Initial Checkin

ianbarber · ianbarber · commit 6eebfad30a76 · 2012-09-14T23:48:04.000+01:00
Simple XREP server REQ client.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,15 @@
+CC      = g++
+CFLAGS  = -g
+LDFLAGS = -lzmq -lssl
+
+all: tlsserver tlsclient
+
+tlsserver: tlsserver.cpp tlszmq.cpp
+	$(CC) $^ $(CFLAGS) $(LDFLAGS) -o $@
+
+tlsclient: tlsclient.cpp tlszmq.cpp
+	$(CC) $^ $(CFLAGS) $(LDFLAGS) -o $@
+
+clean:
+	rm tlsclient
+	rm tlsserver
diff --git a/server.crt b/server.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQCcIw4uCLJ7bTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTEyMDkwNzEwNDUxOFoXDTEzMDkwNzEwNDUxOFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAshGG
+ftj0ZtYLl+BwNroGQwDGDkvWRgOPKGsrUtV1RDKnEThXS69SDEOUWS0kb7Y9joAa
+roJHX7KmtxKzHFRNsi+zbqz4bm7vGBYsteVtd9mOwsRIZqSOLUKcdjUL0JKvJ/nL
+DkijARJg9luDBYt7t/+Wcl7+t+hZLKsFRStEd/cCAwEAATANBgkqhkiG9w0BAQUF
+AAOBgQCP77PstQTH/AB/90Pgx4rAeJ3fL1sSJJV7xsCRRDKuu2MiEC/16nUScspJ
+gfztlodgrR47Sf+5sP38v1OzS96dzaJwW2VLge6BahpfRoGAL8p/NyquZmXa+trt
+4vWHxJEZXLQrduuFNBliGtkeNAfzZCXW/SbYAL87yGwN6YMp0A==
+-----END CERTIFICATE-----
diff --git a/server.key b/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCyEYZ+2PRm1guX4HA2ugZDAMYOS9ZGA48oaytS1XVEMqcROFdL
+r1IMQ5RZLSRvtj2OgBqugkdfsqa3ErMcVE2yL7NurPhubu8YFiy15W132Y7CxEhm
+pI4tQpx2NQvQkq8n+csOSKMBEmD2W4MFi3u3/5ZyXv636FksqwVFK0R39wIDAQAB
+AoGAWHLeFJndZEtDvO/trTFftN5ogmdnCqXv8QqynVWMBxEF7UbIDb8LCS50PItw
+wtCJ6QN2vWHW5BEQQHVYZGT3pgtAABXkOF2tiu+vI4YTV43zeZkjUKa0Eszyj2xD
+wGlP9FEjxoerKHTGW1s81I5RmmBSFdQpkP/YWJ13PuUNrbECQQDe5R85QI8vVB8N
+wQ88VQ2GmCN/Ht8CUUyUYHk37HdEYKmbt83Ph9nTN7g55BUtSHnF8Z+HLImsIy7R
+Xz0DSI1fAkEAzIQD/S4naQS3a8Jb4xIQZVNoBSInqwIpC75VL53QYC3IKddUe9Ra
+Eqrhnws8sBh74179Povv7LnKT3QvtdMEaQJBAIQnoyil3393R+Y2xlrGLvvTbpBr
+dFwCaf47aQPAX0KacVWTWCKo8HysN72TPv8XTqQPS7+wp3v5bEPVTO6KcM8CQE68
+eIitjzCoRzFuZ0/ZcYSBAugPCTSWJVVHFqa5XDLbDVfGddkinPbY4PoJKnklQ/T6
+agb9ewYpVREXyxJ2RhkCQQCEnD6mAJQaPBKVI24gWuCWbDzH+xuOTz5JtoIuhPsv
+imptcLdE0RhiWJookqWh8iFMRZQx2NkM7n7Bbkm+np/8
+-----END RSA PRIVATE KEY-----
diff --git a/tlsclient.cpp b/tlsclient.cpp
@@ -0,0 +1,49 @@
+#include "tlszmq.h"
+//#include <stdio.h>
+//#include <string>
+#include <zmq.hpp>
+
+// Simple REP server
+int main(int argc, char* argv[]) {
+    try {
+        zmq::context_t ctx(1);
+        zmq::socket_t s1(ctx,ZMQ_REQ);
+        s1.connect ("tcp://localhost:5555");
+        TLSZmq *tls = new TLSZmq();
+        bool loop = true;
+        zmq::message_t request (12);  
+        memcpy(request.data(), "hello world!", 12);
+        tls->send(&request);
+        while (loop == true) {
+            tls->update();
+            
+            // If we need to send to the network, do so
+            if(tls->needs_write()) {
+                zmq::message_t *data = tls->get_data();
+                s1.send(*data);
+                
+                // Push message to TLS and update
+                zmq::message_t response;
+                s1.recv (&response);
+                tls->put_data(&response);
+                tls->update();
+                
+                delete data;
+            }
+                    
+             // If there is app data, retrieve it
+            if(tls->can_recv()) {
+                zmq::message_t *data = tls->recv();
+                printf("Received: %s\n", (char *)(data->data()), data->size());
+                loop = false;
+                delete data;
+            } 
+        }
+        delete tls;
+    }
+    catch(std::exception &e) {
+        printf ("An error occurred: %s\n", e.what());
+        return 1;
+    }
+    return 0;
+}
diff --git a/tlsserver.cpp b/tlsserver.cpp
@@ -0,0 +1,66 @@
+#include "tlszmq.h"
+#include <string>
+#include <map>
+#include <zmq.hpp>
+
+// Simple REP server
+int main(int argc, char* argv[]) {
+    try {
+        zmq::context_t ctx(1);
+        zmq::socket_t s1(ctx,ZMQ_ROUTER);
+        s1.bind ("tcp://*:5555");
+        std::string s_crt("server.crt");
+        std::string s_key("server.key");
+        std::map<std::string, TLSZmq*> conns;
+            
+        while (true) {
+            // Wait for a message
+            zmq::message_t identifier(0);
+            
