!u4;{LBJp%j8gjWVnX?1Bscbfr6=XZn zl}`1zw(WQ#k?J)~Q-Ryl8EGJyaXRBY$y{gr230PVxvu#tN0vzkH)hkQQc3BF?CxGS zBgJwkty>PdDrC)(U_IMEr;I&Le-0rkDIMKG1@FR@4tJ0aA1Bp~)GupjA9Npy^Z{4uDEz{;i0km)3 z6mD>wM1OyLdwN$m{1F^?#dA5w-QAml$2u})q?SV?mo6uWDktDo>e&8%r#F?&WqRUW zX?M4?t3kG?E7$z~T9ar;TP}54KanWcoF>&ADlXIK3TI2tjp?4GvpJRP>!x9q=#M)c zX)5|AVsQ>j=uy@kPxoj644D2jlqn~1gOljI!Rd&ny9A^$O6U}~f{s<6d2G&2CKfLy zb|vNRNWe02VJWNdE1Q~}6`=;vv~AnkbD$q z371q=qLxnBNM!#}!+vlvUFl5`^NAnF9{%1>+ z{3;8-TjMbs*L zf%6=ojAI6l0p_LS2F~|jl$kg1^F3)HP8s+G20m`!^#)#}{Xq5quz~Y=lajG$JOcO8F8MvNGGB0T0bREuVp@CyUda1#{sccTG4E%HkK_do^ zg~UrS1E21pSdR=`-l zy1(Icz`#GmAn4r&evW}3GVnSBf55=cHSog*KF7cxF>tz848ZPOnTt|i3k2T^Zd7Bdrwx!2CH6NCPZxCuv<}hKDPIX z>Lbzvg-d@H5@M{d;O8JSFAyZ(NjYPq|5hjz4oIFhUdBd`dOU5ojEz3#@wCx0Hu`rS zPa7;_qxX3{ZR(7T-r@1I(K0rAi^tOj%h>2nkEac=?C9Q{me;5V_ozdP019t{tNpNS2vc^17^sLet0wT{rt3vLCA2{yFmJ|MB7 zs(Xm69(QXo^|sP6rrv3V<1;VVLvlwnh5Sw_e<|&-#}>UC8#onv> zeb=200}Hf)>ca63ISyE#=I5R@`!HNY-{LK?y=#897>BWem)+^H!8KE%mjCN_3WamV1n4!U0Xq(6EiGU;Fo^x9&#oZOEIoQw@lS+G#risr+^v7vpv|5+%+21fEZ z2?Abr9^p zvDo02d@{Cpwrsc?IkB3&5*s*TG^iGWC#Dr~_R6Qo9xR}$50JxG;3qbC-S{&{*t1xM zYX)w9d!TQ8@6B%q`aXKg&EsgX=v$7#@)Y$iRM(K!P}QbOhPhkjLBC(PD zwQpmYDq8(9*?5#z==_(_jn|bF7aO>FJT_Fj0}n-FgVFKWK+TWI4Uf`Kz8;1YTOooX zf0oBir`+$rhek2l(s@No2M!##?ua};(6FJ#Nf}wpNd5`bg^K)f1B_A2ehz!jl*l(g zJ|7$CJ02U@0?$W}p}~XEd~7fhj16uCD*OGH&>M)p4VQ_}FNH&v;bcG#8LGNPJ0uN> z*kJ8%Fj!*)|3qbd708KJh@9;SH!f1uxSWIs9v_Up4I2ahoIj~}$i9QK4jBe`js+vTfE8;cz05JexEP{3UlbDkPK2ZcQ8l?q{?~(l6A`VYUd?Dd3=}Ep- z%f~PdIA4zBS0QrZd|o*y4|)eN>-4g*Q<|m~!<wcPD zx|qQ&<7)Un{U&!?MITL>46V>|%7ke8qSTeLwzUr}AXZM9Bvq~x!k_Yl>vgxCM#4t7 zeP1bOi^><1@?t2j@|2&Dxg+_Xpe`67(W3BMK+v6D8z=PVM`=(G)n@B;(*|nt9kR%Y z{rRr6F7cXtm>4up))xyoI=?PISA(w=B}@9VrHGgG=P%x%dQ<=T_Gdj*C-mn}HWPc8N!dL4qSxv%5 ze~v2U`-{rgkTUh>t)B90GIu2ZHtK@@>?;ai0%5a1y)(g3?L&A{3@6fgN0E{IgBavx zrS*B^d-i$bUKD7I7Q_0^iPks$Ppz+!)-j3Xw50na@6HI|WSaEA|8Wn{n^E3NdqH{+ zER_`N<8C}iukpF5o}ilvLg2EX2yWl)rgBo6-t{XHRzNn>t!3%G!!kmNRC-q`30uey z-Wcz3bHR8}%EeJucdt9)6+>MLRGQ?wib3z?!(grt?Ule9o`xwE-$iA{Wz1Y z2fYm|RT4Cd^Tq9;TXE9+1?a7yuYo=cIveHu2DA~B-@ORjv{?lDYXWnoPpduvyM)vG zJKJ6@6mW9Ki~Q5%Yalo=h(`Pe|A6%ta^lRI4QJMUeC8Q9R__s4oO{_NE9TDwD)m1N zx*vX!iUcB&T^Ij*fbSuFov5ta@qZ8evWc+hnKidnG|iY=5k-wuT^akn4&etxI% zc=vng--`TizK8x_BL8fR!>wld6&tdSKE6lOCA#z@!Ik5AgQ^{5=4_|Ic## zemcMB&+qkfKEJ2V@9*>b`kc@2tMhyL{2o5%^ZWNK$2h-dZ{z$vJ+5|SqHiH6F;CxK zm^^*UVe<6thso2o7?h?ff(v7HFhlbT^R+R*qg3WzFE`4Qs z{oO)_4i4j*of2P|Y{L#GC2Ww%bX@13uK8BY)1ypE{Ejr;qnJsHiBt08yZG&BM7NKw z+bQYd1iynlOpj6w{Fp9?>z&v7*f5ug%RgW9EQi|>**^4xgz(H#^5eQ8*uIfGw;PwO zl7B$wYkEpk ze5@-|jiy0O8#Ik*+N$aGn)YhCN7DnE9@11<{oud+9SU2(r(Bl>7jD_!*W>mD!{Jb4 zs9|ZiPqN|9EngmLXk4UW)+kQ{fTxI83wADzqX2Sl*8?`F1?W+EIe8jq75K`f_d+eG zNl@d5EPRE=?RBgfcmQ{qy_<0$j}_e_kIxZ2ZxxFBbsSK+ygo9%U&?<-@H)Www{TFd z{(mp!=Zc+HxsL%S`+FBC3-aCwhp%d!*JJ)h#?L=haC887`kYN2BhD85 z{XNTHB<*}y*z<(G-wlX!y>*4pGSCo`I^Mf z5`2E(_3r^~e@y#LFL&Y*jq`bk%Y7DjjhG|qTDj(m9+md%#Pxbz2@3?sVp9g%Fs&dJ18}PF#W(huza^@!qXU3qr zfK$8pI$@d4yA60fH2D0_=c6zC*!i{({)7*H7y6z2AGuH!DEG{8_*)h>qPVV6WpCSELVp=lufz!C!qsJA`>lMJueK+4M@ribB22S;PcA?5+KYS55&1-v} z9+dc8(Z9LW)_uUKJ`ro29|m5oAOFz@AJumFx|FZ~-jMiNg0EY7y{f{6T@B7Vwx4GK zr*>_^!&FM_=a9zjevbezS5FF#LU!zaaW!uH?KX|`bvn5A zZ;`71Zxs=5`pD0~g(ub1UboK!Ue5jsEq~kMQu|wg2X$E{+390vzqVta7w*wG-_Nig z9`v#QLm&JF;N{{&oB&>~U1wmyEQgD>MAi+5GWa|nkqI0(zC!@WxqTfSp@b;LlW^Q_ z1R}`v;DLie*_;#a>lcYkcW+n9O(pSleOU<#6p(h}*=&5bgCG#u z-J&BK?@l?%zV7bbP%$_aLc$cqgCMtIMJUnRE5jSKta6-mh5}81Z4ArM0xn`S5R#^7 z1aUWwfES1xfsh!8+t8Pgd_x-X93Ei(|QVz;UE}} z6OB0vjIG}+ob{jFw02{2lc#;vh7D~|M1okmt|jV}2D*rFBnlO206`*(&w|!3M|cQ+ zRy9Gey_qESQzFESXe%mGa0Y&4)I>(KStTsZI;kWcqamYxD@!8M$5n{BkWBYDeK|a5 zqmm~C^RTN?64W8W;Sne%0ym7j?5J=Jw(hP^HW zw@``nbl5KNS~WBE^IRD*hT@@E^|ywJPxKbUg{6~NO>2iHv5KK0uuLZ9d^VN^@~#;Y z$Eqr2>%cr#4u*d-Ho35GEY;^u(cS zOiQkoiV|cur|5*T*55N0Q%MY+2#2uIOP*fObrhjuG0G?JH;j`Sp$HIEQtt`DohFQs z30+CEqQr&><#uLpw5H z=^&R%h!BDhfu(B@NN41!GL-7nR~?;6SYr;wAlOihpGXS zvdZ!9G|E!eF{eZbmqp#U+A%K~KhQDl`_ipBZjWWE!~G#8ro8W~P$kR9MCtYtmxiAH zDy`2{Z!eIjOniUM{7M{{`gYvL`7Ed@Zre%{?Sq;6ybs4TSRze(TBYe4uz0m0!|mt& zY^Gd)+y=;G*FO%F?u}TV_q&<)YkyE3$iFtiuV z`n>(6pbKZktU+h(5kx0xQ-`c!}15_if6p|c4U;}Sld$#g14ce!`yvR2Qc(WV9d${v`~M(vP5od{i8Gb&6d4xy{+Q{v zEd9gvN|-6ju?gmx9=7y{wLa550oGKM^_YI&(&zmirZ4lxk~YJ7Z1qt~pZB$x&R{`J zZT~%~^|}9fKauGytNz@7Z1$&?KJVi)rFVkNWS9R-WKt1a{?lP4&GdJip^ez(zijD0 zsP~^^LPpF^ zRuM8k7Li26^!%g!MS8}`_2+g`HrHKgsNVz4iY{XXoyq00EbUR3(|`18B|-6P&1A9S FzW{BpkH`Q3 diff --git a/src/common/test03.cpp b/src/common/test03.cpp deleted file mode 100644 index 7f792f19..00000000 --- a/src/common/test03.cpp +++ /dev/null @@ -1,138 +0,0 @@ -#include -#include -#include -#include -#include - -class SSLBase { -public: - SSLBase() { - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); - } - - virtual ~SSLBase() { - ERR_free_strings(); - EVP_cleanup(); - } - - void SetCiphersuites(const char *ciphersuites) { - SSL_CTX_set_ciphersuites(ctx, ciphersuites); - } - - void WriteToBIO(const uint8_t *data, size_t len) { - int nw = BIO_write(writeBIO, data, len); - if (nw <= 0) { - std::cerr << "BIO_write failed" << std::endl; - } else { - std::cout << "Data written to BIO: " << nw << " bytes" << std::endl; - } - } - - void ReadFromBIO(uint8_t *buffer, size_t len) { - int nr = BIO_read(readBIO, buffer, len); - if (nr <= 0) { - std::cerr << "BIO_read failed" << std::endl; - } else { - std::cout << "Data read from BIO: " << nr << " bytes" << std::endl; - } - } - - void SendData(const uint8_t *data, size_t len) { - int nw = SSL_write(ssl, data, len); - if (nw <= 0) { - std::cerr << "SSL_write failed" << std::endl; - } else { - std::cout << "Data sent: " << nw << " bytes" << std::endl; - } - } - - void ReceiveData(uint8_t *buffer, size_t len) { - int nr = SSL_read(ssl, buffer, len); - if (nr <= 0) { - std::cerr << "SSL_read failed" << std::endl; - } else { - std::cout << "Data received: " << nr << " bytes" << std::endl; - } - } - -protected: - const SSL_METHOD *method; - SSL_CTX *ctx; - BIO *readBIO; - BIO *writeBIO; - SSL *ssl; -}; - -class SSLClient : public SSLBase { -public: - SSLClient() { - method = TLS_client_method(); - ctx = SSL_CTX_new(method); - readBIO = BIO_new(BIO_s_mem()); - writeBIO = BIO_new(BIO_s_mem()); - ssl = SSL_new(ctx); - SSL_set_connect_state(ssl); - SSL_set_bio(ssl, readBIO, writeBIO); - } - - void PerformHandshake() { - int ret = SSL_do_handshake(ssl); - if (ret != 1) { - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - std::cout << "SSL wants a read attempt" << std::endl; - } else { - std::cerr << "SSL_do_handshake failed: " << err << std::endl; - } - } else { - std::cout << "Client handshake successful" << std::endl; - } - } -}; - -class SSLServer : public SSLBase { -public: - SSLServer() { - method = TLS_server_method(); - ctx = SSL_CTX_new(method); - readBIO = BIO_new(BIO_s_mem()); - writeBIO = BIO_new(BIO_s_mem()); - ssl = SSL_new(ctx); - SSL_set_accept_state(ssl); - SSL_set_bio(ssl, readBIO, writeBIO); - } - - void PerformHandshake() { - int ret = SSL_do_handshake(ssl); - if (ret != 1) { - int err = SSL_get_error(ssl, ret); - if (err == SSL_ERROR_WANT_READ) { - std::cout << "SSL wants a read attempt" << std::endl; - } else { - std::cerr << "SSL_do_handshake failed: " << err << std::endl; - } - } else { - std::cout << "Server handshake successful" << std::endl; - } - } -}; - -int main() { - SSLClient client; - SSLServer server; - - client.PerformHandshake(); - server.PerformHandshake(); - - uint8_t dataToSend[] = "Hello, server!"; - client.WriteToBIO(dataToSend, sizeof(dataToSend) - 1); - - uint8_t buffer[1024]; - client.ReadFromBIO(buffer, sizeof(buffer)); - - server.ReceiveData(buffer, sizeof(buffer)); - - return 0; -} \ No newline at end of file diff --git a/src/common/test04 b/src/common/test04 deleted file mode 100755 index ccab7dba1170b1be452672d4693ad8844a8ff26e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29216 zcmeHQYjj)Hl|FLf;4}d{DS?y#5syG1#8{4PoB&0^QF2Y}V4}FBP`H+5IaZM+BV7@P zMLMSDrDd{~X-k`#PD@&*EkmIbN(vb|1oKM5YRj0RbTZRY424$a(J?MOJCrjRUe`oJ~_Sxs$$GMN4zX`OgE%SJoDl^z88RwP=#4jtxqDq1>KWk*i z;_qq9%Vq(diJxCqJL#b^QK4vsl$!xcdJAcz2t8TAOi|?_QPOiO!^evnMOl^LNw1tX zz4Qmg%m3OmBIOj-^>}-JDes{FDxFbO*Q3}hZ4r7)KT}92WWU=;h>C2V!bMP<)N7M^ ziq^<@Dyrg1ZqTn$+I7+z)KO8?sn;X*oOF#)V~SE6RDy3>6Q@o=`bI7VT`PJ3rR7JQj_o`|Z_ie)iE<9~?RVnn3o) zFMph5$Zygi87d?%hur3?u|+Zzk1BQ-JI!0g2&1v};Wrw2zIRFQ+@|I4n%6GaIkyRr zYxyE-<`=0w=z`Be!^PxVT<}(Os+jy{7yFYgcol+B%+5DlCfEAs2tPqTSPr*xv*Bc{po#ghXW(IgZi}I*%=6hCH81nEe^?A$flX7h_7Ena!J8 z&8|o?vL%|bBFRmyO|e8gvMJOVi!jsN(wm5zDJzt;OjC#!72MPkG*gk}4UweT8?ky4 zT`U-E0b-fqL_8h|TV%tEaI|UDW>FLE>xm>&>8KS+*%k4~R=&Ljs*z+ekz`~#9E(Qc zmeX`79FFukEq5m)q8VzuGn(Mmx)NqjDBhLo30;@>fj7}_c7?2v-6VMp|2VH);TA7# zzT8YkLS2kDwkF{--%7!!UcN=rR2R0AF=k#Bv@VDzte#|ID`#S<=5WyR`NBP+q-iBX zQ42sIuo2jb&QK~EHWMie_IsN*nVV|NK(N6KTJ>fyVjW387&@|%3(Sq{H^39q4EOi@ ze7;)I6k3YLw=@Uq%wWB_$!7)v@Nq*h5laQ4+}pZHyesyR9p*;zjWz0x$<7stf#^e% zFK~mv8c7pyrBkmyFzW`Q9RVU5iP8ggK1j4aSZ2QHk#p07|VLIZGD(r4O)f0%lF!4 zh+N}k$K@#FE%hmkiL~9PBF%ls6m6s_+8vF>nu9C&z=&x?BbD!K5EGi2?eVSAc$c{` zl1lf|ktN(8GP|P`@*9c8WnfqyXnI4@xD>!Kqd#gf>}1%TiG=&Mp$Z3+@O5Um=Q^`H z6pb^q|?adGqQ^n@t~F;6^rYMnzq9Z9^gJ(^)zam+^ly zas5eK;%_;&X0c;f1^&*)YNH%X#3b*~q{wzIa)VUV817i)B#JChxj^=+s>J{moip{3(cPdZ<^>&v(dp3N3Yeh=p> z*cp;fpA?-|k%^YS(dpAsd1!uTpSWxoU zbAA@wtqaw9Y-|Zh;aXmvCl#Kh3w)GD2fj&sOty{Gp&16QP&ZK(^^Osbv;7(`3eNxd97fM0a4c^gzVCA47gqH z({MG1sdBf5W4P_ISHr1oRYo+N#z2*W8csf`GOFR2&~`bb;UBY6#>O-pJCt3r8a~%X z8Jo~>>|l18((vPK6dQ89$Vb`_RjJVMc?txr(s2DcbD@TRT$A@|xV)vqYnN*H0!_X~ z!%xugMh!nv!~Gh*P{R!k|AdCOY4}MRzFET;X?TZ*pRD0M8h(m~_i6a48s4wri#2>e z!@U}QhlZb~;lmoPU$^hn@G~^|T^fF-hTo^*XKDCu4L@7M_iFe#8a|@ov?eK)QUpp7 zC`F(Yfl>rY5hz8V6oFC%N)hN`Kl*ko==7^HGBBl#YxnH+yLm&*-vo)*rN<1g4eEtn_ApR{>eC{K<*Wb?E@o*e&% z&C|koa{Mlvrv>rk_{}y?i_FRK>usKHOiYf4Y@QaxljB#|JS~JL$5-1tEr2J-eKt=E z-^uaQY@QapljHMjo))^3;~tx*8y=J6?|z{AOAB7~-{xtdi~id@EpX9)o2P{>`fu~J zphf>}o))s`zs=JE7X7z*TDYSBHctyy^xx)bp^E<7JS|Ysf19U;Df(~ov>-+QZJrjQ z=)cX=0u=qX`Nf=n_kGoWFXvyid0J?q|29txO!VL8X<>=}+dM5O(SMs?!uh)tkJ+~T zVw!Dh7@u$8-?^}mf5XAQ?BHK=@IP_z&pPfpCK z__TxXb?^}fe~p80ckrzaKH%UlcJTEMez}8R;^0ql@CzLLu@1i6!N0$%aD0F7;NNlZ zZ#eju9sElU{wEIpS)KR2)0}zXS|jtCG5GpK+ophT#P^)Bj2bjdk;Ruk`8oI&kr`7r|tDS-UZK@q9=!BlCte*BH8Z zEtu?chjY1X7Y92rvqmO8W@OqAWmOWbcDPBNLbaf5>>OFLj+6?TW;WOw|E@g@q?k`~7nn>L&J4M@ivPp)h3( zwc-~z_?VYhJWq9tuvhOT{<)_$7it_XsHT_ao6eixTxkA~ZvJ0T=P(~MZhre9PDw`Q zaRY}iBl814CwDi3bQwc4m(Y!BbTI21F?QVA!7C4BH&QE-9UQ4Lb}Y!^JY!^jM!opK zpUKeEPtdLA>|C60GW(6pE7@z&Ipe^sn_&VK?5)o|L8rd#&!L!kN;4*mjPQOuWen}$ z4h?ZV!*j6m5mx!g2wD91>_ud8=vH#o7|eQ%m0T!wie?O+-HS7T^lT0p9pq9TD3UA2 zgY&tD*)XQr9Y&^gz#03Y0ICjT$6+KBxNmU#eV)o&XfGRT zzt2FO2-=_jn`$2z-2OmWdO3Ex`*AWf5UU;KH(x+o2ePxd6AQ{X%e!|rkhgju@?~4t zY81l1_!B(NJT(+}K*amULiyPSJD_hu;;m&+PT9&Q%9idS<)H;T^TLmFBrx#LH2jaz zpM7-kL2f0v8#^9SC(zsC_r~F{&IeGJN;C2@Yfed#Dv$HHg6UaQ_ZuC!oRmx<~YN zjGWD2UY75ZvY2o`;zCak!A5x0*bx}v4G81+^IZZE>A#X4Akm=(e_L zXuD6boqsHxV(V}{CL(z%@9KfMq1^3k1Jtu$p6kA~n&y!)_#=DZAVo~n;g3i41 z?W9aotkG89!)p&@FA^=)=Y_B0NYN=)$sMODwjBp1dx{+*jiZ@ji(zm26#E3si7EE2 z<5ghFrMo+zp--{x)HI)BS4&w;u^ui|e2T53Imu@bpJJzw=+J_O6?UMnCPYrLd;U;t ziZzo&;S{?K(6lKQg0`GuzefGEDK?Mn6ihK3#M-iN{+`qV*zxegJim;@Tt`)k6 zfb(5szt9~6KL#I8%=>T?i9gC+K9GGyh-I_imca7@nBaP7^OvG;bkd$8AC40~puROL zFz&+v4!6R!cDR-%m-(K291Y%3E5zF&o+dM6WaiU!+>qV+`Fnhu%U>e4c~eh|Z7zQ{ zwuguJ(&00I3PJFzGTRSl(o=)m4|~!V-b`}~S3$Ly?vL{MaUlCVIkuzx5 zV!ts|zKCN7vOgr-d8_-##uKz)&3+MQ$7}4164BI9;P4rNsUqkc2MWPIj^^daS)A^s zGU@jyZbLYSy_fkJLh&#^1-DOS$_UT<;i?dGDDV}wym0fh{#1G5;#2FFY@-W%Mhl0wAiLWwIEv9 z2ZRi|`5rY5hz8V6oFC%N)aeUpcH{p z1WFMoMd1G>0`yIWDr$@Fj?gwew#OZ4{*5y|lBdV;bT@z=x6@s2daSPAA;--DUewbf zdQQY{q7T-*TSIXx6olr<-M9+!-D*~zT$GCj^yYwz14xB>8out*EO}8L1T4oJ#N%`7R|VD5B$dsShn;P z+%p5+`D!jl-yhxwx)ikH^;~Wg_`9Hf1jKqHm+Jt15p);mmA}d54uU>5p36;up7M4s zw-7=5yLWQA&7c#Y{h+gd3w_vI4B7!&4>|z44s;i2Kj;YP{h(u@RsV&XRIqmus28*a zv=Mfw;I1k!o*OqZPk)tX(cEJyhM_|^J=U-JRW8Th%U*K~y`{j;#IFv&#$V=geXzxj zt6F>9!pkb>Y^@kzmz=cf+!be@4wUPE26SKyF(5z|vTNbj51jh03bl17eovy$c$mOg z;JB*W%9@Uy)e48eQvCz?J$i)tAEW+3)bsBFlzwww|83OYgL>S_%iHhC*Uv@2cORkt zJk&ph`fgpn>>6%>{G)HyD=Gk2f{TRg+^*kQRzjgWgJ5m3SujO)sx_;S>w*3cC zKNsU+7Sw;rt|!=YV_OR!$z#5HD|}j{#*@a4e#@YL3+&8%3yku?7@RR9<>7WnrUk#- zF-OA~pP4_?r3jQF@K=g}`Yu_0hpfIkZu1v5 zK$i?u=$mIMil=X`b)LSl)_M8{T<7VVZz^*IVazKw)VHadYXr})A+V{wqh2In`mDjuSx@U8D%+)?`nDD?Wbs1l3B5=) zHgK&#ap}X$u&ki#Ybvz1qJnphM4@+zQ4~HPKe|?a56HmMT8xTnpI+UiqU7+l5$_+w zIfU24I6oji=Eb6o^Qzwyl0QM#9C}` zB;76Ph@_*Ej!8NpDU#UnQYEQZ(i%zqlD0|OA!(na1CkC)x=YgCl8#6^D(RS{6OyVV zI#s6&KfIFGNa~lgP0|iY`y?HZRA?Xl--?bxU1XkEak_;;{T z%>VCm`IFi8j&`5q_=M}y^pUw6Yn#bSg+wEC zOMI@xD*1D{olh|5ad!pBPqNQb zO1>HRe8p%q;(`yj;9mz`#TK!J9hwnrQa-+7dBOI%*m()~>9EvyzOdty<{rd}*$exu zLjsaaxY#)nC%k#oGrtgo7%yi5FV^47T<{q1)1|IXZs+n!tbR(;7%7iFS_8r zbHPu*g-J0#&jCKKY>}PkMfubKoZ@zgBW_o?*m(`}b3Ww9mk0}k(om0!{6o_Ia%o@r z_8joj;7?VDFrfCAH(c!0;euy=**vDM?_{%V72%4}=#?(`w_WhPF8HVmKJJ1)g!xAC zVKP2vNuNH04i@wCdoK8-3toW}WHCFZyWp3&;8(ifNy5u;b?w!HiOqiCG=H4?=`AjH zMqTjVaJ-7eWMKF`P}rZt<5t)vakVm@Ka%ov&y&hp;52X7$m@MNK2qtCxJS;n69mjY z54>1D!JXW`6w=6dfzxrxdED5`@snA9rzVWe$6f6F!Ug{W$E(=)&lPs)9xat~v2duu zb%-<04Zw?y`&BOZ_c&g~E?+9_D*LYir?`Dn#;03UvpE>@V)mE0;OkxRkPE&QxL3BN zlP|i+-w&MpJkc?Z&$!rm(FK1;+NqH9;CgR8`X`0CUxFwe848_bYE0Ii@ zp>#hBCwlv05i8P#q-{kdC@Wpm3?-AHZ6>l#CbzNfWT-b{cBOlJDfyhnnUJ&!M3KwV zs;R3E_x15afh~=u8BLHB<^O9i&AyZsTN&w(gws|u5wE?$*RmoNxt>xQy43cClJ2!D zQER5-N3>9%uV0B=hw(HegKVkwq3@CIP&#Iru>_Lo^(A7_@HXBQQXAGI%V(sYl6NB2 z9-b<;_*U?2oIqkRB;|9L^GP{tTi+3+YK2rJ6%HLqOg7qyY=6l}_lGvxnS|hnN+D*E z_=if7ts``xPIRC%)b$~PG9JlLe9IBcNvTxd5gV&@mhfeo9QH+>pt z9cC3JdPP1{n)6Xg?g$PkWRZOpHj!~N9p-#Z6sbnnwOoGb>K3S^JI!X(yvlb$Tk1OT zSh^_`i_x&RH6XJiY$AhZTllkWJ)gx6xOU^})_@tVn1`G)rYc?`-&8Ii4 zZf$O|?O(ojZ7_hms;e(;37B@OR~{jMVG>7~{uR4;BvPb`GR8^~N39v*X=L@huYN5J zq@5YosfI+Rp$$9>tl5mbr)zty?pSC`Du|BBjI7gBX%-kZk#ZIZE~9ZXor<_*-E}mo zI;rKqbx0H@=M?QBDJCVo6uCJm|LRfYh%NAaT4rB|8{{Zu@zwMEIz&Wb&;k!JcT*zW zFC{RBr-_Y415DP7j5ANudNk=+^{!Rd`gqgf1SR+_7+SXG%4!_Ts$J5~>gjqvQZ`%4 zC0po11LJ2h>>`fbs&=@L(6q3-AE`ykAzRp@PiAPf8$j|@%8AUgBs)e<%rTMQ)t09j zMnhISUGiTo-Lcba1mS;~MR>YJ-ieQzBv?12a!@R{_SG#`>CSY)!E<`BK8QS9UH=0 z67gxK>aBzk>A$p|XTNS+-_y${*9FkyDT~7aBq_EN7*nQZA02mbNRCh2ZTS&drb{m9 zhsYFN2=Sca6xbv#`*56`_7axEQ`I5l5O>tzoLDbnVW|A&ZN3^hC5EkjIxVWxV*};` zc;xiPh#?!YYQ1>U=|Xppc2x7RqvX#Ho4$H+BL4_}7y3%0gaL9KK9NfrLo_WbcVXj2 zGJ5;9{LHj36brRXfnI3qNZIiVQd;{}4rzYQNly2iM&>U}r%xtU^hEmgEZTf#@~r0t z4o=IwKWzqK)*_Z$DYg5w4CKyZIC2!Hw)I+}PEac;Xph>8#_|6H^s#E>LXT8qAyM6z zOdxMM-apJko#`n4E0<`Ogpd+@IW5(=cuy$R!>YTs#nFVIR#Md9{|!jtDzShuQJ0Lw zLZl$K`eGKV=8LInY*uecfTfL8B+ROjDI6@V-5{Odmt)nD9=TfU>4G)Ip&8@=kM#5Z zJpg^gbpp347IMOd+9o^X22667L%mV7C9GpNW7Swr_F|PNSFcA;aAySfo#`I7DD-|K z6-CwaRDlXvwN3O4{BR4+)>rQ_Dk_)RB+3hJhZU3taJs(p|0g=LK$@Pt6qaU(zIxuI zsJBpjn*Noj$4Ao%)qnMzSkXGEKTA@l{~_SG6=U~bJx5k_w{)2LNO4yB>UnMy7=>K5 zubxXQs-8nbgcq`*m+QgMGhU^yp6e>wC54s$N>0(wp`M-@D_%V}R+Kvp8S)>us%`(V z$;%G>r7qg~l>%4Kvj?QZs(okwzasT76>4-dM-)lbb9BlNaP@^@-A3+jH6qTg}o51%fC6;*P|gyI$5?a<#P^%d<umq$sL}OzuNI<;zOD>Q3(of6aOi(&jSy7yLaC<+wWSy8AH7N; z51aP$V)g%#IpeL`S9Asp(k`R))${4b7SW256I_1&E4&i= -#include -#include -#include -#include -#include -#include -#include - -#include -#if !defined(OPENSSL_SYS_WINDOWS) -#include -#include -#include -#include -#else -#include -#endif -#include -static constexpr const char *STR_PSK_IDENTITY = "psk_identity"; -unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, - unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - strcpy(identity, STR_PSK_IDENTITY); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - - -unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) -{ - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); - unsigned char *thisClass = reinterpret_cast(SSL_CTX_get_ex_data(sslctx, 0)); - memcpy(psk, thisClass, 32); - return 32; -}; - -std::string toHex(const uint8_t* data, size_t size) { - std::stringstream ss; - ss << std::hex << std::setfill('0'); - for (size_t i = 0; i < size; ++i) { - ss << std::setw(2) << static_cast(data[i]); - if (i < size - 1) { // 如果不是最后一个字节,添加竖杠 - ss << "|"; - } - } - return ss.str(); -} -void ClientHandshake(SSL_CTX *c_ctx, SSL *ssl_c, BIO *readBIO_c, BIO *writeBIO_c) { - int ret = SSL_do_handshake(ssl_c); - if (ret != 1) { - int err = SSL_get_error(ssl_c, ret); - if (err == SSL_ERROR_WANT_READ) { - std::cout << "SSL wants a read attempt" << std::endl; - } else { - std::cerr << "SSL_do_handshake failed: " << err << std::endl; - } - } else { - std::cout << "Client handshake successful" << std::endl; - } - - int nread = BIO_pending(writeBIO_c); - uint8_t *buf = new(std::nothrow) uint8_t[1024](); - memset(buf, 0, 1024); - int nr = BIO_read(writeBIO_c, buf, nread); - std::cout << "Client: [" << nr << "]" << toHex(buf, nr) << std::endl; - BIO_write(readBIO_c, buf, nr); - delete[] buf; -} - -void ServerHandshake(SSL_CTX *s_ctx, SSL *ssl_s, BIO *readBIO_s, BIO *writeBIO_s) { - int ret = SSL_do_handshake(ssl_s); - if (ret != 1) { - int err = SSL_get_error(ssl_s, ret); - if (err == SSL_ERROR_WANT_READ) { - std::cout << "SSL wants a read attempt" << std::endl; - } else { - std::cerr << "SSL_do_handshake failed: " << err << std::endl; - } - } else { - std::cout << "Server handshake successful" << std::endl; - } - - int nread = BIO_pending(writeBIO_s); - uint8_t *buf = new(std::nothrow) uint8_t[1024](); - memset(buf, 0, 1024); - int nr = BIO_read(writeBIO_s, buf, nread); - std::cout << "Server: [" << nr << "]" << toHex(buf, nr) << std::endl; - BIO_write(readBIO_s, buf, nr); - delete[] buf; -} - -int main() { - const SSL_METHOD *c_method = TLS_client_method(); - SSL_CTX *c_ctx = SSL_CTX_new(c_method); - SSL_CTX_set_ciphersuites(c_ctx, "TLS_AES_128_GCM_SHA256"); - BIO *readBIO_c = BIO_new(BIO_s_mem()); - BIO *writeBIO_c = BIO_new(BIO_s_mem()); - SSL *ssl_c = SSL_new(c_ctx); - SSL_set_connect_state(ssl_c); - SSL_set_bio(ssl_c, readBIO_c, writeBIO_c); - - const SSL_METHOD *s_method = TLS_server_method(); - SSL_CTX *s_ctx = SSL_CTX_new(s_method); - SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256"); - BIO *readBIO_s = BIO_new(BIO_s_mem()); - BIO *writeBIO_s = BIO_new(BIO_s_mem()); - SSL *ssl_s = SSL_new(s_ctx); - SSL_set_accept_state(ssl_s); - SSL_set_bio(ssl_s, readBIO_s, writeBIO_s); - - ClientHandshake(c_ctx, ssl_c, readBIO_c, writeBIO_c); - ServerHandshake(s_ctx, ssl_s, readBIO_s, writeBIO_s); - - SSL_free(ssl_c); - SSL_CTX_free(c_ctx); - SSL_free(ssl_s); - SSL_CTX_free(s_ctx); - ERR_free_strings(); - EVP_cleanup(); - - return 0; -} \ No newline at end of file diff --git a/src/common/testbio b/src/common/testbio deleted file mode 100755 index b1135b3693a6acfa77a9ae6328905edda06bf399..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33472 zcmeHwe|%KcweOxlBnp_IM35h4K(QbYlRz+_X!tQO(SR`_m8$eGOa?MCnTazK30~~O z##HBy!$k#aTfG;bR@>@p=`TxpRf8ylul|5)z3C4$*4j=KEk>Q`Q=vOV{X|KzL8m4NyT#J;m*UO}ws;Lhujc>-AKTCi0QqFy)&||M36fje@ z>hDU(QC$AfQX&}}WPeWMP$WB0HO&($7leZA=g+$!)I28?47Yd8>8PGRXa2mhSfs3y zx09F~KN`LjtC|>wrJFDrMpm#*&`KY*jg{@hUp(^d4~B2{e=D=7_0Ikq=Y4SC*I%1L zJY+Y?5Dyj7Cx=|q^RPuc6ps>i2Xna@BdiL)`S=|PywE!5J>yHI_l#N!GHs|W&pY4;;AB4j^$z+g9Q53QpybojE{=FOQ$(Czb2LKL%$NHEn{X z{fZZ(cJ)f5IS>tO494Pt=<1bALy>S`wQqeWzzkz!Yb0#M;=X9yFc@de%ecC((TD}2 zHw2nr zZ06g+m=O#IwW%Byj}Tc<&(B*z9qF+7~Cz|5YeQq7`$m^v_(o97Oz@ntlvVhBgh|*hL~}6WBkH! zB;FE@Z01BLR_kw!S5)|0d{HAF^#$VqJe~$%bJzP~LBA1+#nDx3?P_Cnx#4M?Z#2fM zjK)CxWb%!^lPkHlT3Mb?0mp3#<8V#~G z>}w_V%Pr3RQ~k|_LDZwMv7^Ii!(5AmeW74{i*ZA_(B1&m3*-nIabS&cjNv~vg#OhS zz$&BuazEMF7|(Udbk$*89D}5T@fm|GF;Q=aZVWnNa(yxb5Bg=!n;^3f1; zhla=WwGp$J8BO8M!Em$D5Qw$6(t76a@X<t_PImord296r!;%5(Q%5k)u#;g` zpvvF21x;AE{F@Aa%O+!kFBoEwjm1KAW;~a+{n0IL@rWj4@n-+5SwzmK){TDjLsSLl z75Iv!OO3f@jEWKn{{i*Q{B*q}Hf_30%pV zHE5VuRyjYHtgw=_>KEYrn*I%!TZ%5kx%DtMf)(-lRJ0Rvisl;5PQ&(aDJ|p+fQ;mt zTx=B1&t0;$0J7933gOK-hoSR)H-7c!Z5heHzZDo27c@j=dp+o}!Qg0y-fofD&O7eL zY5%EgyQF{2=_2-ZNw-f3o=R6G4}zvb{VkVmZqV*oZIB<%_E_2%4r(7}X&=s-WIO45 z>HC{Njbu+q?1q7_!LN;3mf9^g{;7lH;6+UW( zz>947I>}#R!|N$nC`IzPuJkDSP(-xDd48=VD8>$3a0E`59t%E3qm1=h@YxnTW5LTT z_;Cwq?wcytC+>8Z3)53q;g46u~RR%1$yoDv2 zTkyRWyuyNaTkuK?KD0R$fuRTtMPMib zLlGE?z)%E+BJkfc0`C`p?r+}CV@2L%;jgd2X?a(7ydZnn+xc|S0UnTSRplzi`m@vL zqAH%kh`)te`ukqbX0tmuO&6H`eMdA+7nc2f`!!7$l>L1_&@^30_V?YdX}W;y@4G|O zbm7?FceAGH;-|mwdQH=XVt=1c({$n9-*=^^>4LGpZ?UH7Lb1QELeq4C*xxr*({y3j z-#13nr*qn+>0(a5_lfeCE&$=brs)O&{MR&H2*Q6&(*+>>*EC)D!GBHD1t0v^G+pSy ze@)W`9{krdUD&~YP16M({MR&H$iaV2(*+#-*EC(Y!GBHD1snX=G+n6m_qjAp7ij%` z@BLl*@8}E^fuVw6m4Q0hsZoy7~1wOTCDrCK>!UJi*>3;=GwDg~v?Jb_Njrb188vO53W2)*cs%C!TO&s^`fA>=F{()g$*Fo=*PvT>t z;9F8bQMPvj->;NB9UrzWdJ}!I_E}Bd&P5I2WZuM^@loF7qOXF;1W#nMnPx1u2MZqu zpKC2-b^j#aw;7GJ(F8dhtZKZ8n=;-+d#^Xq)RS2Ga$Ul6Xjx+AVQyNYz~CIiIQ|pQ5+AK4%UofXgmG{IZ6T>g}{I}xe`Cmp?z-N@B+2Hjkdi+ zKYPGpLb=TZ)%DSjb=Ri)qFnVoR`s_JR^RBo`Pd;GQoV`Cy;y?1iJ#Q)YF9O?W^Z!% zbXx!5V5Xwmo9bG}8`GIHs253gc9(clrFAgdn|Ou12ynX&JW02VGHt*U2fc~cGM8XU z^rpMkKm{7u+h2Z?4&9kciQy@WGNEJ#_v0yVGQ|x_ayhT-Q1N4|__1!%_@9|cq%qk= zrg}RwF7E=)6q{^O2Fu>SiY_htEm_vdxm*w=Q@j^(`QopHG48;46jHl{quialA+$rO zgnQ?48pGf0oh8B(pYiro8ZU3+fQ9dqzd>Q5ha%DmXENWT&SeM5wFBl5Fa83J!a9tC zE#R4JxQecBvNI_vXnTefCAtm~y0^RoPkHh4?yJP#xwMt=bYrp}^6s4ns*1PG$KMM( zI%psd(?s^BJl#(q@Bq@8F4C83>P8o&Q_s}D3xjz-snQG|5FU}?WR_q?e7kT2mGS); z4Vn4e=yWD5%sdR0nQ0QcT3|iGA+8w)tmdsuAGbd2oJtR;h>eV5Qa0F{|q ziQOzPCMFSA0M38mtzAU|{L=q!vr}1aD&hzATpfw?`gyF>mL7m$&mRm$&PeTaJ4ZT_wU@s`inXj{Bn@WwYt7 z9dH;kkEOeI>aBb9*1d8|ha{c(2`oVXb|L`9w>(FSm6`|X%y-b1;3_*GC&jM#ImunL zA$i1Na@Sw7+0KE2_7Qs_&E78DOa04m{uw8XA{O^8r7iRaGrh^u&vBB6^CgaS(Nz2y ziSDC6Pn?E7#2*SW^_hI{3Q_2rY4SbG`3@w7W&Xohzv}t$ z2^WOzFVe8f2I}**Oq9fur5`V*2=EZ?Aw=<{Ge^z;bcF}H`XOOp{ z+x&yf_haGK+fb3{qREUXKQdJrvrHOuE%lH)$X_ID_#odc*)hoT1Rr#?o8S~BOzOqR zPtw9ynS39?P#lPo!VHHI{X5MCHClW`cavDMbY_hn(N_skJn2mKeHu~jn;y}_(ObzHKBCV{c8utH!G{rjzywz+VNx$f z^fE2nW%5nud>B!_xHydHESd{ywD^d=0RJ$eS6!kn#F1c!mEz?+sRI**|_kCZ!7R_?(L4`P{g4W(hUq#_>`S9k6ee?1G#Cc3s#ljjzWr&7cS`)Q}$M|Z2_)PEHU zda2px2gH;r9IK`8lG2X|X|x?X zTX=)9xLc{DArva_5}twY1(Pq#`LJwrI*oE5W`_YdW#u4DcFuJY7NJQ>1y13aCspKvmFR`AAQ@)qqBA*@=K5fShX)&+f z;oYS(h1@61D|3tsxb1ZAyh*ZS;Er-jz(<OO3zPKOb`PA-GjDeH5s$ch$#Yx@;DJQhEt@{X%-HWgo zv0H-|7-j56lOi*AWyFvwT&AtPkF(cahHA1K({6>MpV? zS^6$sEtNrd08E{a(>}q96Dx6>FV9Y${Ui1BWAJo7PJauEyXgOgVMKn2M^?h~k+Rcs zc&8^>wSG^^_^=lVV|=DDXF*s5-+NDT7Y&8i|4Z*o+y~na&r2u(uKlt>EUR)-zr!OT z4`-9LQ8#ea>5Pc)NsL;ljf#=|$SP2 zayNoT2f%$eyH`QG1e{{;N$!%fn-8u!Gv}uZU;l$8vg@V2slxxsJ4|Qxk$O6*HP`c> z3X@7qlb!*Sp4~r%0eNQkRNl{CKD+5}LGdjqGBs7`(w)wcoqANK#3&ZRCDbWDwd)z9 zV>+4h(S$3aX_H82z6nH3`!T}G>u}Fq25t&*4?0b7@pz>(KX`+;Qh;(#n~Pw0?&8GT z<;46AcZ)}Nue#L0J>{Kg&%N^avlD&Vk3T!fOm(-X2TtZW{@dH$fVR?^H^^Ha&ULa4Q}hJ^T8}@!Am=&XDJI`TobOYPKaW!U)imW( z`3e$CmiCnC5lIoEc+#2g{hr9er}4mFSUXu-TO~R~ARS`$!Ru<+C-BiKjhUUy;N9vg z$pm$h=&Gg(lPcV<`}zTwNN1kq?Km6>7BTyNOklEfvZ?i#KtAhH?IFnOquN`iD{n85 z7OW5!Sg#|OiO}6QM~AKfOya1vx0gFq1Bb*>?O_3U0qFgnTH%t|P56F)Ke+T!?K*A5 zcX=1-%u|S{ZNGn#>`Io7H;s56OnSd}II7L${rnsgvGZ~IYaZ2pH(GgKB|BZoJ3Yw( zWE3gmlc`b|lbo$1QUl@7bW|G$K|LHRv{Adc>U2iL_asJbeoYy5AK9NQ{mU$E)FUt$ ziwBK`48QfLHkl;VrP}Mb(;%k(d9vqANI3U~!bLnnbX0pnvSYtJOYxa&^qInvkZH+O zVoDWWrhDn;ZRt!8j1aqcld1B60Ikb@x99~rJ{~D7Mc3cteEE)Q++}f8yPw8N?dE*+ zmXTPp^!f93puR$g;=%K(SMl5zD>E*uo9MCPSpL+t_!jyP?tPo^$9%e2pC$X#nKp>X zr;F2J>R^T|Oorik8OltCH(<_S4Wmtlr}8o!JF0ECKQF^COonZF8NO>W7=oC5jw#v z8%PuoZrb4}5V8sIxA5f45pH@jA<_PaL{l%cWs)`H6P^=EPcQoMK@1U~wxG87kVY!%CJSPU*Mb_@S3}JeLUdW?B#=)BF140H_GYE-++dLKDh0N?-z(~%F*lj^h!Rx zhEGTOQ}H_uKb(Z)%LSs~z|V_%+mhb1WLx={XBK-Jjf%=@W5v>yMx%FeWz~EZb4NB& zVScqi-*WIYG+fbOT(x-BYU8Sg+SMKw4aD8S7;}gD$6uE6FW4+}U&Ge2M*fkVg>I%m z#y<<=W}MXxNnf*@g#sJmZia8*X#Q*H+b|1RSbRig4tjNq?S;gKPvx}4$mTyKZu{fC zk3v0jO&oU7gK!bI+ZcN>o9#h$_y|rA5u{$!<5BN^Ih*YUp7>QZOW)-i^-4Bdk9rg8 z9jO2OpSYAjeK%gcpr9T@?M7XQ_XElyKM{33>I&3tsF$MNfjW+Q59)_dA4WY2Z-^X6 zU5&Z~`n;%nQB%RKP+nX&HZWI5iEHAh5k;hfa6H9jJuhXm^jbYzHUhU%7&{j~+{tC` z7oeMToL;j0^zoM!kKA0eja@on;rVmVod%T4UyJ(CVf0CWETlJ%UpMe>X#+J;U$^7; zJf7L(E{XtuT8Z|V=B-Hmo059Qwqv;B6oUx|2kTICCF z)cPMq`;XCX$9Vy;FcqKnd5>+p&`DJ9XS6)$DJl zc43FOee}5Js@Zd+Y5UcZaqm>Ke;@NPoP6laaoZQLSI+z{BvWUP`~CuU_-xvtc1;?0 zcmaEPQaAYTcaM8-0n4~E;6FNT+?@;A*UotttJa<8kNeR=_QLsJf$Y%>#=Q)@{AsLY znG45#xR9l*Uxc2aG8BQK2nKkij1m=2pu`3qcJQ**D{6iYflc+DFuX;_i#qqj`(V7N?}E|! z2NgQEr1Ie>*$CBpa7sW$cFT(Bq6LMnW2p4XcDjzC^1fuGYZ@x_58i3;8~;)R|WQ&D)EbV%9VA_FVU)cw=LbSjDu|4oMb2X+p9BI!0f zMx=s^Fy5~GJ}&7Kc)msj|7{?rU7-K({;Kbl+clQE1yUpHdRecNb(^fW$$E#ZcguQ@ zth;4>Sk}F=J}zr~l%AIoS-WLjF6$au*UNgHtlMP0P1ZYPy<66MWZf<6!?Ny`^>JCN zkI|M)6Lz>|T`ubyS=Y;Yovhnry-n6TWW8I~dt}`$>%+3{m9^;Yv;S4!$x|BeO~!@p z8BOck!|`@^MFl>lSU#tsos$(`uB+p8DL%C%$ zU4!J~r~RM+UrjtdT{6nbEpa!$xHa46N?fgLs-+eiE?m{rUoQ}{k4h7MF6^ypUEv`9 zY{ifIRqLg~Z^MQQUu0A3l)@jzMn3z0$oVI+D{cMm=lB_{s9tDL_Pi$XQ*HR)C4QO> zp9(=2zO+2jhA)=*D2dBuiqU#Q{3SM=?imn1)`mYO@$okNsKh7P@WKM2$8E!BN&H+J zex<}`*znB~pKZf;OT65MAC&k!8-7gU)i(Sr%s=w?VjI3#;x#sWqr|-uSL4oUHjWSUnM~zZQ2gg} zJ!dofIz5-;6ZCOS@z(<9_hA$u>uVhF%?|i>2mDdsC2S%a-I7)<+{YFU7Wv!70(on zbZ>^rHyrf5?tmBLL?)j-7dYSz4tN0gn1YG=yQ#t&#-hL}o_KRfB!!Ji*y1 z1yTe@!^)m_;Gcp6XFhxU4)_)a{4NK4j{|t1YAo-J$pYD-T`Kbf{ zZ-CQ0Z}AE~eh(CzCnP?7g~0i}Y;2x|@yeG!U^Z}C$L#CO0*+5&YvgfXXk+XWKJJP# z>$MK}W(RzS)NhaTy$<}{4)|CMA;saK^ml_aX%X;z#zeZZ&0(5YN_%xZEIC(vVedRCqXwj^?~wHg7Q zY{r^gC8tA`e#I_^+#SAEJk^R(i{v89TjLu-zKyX)GTJG1MUG;FlD@>7gJGjRCNtnr zzM7njI<`*9L0g&{8%J(34ACEwP*9QykqZN6f3`#{Ikqc9$lyG=aBM~m%GhITCvBw3 zn!m@!BGPu`_=9;L6FGb+sS*5&G&l~2ncE~cTTPxcB_eeUWi_#STvl1Z`|w97xlYcA z4@wN=7s-iK!XKL_%dRTJ@>u4OB*vOp=by?wLkVDV4W7^V!4Z3%Eg_1IBC?S1R5Chc z%srKgAB^ElFOrxcwZ{tQ3r<{>(XS+L1uUD>Z*9e8|YY4 z#j{w|U*6KnMeUi%28kg#6xJ%9sL1a@Y9gJsi1IU4(CUu^LwL|C!H)|vNm7ohSjLd- zi~=3Sc_(sYaWkyh$!sPl2azVs)?y|Nvo#n7vKpx_@+XhVwdu1Cr5O!M;$+jAleCIr zi169gQsj3+0CCLE&6Jg^C{KE=8cWV3n#_Y^qvn4wSJ%n%m?$*m4;D zk0#cm5zM>0A?$No0v%YybapTP(qYV+h0iv&YC6yX6juQ>nQRUdPNsMLI%O%ev$qJfZ)1msp*D9+0GC0ZFa%Qi+p(nc)c zXJyFn1(I?Kf;+-b>&gNx@*1$E8QK(uK9RdC(82Qs!bhAzaINA>Qs_|Iq=(FaN^Y{R zHHf~1cI;NH3>T@bxc1an`=5P-o)6P49^BsN#hy=EJs+0MoL6mAeGYyj@Kf?md6S8k z3U15gl=+~n^7j16=jL$Jv!UElYm-;c!&L3gWgjGe725H7Xhhkso_njhT*~8iD=&8Y zeL!(bNc*pzi>rDD?mtr@A1TgCUOgWV0>dp~Ew7%lt6Du*2MaHx!&>OJ7(KIA_N(XA zs+N!0^>cg0r|K_5o}Pg#T0I9>wHk1;pIlM)W0RK@{?eFed3mEoJ)c+4i;e6 zkz!h2(NEgs)pGz<<91t4vB&QjDX-0}m+Z2hLdIE&8b1X+j}2l`^6Gh;svlI0vbOjC zTbul$D+Qyf?^TMWyuJT7ZSu|X`Jk%rmvXAIxx+p}1HBqT`!E&tJX_^USK}mF&H1bB z7zTy(>WPw9&(Djl6%vZiNxm5JWRsFt&reIFJRTS16uZ7j5T<=c$*bp@ZYf_b<45~H z6(z6ydIXrYfAwBZ{g*g9+e3|(qU2RQ9qm?megA)*5K{ZOQlaD&JqyBwDf?AEzwzq? z2mSv7YpJmk*e;j-m)me9Kg)(Ib=KN8#khoboe->{g9FMG{AS{(>{ou#_$b@4smpDf b#OC9+9Z>bF7-_l8C-2!JI2PChY$W?H&y;(N diff --git a/src/common/testrand b/src/common/testrand deleted file mode 100755 index 3781079320a912bd86780c067b1dc9bb09c7ea09..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 19664 zcmeHPe{@vUoxhWS1OyTgBn7Oaq6Z6%nIs@o&Xb*;_h*m?$LEpsT(6`wx!N~zW3el zn>R1>V$uH5vnQ7``M&Sx`|IBCz3=z?a%Zq*Q-#MPxK)a)1#v@jO(dWMM>nbskbqb% zX5p__Tqw=~KSg4uJYW(?&33$^lvXLc5|r#}X`>8XY{G&m_mC*rxwX1#Q^Hi#m^|4{ zrA@^<>6YoH9#fWE@w}#7IOt=l|4i+6l$+zrO}pc3OKCva?d8F!eo?x}ZbaFQC_AQJ zl~1OePjW-Q)yl7v)7}P><8_`b_uT9x)^-4FwNxyBvf+@$l z0d|y^KeX{Qx2t$=^RQHnn<>pVwJQ?w&Q*<9B%&)4@np7dMc?XGD^@l7GAUoZlvBUF z_|clWwzWfGT80Qy?nK32lV^Vm+R@mnJ@X%$xxwVd|D6UywQH9MuRx%3_#7AgdtCG* z=wLZNEiQg&y_M7dj*Fk$T=WlOH0As}NZu!8g0~ z=N%V(%%wlSckxf_&5NJ2UFXt&xG$?uhbyns3HbY9P;Oqn4F4CG(SH-;nj;p8K)@8% zP(W(BzOyHl)H6mnZRonto40P!qp@^sXFOxX(p$G|NTiant>Ml@%#@Xtv^TYG)I0l) zSVrhKg^Wa|ITAAb{z!K?tsCiZ+yD>^wgYSE3}@mIJ(V%iv2aiGR()%o9t^G0L&i!y z6f<^DU>^!k?Bq(leRFHbxKh_6eSLnvzupXmNb%&(=1`*^TB&dK>%kymL=$bhdO%x4 zsYE6ix3&li8I7@IG;!8LkWPx>SKGs@;g-pYIjRl*;4agCbv%{PVH#^}PR5Omj8iw; zHnoRRA)Wf)y4g0+vx?M!u23v}XJ4P*8%t+W$#5cW^y|CoTR1N zuuJYXvuTuezc?(HS#eE>HSkZFP-Ty~jHI##kE~3%Pgs?!X;pT`6N%wS&ZRzq>K-nUY0*tV@{eY5UIpyH-)jj6tE8{9Pd>Q|Mremjf9 zNrn7ZiEE~*IFC-jd3Fl^5jqXOD*UEPZU+8(#JTu+uvLkl*@%A@$1pyAwq4eLu7KXZ z0Ha3ohi!82vR<67r;9f&d8PP;k_VtaFCL#I5cge$J$djO&_73Wb&DfScG&P4>;$yihGPL)t=ERn zv```XY&aIM)%M!(*%m6qy*6Cks!8bq8&2z&+e0>d4uhbN*l_#x#bY*HEkS8@$cEE( zIJakP`1uTi4%zTp8~*=o^MmTo|5n>~vPv76`o35T4bof_=Lg9eqX`zn}AG3H`;G@IOTRiQ^qr*S6cv|SA!{4=dTHvF@ z2Q8i!_UQ0k7Ee3V=IBfB>ut$e)uy|U~qr*)WPYZc;*l+Q)fJcWfvUpm! zqr-D7o)+xru*c$Qp^gr}|1po37AVGV@w6~8ev79CiSb)JEkul;d1P~o%;rWR^9lYt zD=51~{s9L+=-~G|_&p9j>)?AFe9Xabckmq!ev5+-I{0-Cex-w7;ovWI@E17v`3`=T zgP&^W{l96>9s8=5`!8+ZTO(~-gZ?4^%i7?&RxHE9{10$va;nQ$ec|1h1T65ubr-=_ z8=Sh3$eJ-@K9>ILP@<(jy>O!X!o8&Tf}+rWpM--ee@*1_kG0&0_WXO-XwQ#TYMvLh zV;>vy;NY*6gQ~)bE;)~EPy5H-b#Eh<$S&*9_N{A&rqFV48#A?mbzcXQAO3xzkdI=q zy*Tw*=y|ro){0N|!@D7*jSkp_w7X8egdI-HJ*#0sX}PBYl02{)B&rQexpb)v5X}3B zw88y5r0_`oH3VUH-%yP2W7Kl8n0du0DM z5D3J(cRWWscK#PI%>B&f%ycqWM*5jHFep1TAni2IOVv+{>Zgau|JRuQYm5H( z*!=(Mx0E>y3_J3y!{%OaB)=IN&&VMTbkG8rC-)B{{O(QG0-$sr$$yW`&DnntHV*0C zMQQ(dX;)GD6-e_R%C6X#49>ANxjkoc*|B|l&Ums{-L+?o_Nr_>=Iv!Qyb-b*oO&y| zuH~?UO+6$9FXH&JMPf(tE1+_qxDXGMkLT$0oBvDf4co01YK9sJp1CAARt7!SfkN@4 zqeVUHtd`p|mdl<(LdOQgK*y=v>&VfM=06o>@##?kfLECiOj%$59H8kHf(rq}MKd0k213$X0o{1kdoK9uC9owEo zl~+9kO1HtU{7<3q3h3hZ3x!jl%Ry%%Kw`8|coKZa2Zh2$1bgFDp>QAQ%#R9%*FZZ# zPl5g!=o0831lfg#fxZR$IOr7E9|lc;z5)6qC_nr0 z+}18UeKnp%GpAJ@fIi{$9P$wQcNwVII88o=T7u0+{KnoZ6xyICX4h<*U3*>ixx1_O zifa~r@e2)0E(R*?ZwB>_6bkm|SLD~guNHWK>{X*!_u+T_hlPTC?i8F|^Yw}iv(DLq z4gn|m-{BXWKu&qR3Uc}Ui|w0>_9r1<0l6Pku)Mn{r+K(~0{L>t+aT|<+gEIt4yb=E zkbeX6<#u_b=syAZ_aK+~;P}@T{MSf6DzfKSB7pw8HYU81f6?M?N=XKi3ue zyB6{~tkW;Sh1Hh|bHXSeH$&b9xqRNt_HCv;nG_11>Z`FcedRUJu?q2<3Ty(p^dhW} zzxFJ6wNkw2@e1*9#e$QS;?)Xl7Ah9}`4sU^WfP1i+hhhNGccKf$qY01qIGfiTBM?6dM0rimqe`~l6(r+NS6ZMV;bGn;k@62m8}_nJ@~$~t;yu6f7Iw}YmZnUc)ye&{@jiq#pUA(PI`B6YzSx0J#es$VcpdmMg)ed7Hz<6m1K+Li zyP@m)`2%EJmA20DqK@IAO8k{(>mFq4w&*8fe`W= zLBjbw#ODXMb$&wnpC`I6fw7~NTUYNvUx@RpItn)NV4^)Z3OkQyGbH{w>-f+5Uf_;h zONv$juMrDHZGbgRx(@iokX)?}^nNA&Arj(+zHsPobMb#C@HrIOYdQcc+x^nNVr=9G z(oc<8p-yb{Oo!Uz5;wQ)e^0yMRXDNEsaPnS$G!Q$XyJBJ^dEG=pF)S{ z!q1QjewhkB0~Y}0`g5}j{)h|yBNzOL3;vc1ULd>z7bATBRQ;Ta{?q(A*XViKD+{>M|(KlT5M}Sk@ zw;g$#f$O_+>vkdVa{e!O!8a&Bud8t_SAE*1@Cr4Lyj&u{%jH>wB5A|#OW{-ZaA#aM z!aD_kjFIi?@=6yUFmR7Opj)Jdir5v<8){mC90@oG3xxjNN+Dn2U=I@dT+)^ ztcmr-B3UDzO4jf4w=`s8x5`qC^3vXL+FiN^QaziT(8Eeg9x_^1>v}vzy`=7}LGea1 zOI0o{^?r;!))mes3_X!T`Asy@b#GsvND1M?AQW#5qq89m@U;vHg06N3b zPf%3(NQaXK}lr~_+S-x7p{D#_{z$Z{34>O|SC~xsAhFfiF-^jrS-^FVD7o&+Z1jLMfjEk;RgMl9DjqO}Qko)WT84W(sBHnLNs1 z381c&4-r`VpP^o~G%$Q!i8?x2uNMiTLeHw+qhdur9VT!DNsikKA*wd zN#oRuvQSYhbq$o3*Xep^Cc~PvjK`Nkmb(7511}DWN)jDDOX5;0kOjvsk7`BC!1(e{ z+YHmUPtns#|9yMnf@Ll+zD!=P1?;{@gxeLdxbBVGGablX!&~6DHO^Y{WhpG8^?cP z5RWPdWs@uDQdX*Whcn&67wu0Xgh`FGDcOZ`Tbx@<7#*^7EDlP%jFWu5F>6lBY#qtXo~pc1PijIfOxRXsj<1>ostpO%>eIt9hYo`rvH@ z5BJ33-gJnSEPS}a?!kq#?dIb%Y|{NQ-TJA=3giBN5`JFKAxPKW=&=oMNiBP~|A&KZ zaNAbWR)MqI)Ble^jp-7Twf^GqMoDW1XSe6)t4zHm+VrflwA~06pTMMe{QMq*=~AVR z#|E-F`yU2MkMh}`-%~I>ssz+W${pLQ+cgmfMnh(Me(%AQ-*Z4kHfR2C1xoJ_*q+}T zFkP$cxc{uj^bW}BodomzUV`ZfWl#O5+;RUEECvUt)uX$o5;kri3ZYkG(nf-+zbDZa?BRwVB?|j+GN<{I?zU2|A#m zG3EWoM9o;dP4pxDX5*(0Th{v#{{MHJ`R4dcE7AFCn?1je$*TuBtOpg@m}goIdzxa7 z&(FX4|5Ng+@zefGjqSK!e+!KA$M*c5wB`!Z#{bJ?66-J9Gp&WO-ChKgYMn`WKW7JQ z$NcAEOc=)x1WZXS+mmx!3)r@4^AZ(bsasOEUuGfZ2D`IU#}bi>nsRtlb(r4AEya)f s&*Q@5J*)51Q2nW0V{Y7o=WX`JaT%lCoyX1?(T6vf9DS2&Zw^-cA7qF`d;kCd -- Gitee From d0ffd98113f8c86484ee3e92db295476aef1797a Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Fri, 23 May 2025 10:07:10 +0800 Subject: [PATCH 09/11] update Signed-off-by: TaowerfulMAX --- src/common/auth.h | 1 - src/common/base.cpp | 2 -- src/common/define_plus.h | 31 +------------------------------ src/common/psk.h | 10 ---------- src/common/session.cpp | 11 ++++++----- src/common/session.h | 7 +------ src/common/tcp.cpp | 5 +---- src/common/tcp.h | 1 - src/daemon/daemon.cpp | 1 - src/host/server.cpp | 1 - 10 files changed, 9 insertions(+), 61 deletions(-) diff --git a/src/common/auth.h b/src/common/auth.h index 8489be0d..88956563 100644 --- a/src/common/auth.h +++ b/src/common/auth.h @@ -38,7 +38,6 @@ int GetPublicKeyFileBuf(unsigned char *data, size_t len); // daemon bool AuthVerify(uint8_t *token, uint8_t *sig, int siglen); bool PostUIConfirm(string publicKey); - } #endif \ No newline at end of file diff --git a/src/common/base.cpp b/src/common/base.cpp index 70fc5969..91ef3fac 100644 --- a/src/common/base.cpp +++ b/src/common/base.cpp @@ -18,8 +18,6 @@ #include #include #include -#include -#include // 用于 std::setw 和 std::setfill #include #include #include diff --git a/src/common/define_plus.h b/src/common/define_plus.h index 811a8820..cbb69eb6 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -167,21 +167,7 @@ struct HdcUSB { std::mutex lockDeviceHandle; std::mutex lockSendUsbBlock; }; -struct HdcSSL { - SSL *ssl; - SSL_CTX *ctx; -}; - -struct SSLStruct { - SSL *ssl; - SSL_CTX *ssl_ctx; - BIO *read_bio; - BIO *write_bio; - uv_tcp_t *tcp; -}; - using HUSB = struct HdcUSB *; -using HSSL = struct HdcSSL *; #ifdef HDC_SUPPORT_UART struct HdcUART { @@ -214,7 +200,7 @@ struct HdcSessionStat { // bytes successed send to hSession->dataFd[STREAM_MAIN] std::atomic dataSendBytes; // bytes successed read from hSession->dataPipe[STREAM_WORK] - std::atomic dataRecvBytes; // 维测值 + std::atomic dataRecvBytes; }; @@ -251,7 +237,6 @@ struct HdcSession { LoopStatus childLoopStatus; // pipe0 in main thread(hdc server mainloop), pipe1 in work thread uv_poll_t *pollHandle[2]; // control channel - uv_poll_t *pollSSL; // control int ctrlFd[2]; // control channel socketpair // data channel(TCP with socket, USB with thread forward) uv_tcp_t dataPipe[2]; @@ -264,14 +249,6 @@ struct HdcSession { SSL_CTX *sslContext = nullptr; BIO *readBIO = nullptr; BIO *writeBIO = nullptr; - HSSL hssl = nullptr; - uint8_t cntErrorSSL = 0; - size_t saveBIOLen = 0; - int readSSLStartIdx = 0; - int availSSLIndex = 0; - std::mutex sslTaskMutex; - - bool isSetSSL = false; bool sslHandshake = false; unsigned char preSharedKey[32]; // pre-shared key for TLS 1.3, TLS_AES_128_GCM_SHA256(password) #ifdef HDC_SUPPORT_UART @@ -285,7 +262,6 @@ struct HdcSession { AuthVerifyType verifyType; bool isSoftReset; // for daemon, Used to record whether a reset command has been received HdcHeartbeat heartbeat; - // HdcPsk psk; bool supportEncrypt; uv_timer_t heartbeatTimer; @@ -359,11 +335,6 @@ enum class RemoteType { REMOTE_APP = 2, }; -struct PskInfo { - unsigned char *bin; - size_t len; -}; -using HPreSharedKey = struct PskInfo *; struct HdcChannel { void *clsChannel; // ptr Class of serverForClient or client uint32_t channelId; diff --git a/src/common/psk.h b/src/common/psk.h index 216db76d..395a8510 100644 --- a/src/common/psk.h +++ b/src/common/psk.h @@ -38,16 +38,6 @@ public: static int RsaPubkeyEncrypt(const uint32_t sessionId, const unsigned char* in, int inLen, unsigned char* out, const string& pubkey); static int RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out); - -protected: - SSL *ssl; - SSL_CTX *ctx; - void ConfigureContext(); - bool isServer; - // unsigned int maxIdentityLen; - -private: - bool isSupportPsk; }; } // namespace Hdc #endif diff --git a/src/common/session.cpp b/src/common/session.cpp index 87c5a19b..f4d17927 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -626,6 +626,10 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) EVP_cleanup(); } hSession->availTailIndex = 0; + if (hSession->ioBuf) { + delete[] hSession->ioBuf; + hSession->ioBuf = nullptr; + } Base::TryCloseHandle((uv_handle_t *)hSession->pollHandle[STREAM_MAIN], true, closeSessionTCPHandle); Base::TryCloseHandle((uv_handle_t *)&hSession->dataPipe[STREAM_MAIN], true, closeSessionTCPHandle); FreeSessionByConnectType(hSession); @@ -819,7 +823,6 @@ HTaskInfo HdcSessionBase::AdminTask(const uint8_t op, HSession hSession, const u return hRet; } - int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int bufLen, bool echo) { StartTraceScope("HdcSessionBase::SendByProtocol"); @@ -891,7 +894,6 @@ int HdcSessionBase::Send(const uint32_t sessionId, const uint32_t channelId, con { StartTraceScope("HdcSessionBase::Send"); HSession hSession = AdminSession(OP_QUERY_REF, sessionId, nullptr); - // WRITE_LOG(LOG_DEBUG, "check ssl ok is %d", hSession->sslHandshake); if (!hSession) { WRITE_LOG(LOG_WARN, "Send to offline device, drop it, sessionId:%u", sessionId); return ERR_SESSION_NOFOUND; @@ -912,7 +914,7 @@ int HdcSessionBase::Send(const uint32_t sessionId, const uint32_t channelId, con payloadHead.headSize = htons(s.size()); payloadHead.dataSize = htonl(dataSize); int finalBufSize = sizeof(PayloadHead) + s.size() + dataSize; - uint8_t *finayBuf = (hSession->connType == CONN_TCP) ? + uint8_t *finayBuf = (hSession->connType == CONN_TCP && hSession->sslHandshake) ? new(std::nothrow) uint8_t[HdcTCPBase::GetSSLBufLen(finalBufSize) + 1]() : new(std::nothrow) uint8_t[finalBufSize](); if (finayBuf == nullptr) { @@ -1009,6 +1011,7 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) return ret; } +// Returns <0 error;> 0 receives the number of bytes; 0 untreated int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) { HdcSessionBase *ptrConnect = (HdcSessionBase *)hSession->classInstance; @@ -1056,7 +1059,6 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) return indexBuf; } -// HSession->ioBuf是读到的buffer存放首地址指针。 void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) { // WRITE_LOG(LOG_DEBUG, "before uv time--3, sizeWanted:%u", sizeWanted); @@ -1170,7 +1172,6 @@ bool HdcSessionBase::WorkThreadStartSession(HSession hSession) bool regOK = false; int childRet = 0; if (hSession->connType == CONN_TCP) { - // 建立通道 HdcTCPBase *pTCPBase = (HdcTCPBase *)hSession->classModule; hSession->hChildWorkTCP.data = hSession; if (uv_tcp_init(&hSession->childLoop, &hSession->hChildWorkTCP) < 0) { diff --git a/src/common/session.h b/src/common/session.h index d9489dce..34595c0c 100755 --- a/src/common/session.h +++ b/src/common/session.h @@ -85,12 +85,7 @@ public: void ReMainLoopForInstanceClear(); // server, Two parameters in front of call can be empty void LogMsg(const uint32_t sessionId, const uint32_t channelId, MessageLevel level, const char *msg, ...); - static void AllocBeforeRead(HSession& context, uv_buf_t *buf); - static void OnSSLReadEvent(uv_poll_t *poll, int status, int events); - static void StartSSLPoll(HSession hSession); - static void on_ssl_handshake(uv_poll_t *handle, int status, int events); static void AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); - static void AllocBIOCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf); static void InitSSL(HSession hSession); static void MainAsyncCallback(uv_async_t *handle); static void FinishWriteSessionTCP(uv_write_t *req, int status); @@ -228,7 +223,7 @@ private: void StopHeartbeatWork(HSession hSession); map mapSession; - uv_rwlock_t lockMapSession; + uv_rwlock_t lockMapSession; std::atomic sessionRef = 0; const uint8_t payloadProtectStaticVcode = 0x09; uv_thread_t threadSessionMain; diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index 77d84e34..b17c0c50 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -198,21 +198,18 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) int cnt = size; uv_os_fd_t uvfd; uv_fileno(reinterpret_cast(tcp), &uvfd); - #ifdef _WIN32 int fd = (uv_os_sock_t)uvfd; #else int fd = reinterpret_cast(uvfd); #endif - constexpr int intrmax = 60000; int intrcnt = 0; while (cnt > 0) { #ifdef HDC_EMULATOR int rc = write(fd, reinterpret_cast(data), cnt); #else - int rc = 0; - rc = send(fd, reinterpret_cast(data), cnt, 0); + int rc = send(fd, reinterpret_cast(data), cnt, 0); #endif if (rc < 0) { #ifdef _WIN32 diff --git a/src/common/tcp.h b/src/common/tcp.h index fd044fd3..c3b5d8f2 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -41,7 +41,6 @@ protected: void *clsMainBase; bool serverOrDaemon; - bool enablePSK; std::mutex writeTCPMutex; private: diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 086c0e17..1508d068 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -466,7 +466,6 @@ bool HdcDaemon::HandDaemonAuthInit(HSession hSession, const uint32_t channelId, WRITE_LOG(LOG_INFO, "client support RSA_3072_SHA512 auth for %u session", hSession->sessionId); } string bufString = SerialStruct::SerializeToString(handshake); - WRITE_LOG(LOG_DEBUG, "TaowerADD___daemon.cpp HandDaemonAuthInit send CMD_KERNEL_HANDSHAKE"); Send(hSession->sessionId, channelId, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); diff --git a/src/host/server.cpp b/src/host/server.cpp index a7a8f4b5..91067a11 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -643,7 +643,6 @@ bool HdcServer::ServerSessionHandshake(HSession hSession, uint8_t *payload, int // handshake auth OK UpdateHdiInfo(handshake, hSession); hSession->handshakeOK = true; - WRITE_LOG(LOG_INFO, "hs ok true"); return true; } -- Gitee From 79ea4248c09e0bee88ee4c09e4a4ebc10d7debb6 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Mon, 26 May 2025 15:39:00 +0800 Subject: [PATCH 10/11] feat: add some log Signed-off-by: TaowerfulMAX --- src/common/auth.cpp | 1 - src/common/common.h | 11 +++- src/common/define_plus.h | 2 - src/common/psk.cpp | 108 ++++++++++++++++++++++++++++++++++++++- src/common/psk.h | 19 +++---- src/common/session.cpp | 96 ++++++++++------------------------ src/common/tcp.cpp | 54 +++----------------- src/common/tcp.h | 1 - src/daemon/daemon.cpp | 5 +- src/host/server.cpp | 4 +- 10 files changed, 161 insertions(+), 140 deletions(-) diff --git a/src/common/auth.cpp b/src/common/auth.cpp index 037cbfc5..d70e48da 100644 --- a/src/common/auth.cpp +++ b/src/common/auth.cpp @@ -995,7 +995,6 @@ int RsaPrikeyDecryptPsk(const unsigned char* in, int inLen, unsigned char* out) EVP_PKEY *evp = nullptr; string prikeyFileName; int outLen = -1; - WRITE_LOG(LOG_DEBUG, "RsaPrikeyDecryptPsk"); do { if (!GetUserKeyPath(prikeyFileName)) { WRITE_LOG(LOG_FATAL, "get key path failed"); diff --git a/src/common/common.h b/src/common/common.h index 367e3f75..2b9c1e86 100644 --- a/src/common/common.h +++ b/src/common/common.h @@ -35,6 +35,15 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include #ifdef CONFIG_USE_JEMALLOC_DFX_INIF #include #endif @@ -73,13 +82,13 @@ using std::vector; #include "debug.h" #include "base.h" #include "task.h" +#include "psk.h" #include "channel.h" #include "session.h" #include "auth.h" #include "tcp.h" #include "usb.h" -#include "psk.h" #ifdef HDC_SUPPORT_UART #include "uart.h" #endif diff --git a/src/common/define_plus.h b/src/common/define_plus.h index cbb69eb6..faee8b32 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -23,7 +23,6 @@ #include "define_enum.h" #include "uv_status.h" #include "heartbeat.h" -#include "psk.h" namespace Hdc { @@ -227,7 +226,6 @@ struct HdcSession { int bufSize; // total buffer size int availTailIndex; // buffer available data size uint8_t *ioBuf; - uint8_t *bioBuf; // auth std::list *listKey; // rsa private or publickey list uint8_t authKeyIndex; diff --git a/src/common/psk.cpp b/src/common/psk.cpp index 6b3f93e7..6d6e6762 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -21,6 +21,51 @@ const std::string STR_PSK_IDENTITY = "Client_identity"; HdcPsk::HdcPsk(){} HdcPsk::~HdcPsk(){} +void HdcPsk::InitSSL(HSession hSession) +{ + WRITE_LOG(LOG_INFO, "session enable SSL encrypt, sid:%u", hSession->sessionId); +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) + { + WRITE_LOG(LOG_FATAL, "OPENSSL_init_ssl"); + } + ERR_clear_error(); +#else + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); +#endif + if (hSession->serverOrDaemon) { + const SSL_METHOD *method; + method = TLS_client_method(); + hSession->sslContext = SSL_CTX_new(method); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); + SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcPsk::PskClientCallback); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + hSession->ssl = SSL_new(hSession->sslContext); + SSL_set_connect_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + } else { + const SSL_METHOD *method; + method = TLS_server_method(); + hSession->sslContext = SSL_CTX_new(method); + SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); + SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcPsk::PskServerCallback); + SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); + SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); + SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + hSession->readBIO = BIO_new(BIO_s_mem()); + hSession->writeBIO = BIO_new(BIO_s_mem()); + hSession->ssl = SSL_new(hSession->sslContext); + SSL_set_accept_state(hSession->ssl); + SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); + } +} + unsigned int HdcPsk::PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen) { SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); @@ -50,7 +95,7 @@ unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identit return 0; } strcpy(identity, "Client_identity"); - int keyLen = BUF_SIZE_PSK; + unsigned int keyLen = BUF_SIZE_PSK; if (keyLen <= 0 || keyLen > maxPskLen) { WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); return 0; @@ -120,6 +165,67 @@ int HdcPsk::RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* outLen = HdcAuth::RsaPrikeyDecryptPsk(in, inLen, out); #endif return outLen; +} + +int HdcPsk::WriteSSL(HSession hSession, uint8_t *bufPtr, const int bufLen) +{ + int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); + if (retSSL < 0) { + WRITE_LOG(LOG_WARN, "SSL write error, ret:%d", retSSL); + int err = SSL_get_error(hSession->ssl, retSSL); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + DEBUG_LOG("SSL write error, ret:%d,err:%d, retry"); + } else { + WRITE_LOG(LOG_WARN, "SSL write error, ret:%d,err:%d", retSSL, err); + } + } + int sslBufLen = BIO_pending(hSession->writeBIO); + int retBIO = BIO_read(hSession->writeBIO, bufPtr, sslBufLen); + WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", + sslBufLen, bufLen, retSSL, retBIO); + return retBIO; +} +// return RET_SUCCESS: read ok, SSL_ERROR_WANT_READ: need more data, ERR_GENERIC: read failed +int HdcPsk::ReadSSL(HSession hSession, uint8_t *ioBuf, int nread) +{ + if (hSession == nullptr || hSession->ssl == nullptr) { + WRITE_LOG(LOG_WARN, "hsession ssl is null"); + return ERR_GENERIC; + } + if (!SSL_is_init_finished(hSession->ssl)) { + WRITE_LOG(LOG_WARN, "SSL is not init finished"); + return ERR_GENERIC; + } + int left = nread; + int retBio = BIO_write(hSession->readBIO, ioBuf + hSession->availTailIndex, nread); + while (left > 0) { + int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, retBio); + if (nSSLRead < 0) { + int err = SSL_get_error(hSession->ssl, nSSLRead); + if (err == SSL_ERROR_WANT_READ) { + WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ, availTailIndex,%d ", hSession->availTailIndex); + DEBUG_LOG("SSL_ERROR_WANT_READ, availTailIndex,%d ", hSession->availTailIndex); + if (hSession->availTailIndex >= static_cast(MAX_SIZE_IOBUF * 1.6)) { + return RET_SUCCESS; + } + return SSL_ERROR_WANT_READ; + } + WRITE_LOG(LOG_FATAL, "nSSLRead is failed errno: %d", err); + uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); + Base::ZeroBuf(bufToZero, hSession->bufSize); + hSession->sslHandshake = (err != SSL_ERROR_SSL); + return ERR_GENERIC; + } else { + hSession->availTailIndex += nSSLRead; + left = BIO_pending(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "nread=%d, sslread = %d, left = %d", nread, hSession->availTailIndex, left); + DEBUG_LOG("nread=%d, sslread = %d, left = %d", nread, hSession->availTailIndex, left); + } + } + BIO_reset(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "read ok, availTailIndex = %d", hSession->availTailIndex); + // if the unencrypted data left half, the next read also start at this index. + return RET_SUCCESS; } } \ No newline at end of file diff --git a/src/common/psk.h b/src/common/psk.h index 395a8510..799bd9de 100644 --- a/src/common/psk.h +++ b/src/common/psk.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021 Huawei Device Co., Ltd. + * Copyright (C) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -14,30 +14,25 @@ */ #ifndef HDC_PSK_H #define HDC_PSK_H -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include "common.h" - namespace Hdc { +constexpr int RET_SSLPSK_READ_MORE = 1; +constexpr int RET_SSLPSK_ERROR = -1; +constexpr int RET_SSLPSK_SUCCESS = 0; class HdcPsk { public: HdcPsk(); ~HdcPsk(); + static void InitSSL(HSession hSession); static unsigned int PskServerCallback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int maxPskLen); static unsigned int PskClientCallback(SSL *ssl, const char *hint, char *identity, unsigned int maxIdentityLen, unsigned char *psk, unsigned int maxPskLen); static int RsaPubkeyEncrypt(const uint32_t sessionId, const unsigned char* in, int inLen, unsigned char* out, const string& pubkey); static int RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* out); + static int WriteSSL(HSession hSession, uint8_t *bufPtr, const int bufLen); + static int ReadSSL(HSession hSession, uint8_t *ioBuf, int nread); }; } // namespace Hdc #endif diff --git a/src/common/session.cpp b/src/common/session.cpp index f4d17927..d3b4cc7b 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -610,17 +610,25 @@ void HdcSessionBase::FreeSessionContinue(HSession hSession) #else Base::CloseFd(hSession->dataFd[STREAM_WORK]); #endif - if (hSession->readBIO) { - BIO_free(hSession->readBIO); - } - if (hSession->writeBIO) { - BIO_free(hSession->writeBIO); - } if (hSession->ssl) { - SSL_shutdown(hSession->ssl); + hSession->sslHandshake = false; + WRITE_LOG(LOG_DEBUG, "free ssl start"); + if (SSL_shutdown(hSession->ssl)!= 1) + { + int err = SSL_get_error(hSession->ssl, SSL_shutdown(hSession->ssl)); + uint8_t buf[1024]; + BIO_read(hSession->writeBIO, buf, 1024); + BIO_reset(hSession->writeBIO); + BIO_reset(hSession->readBIO); + WRITE_LOG(LOG_DEBUG, "SSL shutdown error %d ", err); + } SSL_free(hSession->ssl); + hSession->readBIO = nullptr; + hSession->writeBIO = nullptr; + hSession->ssl = nullptr; SSL_CTX_free(hSession->sslContext); - WRITE_LOG(LOG_DEBUG, "SSL free finished"); + hSession->sslContext = nullptr; + WRITE_LOG(LOG_DEBUG, "SSL free finished for sid:%u", hSession->sessionId); } ERR_free_strings(); EVP_cleanup(); @@ -837,24 +845,14 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); int writeLen = bufLen; if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { - int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); - if (retSSL < 0) { - WRITE_LOG(LOG_WARN, "SSL write error,ret:%d", retSSL); - int err = SSL_get_error(hSession->ssl, retSSL); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - - } else { - WRITE_LOG(LOG_WARN, "SSL write error,ret:%d,err:%d", retSSL, err); - } - } - int sslBufLen = BIO_pending(hSession->writeBIO); - int retBIO = BIO_read(hSession->writeBIO, bufPtr, sslBufLen); - if (retBIO < 0) { - WRITE_LOG(LOG_WARN, "BIO_read error"); + writeLen = HdcPsk::WriteSSL(hSession, bufPtr, bufLen); + WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, writeLen: %d, bufLen:%d", + writeLen, bufLen); + if (writeLen < 0) { + WRITE_LOG(LOG_FATAL, "WriteSSL error, writeLen:%d", writeLen); delete[] bufPtr; - return retBIO; + break; } - writeLen = retBIO; } if (echo && !hSession->serverOrDaemon) { @@ -1001,6 +999,8 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) // 0 < payloadHeadSize < HDC_BUF_MAX_BYTES int tobeReadLen = static_cast(payloadHeadSize); if (bufLen - packetHeadSize < tobeReadLen) { + WRITE_LOG(LOG_DEBUG, "Not enough a IO, bufLen = %d, packetHeadSize = %d, tobeReadLen = %d", + bufLen, packetHeadSize, tobeReadLen); return 0; } if (DecryptPayload(hSession, payloadHead, bufPtr + packetHeadSize)) { @@ -1039,6 +1039,7 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) indexBuf += childRet; } else if (childRet == 0) { // Not enough a IO + WRITE_LOG(LOG_DEBUG, "Not enough a IO, availTailIndex = %d", hSession->availTailIndex); break; } else { // <0 WRITE_LOG(LOG_FATAL, "FetchIOBuf error childRet:%d sessionId:%u", childRet, hSession->sessionId); @@ -1061,12 +1062,12 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_buf_t *buf) { - // WRITE_LOG(LOG_DEBUG, "before uv time--3, sizeWanted:%u", sizeWanted); HSession context = (HSession)handle->data; Base::ReallocBuf(&context->ioBuf, &context->bufSize, HDC_SOCKETPAIR_SIZE); buf->base = (char *)context->ioBuf + context->availTailIndex; int size = context->bufSize - context->availTailIndex; buf->len = std::min(size, static_cast(sizeWanted)); + WRITE_LOG(LOG_DEBUG, "AllocCallback size:%d", buf->len); } void HdcSessionBase::FinishWriteSessionTCP(uv_write_t *req, int status) @@ -1514,7 +1515,6 @@ bool HdcSessionBase::DispatchTaskData(HSession hSession, const uint32_t channelI hTaskInfo->closeRetryCount = 0; hTaskInfo->channelTask = false; hTaskInfo->isCleared = false; - // hTaskInfo->isStableBuf = hSession->connType != CONN_USB; int addTaskRetry = 3; // try 3 time while (addTaskRetry > 0) { @@ -1572,48 +1572,4 @@ void HdcSessionBase::ParsePeerSupportFeatures(HSession &hSession, std::mapsessionId); -#if OPENSSL_VERSION_NUMBER >= 0x10100003L - if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) - { - WRITE_LOG(LOG_FATAL, "OPENSSL_init_ssl"); - } - ERR_clear_error(); -#else - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -#endif - if (hSession->serverOrDaemon) { - const SSL_METHOD *method; - method = TLS_client_method(); - hSession->sslContext = SSL_CTX_new(method); - SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); - SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcPsk::PskClientCallback); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - hSession->readBIO = BIO_new(BIO_s_mem()); - hSession->writeBIO = BIO_new(BIO_s_mem()); - hSession->ssl = SSL_new(hSession->sslContext); - SSL_set_connect_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - } else { - const SSL_METHOD *method; - method = TLS_server_method(); - hSession->sslContext = SSL_CTX_new(method); - SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); - SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcPsk::PskServerCallback); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); - hSession->readBIO = BIO_new(BIO_s_mem()); - hSession->writeBIO = BIO_new(BIO_s_mem()); - hSession->ssl = SSL_new(hSession->sslContext); - SSL_set_accept_state(hSession->ssl); - SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); - } -} } // namespace Hdc \ No newline at end of file diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index b17c0c50..ccc94fd3 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -69,53 +69,6 @@ void HdcTCPBase::SendUDPFinish(uv_udp_send_t *req, int status) delete req; } -bool HdcTCPBase::ReadBIO(HSession hSession, uint8_t *ioBuf, int nread) -{ - if (hSession == nullptr || hSession->ssl == nullptr) { - WRITE_LOG(LOG_DEBUG, "hsession ssl is null"); - return false; - } - if (!SSL_is_init_finished(hSession->ssl)) { - WRITE_LOG(LOG_DEBUG, "SSL is not init finished"); - return false; - } - bool ret = false; - HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; - HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; - int left = nread; - int retBio = BIO_write(hSession->readBIO, ioBuf + hSession->availTailIndex, nread); - while (left > 0) { - int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, retBio); - if (nSSLRead < 0) { - int err = SSL_get_error(hSession->ssl, nSSLRead); - if (err == SSL_ERROR_WANT_READ) { - if (hSession->availTailIndex >= MAX_SIZE_IOBUF) { - ret = true; - break; - } - return true; - } - WRITE_LOG(LOG_DEBUG, "nSSLRead is failed: %s, hSession SSL error read count:%d", - ERR_error_string(err, NULL), hSession->cntErrorSSL); - uint8_t *bufToZero = reinterpret_cast(hSession->ioBuf); - Base::ZeroBuf(bufToZero, hSession->bufSize); - hSession->sslHandshake = (err != SSL_ERROR_SSL); - return false; - } else { - hSession->availTailIndex += nSSLRead; - left = BIO_pending(hSession->readBIO); - DEBUG_LOG(LOG_DEBUG, "sslread = %d, left = %d", hSession->availTailIndex, left); - ret = true; - } - } - if (hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { - WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); - return false; - } - // if the unencrypted data left half, the next read also start at this index. - return ret; -} - void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf) { HSession hSession = (HSession)tcp->data; @@ -139,7 +92,12 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf } if (hSession->sslHandshake) { - ret = ReadBIO(hSession, hSession->ioBuf, nread); + int sslRet = HdcPsk::ReadSSL(hSession, hSession->ioBuf, nread); + ret = (sslRet != ERR_GENERIC); + if (sslRet == RET_SUCCESS && hSessionBase->FetchIOBuf(hSession, hSession->ioBuf, 0) < 0) { + WRITE_LOG(LOG_FATAL, "ReadStream FetchIOBuf error nread:%zd, sid:%u", nread, hSession->sessionId); + ret = false; + } break; } diff --git a/src/common/tcp.h b/src/common/tcp.h index c3b5d8f2..e6277b4f 100644 --- a/src/common/tcp.h +++ b/src/common/tcp.h @@ -22,7 +22,6 @@ public: HdcTCPBase(const bool serverOrDaemonIn, void *ptrMainBase); virtual ~HdcTCPBase(); static void ReadStream(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); - static bool ReadBIO(HSession hSession, uint8_t *ioBuf, int nread); static void ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf); int WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size); inline static int GetSSLBufLen(const int bufLen) diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 1508d068..3c5621ab 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -791,7 +791,7 @@ void HdcDaemon::DaemonSessionHandshakeInit(HSession &hSession, SessionHandShake bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t channelId, uint8_t *payload, int payloadSize) { if (hSession->ssl == nullptr) { - HdcSessionBase::InitSSL(hSession); + HdcPsk::InitSSL(hSession); } if (payloadSize > 1) { // session handshake 5 @@ -1240,11 +1240,12 @@ void HdcDaemon::SendAuthOkMsg(SessionHandShake &handshake, uint32_t channelid, string bufString = SerialStruct::SerializeToString(handshake); Send(sessionid, channelid, CMD_KERNEL_HANDSHAKE, reinterpret_cast(const_cast(bufString.c_str())), bufString.size()); - HSession hSession = AdminSession(OP_QUERY, sessionid, nullptr); + HSession hSession = AdminSession(OP_QUERY_REF, sessionid, nullptr); if (hSession->connType != CONN_TCP || !hSession->supportEncrypt) { uint8_t count = 1; Send(sessionid, channelid, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); } + --hSession->ref; } void HdcDaemon::SendAuthSignMsg(SessionHandShake &handshake, uint32_t channelId, uint32_t sessionid, string pubkey, string token) diff --git a/src/host/server.cpp b/src/host/server.cpp index 91067a11..cba7453d 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -579,7 +579,7 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, } else { WRITE_LOG(LOG_DEBUG, "SSL_do_handshake failed"); } - memset_s(buf, nread, 0, nread); + (void)memset_s(buf, nread, 0, nread); delete[] buf; } else { WRITE_LOG(LOG_DEBUG, "SSL_do_handshake BIO_pending <= 0"); @@ -608,7 +608,7 @@ bool HdcServer::ServerSessionPSK(HSession hSession, const uint32_t channelId, ui if (memcpy_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), out, outLen) != EOK) { WRITE_LOG(LOG_DEBUG, "memcpy_s failed, hSession->preSharedKey len is %d", sizeof(hSession->preSharedKey)); } - HdcSessionBase::InitSSL(hSession); + HdcPsk::InitSSL(hSession); uint8_t count = 1; ServerSessionSSLHandshake(hSession, channelId, &count, 1); return true; -- Gitee From 9817fecee24472711bf859a6b6af39d1e997e009 Mon Sep 17 00:00:00 2001 From: TaowerfulMAX Date: Fri, 30 May 2025 17:37:52 +0800 Subject: [PATCH 11/11] feat: fix freeze & crash of ssl Signed-off-by: TaowerfulMAX --- src/common/define_plus.h | 1 + src/common/psk.cpp | 40 +++++++++++++++++++++++----------------- src/common/session.cpp | 27 ++++++++------------------- src/common/tcp.cpp | 14 +++++++++++++- src/daemon/daemon.cpp | 11 +++++++++-- src/host/server.cpp | 8 +++++++- 6 files changed, 61 insertions(+), 40 deletions(-) diff --git a/src/common/define_plus.h b/src/common/define_plus.h index faee8b32..7b8a6860 100644 --- a/src/common/define_plus.h +++ b/src/common/define_plus.h @@ -247,6 +247,7 @@ struct HdcSession { SSL_CTX *sslContext = nullptr; BIO *readBIO = nullptr; BIO *writeBIO = nullptr; + std::mutex bioMutex; bool sslHandshake = false; unsigned char preSharedKey[32]; // pre-shared key for TLS 1.3, TLS_AES_128_GCM_SHA256(password) #ifdef HDC_SUPPORT_UART diff --git a/src/common/psk.cpp b/src/common/psk.cpp index 6d6e6762..016169a6 100644 --- a/src/common/psk.cpp +++ b/src/common/psk.cpp @@ -41,11 +41,13 @@ void HdcPsk::InitSSL(HSession hSession) hSession->sslContext = SSL_CTX_new(method); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_client_callback(hSession->sslContext, HdcPsk::PskClientCallback); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + SSL_CTX_set_ciphersuites(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); hSession->readBIO = BIO_new(BIO_s_mem()); hSession->writeBIO = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(hSession->readBIO, -1); + BIO_set_mem_eof_return(hSession->writeBIO, -1); + BIO_set_buffer_size(hSession->readBIO, HDC_SOCKETPAIR_SIZE); + BIO_set_buffer_size(hSession->writeBIO, HDC_SOCKETPAIR_SIZE); hSession->ssl = SSL_new(hSession->sslContext); SSL_set_connect_state(hSession->ssl); SSL_set_bio(hSession->ssl, hSession->readBIO, hSession->writeBIO); @@ -55,10 +57,10 @@ void HdcPsk::InitSSL(HSession hSession) hSession->sslContext = SSL_CTX_new(method); SSL_CTX_set_ex_data(hSession->sslContext, 0, hSession->preSharedKey); SSL_CTX_set_psk_server_callback(hSession->sslContext, HdcPsk::PskServerCallback); - SSL_CTX_set_options(hSession->sslContext, SSL_OP_NO_TLSv1_2); - SSL_CTX_set_min_proto_version(hSession->sslContext, TLS1_3_VERSION); - SSL_CTX_set_cipher_list(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); + SSL_CTX_set_ciphersuites(hSession->sslContext, "TLS_AES_128_GCM_SHA256"); hSession->readBIO = BIO_new(BIO_s_mem()); + BIO_set_buffer_size(hSession->readBIO, HDC_SOCKETPAIR_SIZE); + BIO_set_buffer_size(hSession->writeBIO, HDC_SOCKETPAIR_SIZE); hSession->writeBIO = BIO_new(BIO_s_mem()); hSession->ssl = SSL_new(hSession->sslContext); SSL_set_accept_state(hSession->ssl); @@ -94,7 +96,10 @@ unsigned int HdcPsk::PskClientCallback(SSL *ssl, const char *hint, char *identit WRITE_LOG(LOG_FATAL, "Client identity buffer too small, maxIdentityLen = %d", maxIdentityLen); return 0; } - strcpy(identity, "Client_identity"); + if (strcpy_s(identity, maxIdentityLen, "Client_identity") != EOK) { + WRITE_LOG(LOG_FATAL, "Client PSK key strcpy_s identity failed, maxIdentityLen is %u", maxIdentityLen); + return 0; + } unsigned int keyLen = BUF_SIZE_PSK; if (keyLen <= 0 || keyLen > maxPskLen) { WRITE_LOG(LOG_FATAL, "Client PSK key length invalid, keyLen = %d", keyLen); @@ -169,7 +174,7 @@ int HdcPsk::RsaPrikeyDecrypt(const unsigned char* in, int inLen, unsigned char* int HdcPsk::WriteSSL(HSession hSession, uint8_t *bufPtr, const int bufLen) { - int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); + int retSSL = SSL_write(hSession->ssl, bufPtr, bufLen); if (retSSL < 0) { WRITE_LOG(LOG_WARN, "SSL write error, ret:%d", retSSL); int err = SSL_get_error(hSession->ssl, retSSL); @@ -180,9 +185,10 @@ int HdcPsk::WriteSSL(HSession hSession, uint8_t *bufPtr, const int bufLen) } } int sslBufLen = BIO_pending(hSession->writeBIO); + BIO_flush(hSession->readBIO); int retBIO = BIO_read(hSession->writeBIO, bufPtr, sslBufLen); - WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", - sslBufLen, bufLen, retSSL, retBIO); + // WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, sslBufLen: %d, bufLen:%d return SSL:%d,BIO:%d", + // sslBufLen, bufLen, retSSL, retBIO); return retBIO; } @@ -199,14 +205,17 @@ int HdcPsk::ReadSSL(HSession hSession, uint8_t *ioBuf, int nread) } int left = nread; int retBio = BIO_write(hSession->readBIO, ioBuf + hSession->availTailIndex, nread); + if (retBio < 0) { + WRITE_LOG(LOG_WARN, "BIO write failed, ret is %d", retBio); + return ERR_GENERIC; + } while (left > 0) { - int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, retBio); + int nSSLRead = SSL_read(hSession->ssl, ioBuf + hSession->availTailIndex, BUF_SIZE_DEFAULT16); if (nSSLRead < 0) { int err = SSL_get_error(hSession->ssl, nSSLRead); if (err == SSL_ERROR_WANT_READ) { - WRITE_LOG(LOG_DEBUG, "SSL_ERROR_WANT_READ, availTailIndex,%d ", hSession->availTailIndex); DEBUG_LOG("SSL_ERROR_WANT_READ, availTailIndex,%d ", hSession->availTailIndex); - if (hSession->availTailIndex >= static_cast(MAX_SIZE_IOBUF * 1.6)) { + if (hSession->availTailIndex > static_cast(BUF_SIZE_DEFAULT16)) { return RET_SUCCESS; } return SSL_ERROR_WANT_READ; @@ -219,12 +228,9 @@ int HdcPsk::ReadSSL(HSession hSession, uint8_t *ioBuf, int nread) } else { hSession->availTailIndex += nSSLRead; left = BIO_pending(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "nread=%d, sslread = %d, left = %d", nread, hSession->availTailIndex, left); - DEBUG_LOG("nread=%d, sslread = %d, left = %d", nread, hSession->availTailIndex, left); + DEBUG_LOG("nread=%d, retbio=%d, sslread = %d, left = %d", nread, retBio, hSession->availTailIndex, left); } } - BIO_reset(hSession->readBIO); - WRITE_LOG(LOG_DEBUG, "read ok, availTailIndex = %d", hSession->availTailIndex); // if the unencrypted data left half, the next read also start at this index. return RET_SUCCESS; } diff --git a/src/common/session.cpp b/src/common/session.cpp index d3b4cc7b..72bfa7bb 100755 --- a/src/common/session.cpp +++ b/src/common/session.cpp @@ -843,25 +843,13 @@ int HdcSessionBase::SendByProtocol(HSession hSession, uint8_t *bufPtr, const int switch (hSession->connType) { case CONN_TCP: { HdcTCPBase *pTCP = ((HdcTCPBase *)hSession->classModule); - int writeLen = bufLen; - if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { - writeLen = HdcPsk::WriteSSL(hSession, bufPtr, bufLen); - WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, writeLen: %d, bufLen:%d", - writeLen, bufLen); - if (writeLen < 0) { - WRITE_LOG(LOG_FATAL, "WriteSSL error, writeLen:%d", writeLen); - delete[] bufPtr; - break; - } - } - if (echo && !hSession->serverOrDaemon) { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); } else { if (hSession->hWorkThread == uv_thread_self()) { - ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, writeLen); + ret = pTCP->WriteUvTcpFd(&hSession->hWorkTCP, bufPtr, bufLen); } else { - ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, writeLen); + ret = pTCP->WriteUvTcpFd(&hSession->hChildWorkTCP, bufPtr, bufLen); } } break; @@ -999,8 +987,8 @@ int HdcSessionBase::OnRead(HSession hSession, uint8_t *bufPtr, const int bufLen) // 0 < payloadHeadSize < HDC_BUF_MAX_BYTES int tobeReadLen = static_cast(payloadHeadSize); if (bufLen - packetHeadSize < tobeReadLen) { - WRITE_LOG(LOG_DEBUG, "Not enough a IO, bufLen = %d, packetHeadSize = %d, tobeReadLen = %d", - bufLen, packetHeadSize, tobeReadLen); + // WRITE_LOG(LOG_DEBUG, "Not enough a IO, bufLen = %d, packetHeadSize = %d, tobeReadLen = %d", + // bufLen, packetHeadSize, tobeReadLen); return 0; } if (DecryptPayload(hSession, payloadHead, bufPtr + packetHeadSize)) { @@ -1039,7 +1027,7 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read) indexBuf += childRet; } else if (childRet == 0) { // Not enough a IO - WRITE_LOG(LOG_DEBUG, "Not enough a IO, availTailIndex = %d", hSession->availTailIndex); + // WRITE_LOG(LOG_DEBUG, "Not enough a IO, availTailIndex = %d", hSession->availTailIndex); break; } else { // <0 WRITE_LOG(LOG_FATAL, "FetchIOBuf error childRet:%d sessionId:%u", childRet, hSession->sessionId); @@ -1067,7 +1055,7 @@ void HdcSessionBase::AllocCallback(uv_handle_t *handle, size_t sizeWanted, uv_bu buf->base = (char *)context->ioBuf + context->availTailIndex; int size = context->bufSize - context->availTailIndex; buf->len = std::min(size, static_cast(sizeWanted)); - WRITE_LOG(LOG_DEBUG, "AllocCallback size:%d", buf->len); + // WRITE_LOG(LOG_DEBUG, "AllocCallback size:%d", buf->len); } void HdcSessionBase::FinishWriteSessionTCP(uv_write_t *req, int status) @@ -1515,6 +1503,7 @@ bool HdcSessionBase::DispatchTaskData(HSession hSession, const uint32_t channelI hTaskInfo->closeRetryCount = 0; hTaskInfo->channelTask = false; hTaskInfo->isCleared = false; + // hTaskInfo->isStableBuf = hSession->connType != CONN_USB; int addTaskRetry = 3; // try 3 time while (addTaskRetry > 0) { diff --git a/src/common/tcp.cpp b/src/common/tcp.cpp index ccc94fd3..3e812875 100644 --- a/src/common/tcp.cpp +++ b/src/common/tcp.cpp @@ -74,7 +74,7 @@ void HdcTCPBase::ReadStreamAutoBIO(uv_stream_t *tcp, ssize_t nread, const uv_buf HSession hSession = (HSession)tcp->data; HdcTCPBase *thisClass = (HdcTCPBase *)hSession->classModule; HdcSessionBase *hSessionBase = (HdcSessionBase *)thisClass->clsMainBase; - CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStream"); + CALLSTAT_GUARD(hSession->childLoopStatus, tcp->loop, "HdcTCPBase::ReadStreamAutoBIO"); bool ret = false; while (true) { @@ -154,6 +154,18 @@ int HdcTCPBase::WriteUvTcpFd(uv_tcp_t *tcp, uint8_t *buf, int size) std::lock_guard lock(writeTCPMutex); uint8_t *data = buf; int cnt = size; + HSession hSession = reinterpret_cast(tcp->data); + if (hSession->sslHandshake && hSession->ssl != nullptr && SSL_is_init_finished(hSession->ssl)) { + cnt = HdcPsk::WriteSSL(hSession, buf, size); + // WRITE_LOG(LOG_INFO, "SSL encrypt write to buffer, cnt: %d, size:%d", + // cnt, size); + if (cnt < 0) { + WRITE_LOG(LOG_FATAL, "WriteSSL error, cnt:%d", cnt); + delete[] buf; + return size; + } + } + uv_os_fd_t uvfd; uv_fileno(reinterpret_cast(tcp), &uvfd); #ifdef _WIN32 diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 3c5621ab..adefb3d5 100755 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -821,16 +821,23 @@ bool HdcDaemon::DaemonSessionSSLHandshake(HSession hSession, const uint32_t chan } } else { - WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s, cipher is %s", + SSL_get_version(hSession->ssl), SSL_get_cipher_name(hSession->ssl)); uint8_t count = 1; // session handshake 8 Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); return true; } if (SSL_is_init_finished(hSession->ssl)) { - WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s, cipher is %s", + SSL_get_version(hSession->ssl), SSL_get_cipher_name(hSession->ssl)); hSession->sslHandshake = true; + if (memset_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), 0, sizeof(hSession->preSharedKey)) + != EOK) { + WRITE_LOG(LOG_FATAL, "memset_s failed"); + return false; + } } return true; } diff --git a/src/host/server.cpp b/src/host/server.cpp index cba7453d..0ee4295c 100644 --- a/src/host/server.cpp +++ b/src/host/server.cpp @@ -586,11 +586,17 @@ bool HdcServer::ServerSessionSSLHandshake(HSession hSession, } } else { - WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s", SSL_get_version(hSession->ssl)); + WRITE_LOG(LOG_INFO, "SSL handshake ok, version is %s, cipher is %s", + SSL_get_version(hSession->ssl), SSL_get_cipher_name(hSession->ssl)); uint8_t count = 1; // session handshake close hSession->sslHandshake = true; Send(hSession->sessionId, 0, CMD_KERNEL_CHANNEL_CLOSE, &count, 1); + if (memset_s(hSession->preSharedKey, sizeof(hSession->preSharedKey), 0, sizeof(hSession->preSharedKey)) + != EOK) { + WRITE_LOG(LOG_FATAL, "memset_s failed"); + return false; + } } return true; } -- Gitee