+            // Retrieve or create the TLSZmq handler for this client
+            s1.recv (&identifier);
+            std::string ident (static_cast<char*>(identifier.data()), identifier.size());
+            TLSZmq *tls;
+            if(conns.find(ident) == conns.end()) {
+                tls = new TLSZmq(s_crt.c_str(), s_key.c_str());
+                conns[ident] = tls;
+            } else {
+                tls = conns[ident];
+            }
+            
+            // Ignore seperator
+            zmq::message_t request(0);
+            s1.recv (&request);
+            
+            // Push message on to TLS and update
+            s1.recv (&request);
+            tls->put_data(&request);
+            tls->update();
+            
+            // If there is app data, retrieve it
+            if(tls->can_recv()) {
+                zmq::message_t *data = tls->recv();
+                printf("Received: %s\n",static_cast<char*>(data->data()));
+                zmq::message_t response(8);
+                snprintf ((char *) response.data(), 8 ,"Got it!");
+                tls->send(&response);
+                tls->update();
+                delete data;
+            }
+            
+            // If we need to send to the network, do so
+            if(tls->needs_write()) {
+                zmq::message_t *data = tls->get_data();
+                s1.send(identifier, ZMQ_SNDMORE);
+                request.rebuild(0); // reuse request as delimiter
+                s1.send(request, ZMQ_SNDMORE);
+                s1.send(*data);
+            }
+        }
+    }
+    catch(std::exception &e) {
+        printf ("An error occurred: %s\n", e.what());
+        return 1;
+    }
+    return 0;
+}
diff --git a/tlszmq.cpp b/tlszmq.cpp
@@ -0,0 +1,189 @@
+#include <stdexcept>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include "tlszmq.h"
+
+TLSZmq::TLSZmq() 
+{
+    init_(init_ctx_(SSLv3_client_method ()));
+    SSL_set_connect_state(ssl);
+}
+
+TLSZmq::TLSZmq( 
+        const char *certificate,
+        const char *key)
+{
+    // In server mode we probably want to actually create a context
+    // once per run rather than per-session as in this example. 
+    SSL_CTX *ctxt = init_ctx_(SSLv3_server_method ());
+    // This could do with some error checking!
+    SSL_CTX_use_certificate_file(ctxt, certificate, SSL_FILETYPE_PEM);
+    SSL_CTX_use_PrivateKey_file(ctxt, key, SSL_FILETYPE_PEM);
+    init_(ctxt);
+    SSL_set_accept_state(ssl);
+}
+
+TLSZmq::~TLSZmq() {
+    SSL_free(ssl);
+    delete ssl_to_app;
+    delete app_to_ssl;
+    delete zmq_to_ssl;
+    delete ssl_to_zmq;
+}
+
+void TLSZmq::update() 
+{
+    // Copy the data from the ZMQ message to the memory BIO
+    if (zmq_to_ssl->size() > 0) {
+        int rc = BIO_write(rbio, zmq_to_ssl->data(), zmq_to_ssl->size());
+        printf("DEBUG: %d written to BIO\n", rc);
+        zmq_to_ssl->rebuild(0);
+    }
+    
+    // If we have app data to send, push it through SSL write, which
+    // will hit the memory BIO. 
+    if (app_to_ssl->size() > 0) {
+        int rc = SSL_write(ssl, app_to_ssl->data(), app_to_ssl->size());
+        
+        if (!continue_ssl_(rc)) {
+             throw std::runtime_error("An SSL error occured.");
+         }
+         
+         printf("DEBUG: %d written to SSL\n", rc);
+         if( rc == app_to_ssl->size() ) {
+             app_to_ssl->rebuild(0);
+         }
+    }
+    
+    net_read_();
+    net_write_();
+}
+
+bool TLSZmq::can_recv() {
+    return ssl_to_app->size() > 0;
+}
+
+bool TLSZmq::needs_write() {
+    return ssl_to_zmq->size() > 0;
+}
+
+zmq::message_t *TLSZmq::recv() {
+    zmq::message_t *msg = new zmq::message_t(ssl_to_app->size());
+    memcpy (msg->data(), ssl_to_app->data(), ssl_to_app->size());
+    ssl_to_app->rebuild(0);
+    return msg;
+}
+
+zmq::message_t *TLSZmq::get_data() {
+    zmq::message_t *msg = new zmq::message_t(ssl_to_zmq->size());
+    memcpy (msg->data(), ssl_to_zmq->data(), ssl_to_zmq->size());
+    ssl_to_zmq->rebuild(0);
+    return msg;
+}
+
+void TLSZmq::put_data(zmq::message_t *msg) {
+    zmq_to_ssl->rebuild(msg->data(), msg->size(), NULL, NULL);
+}
+
+void TLSZmq::send(zmq::message_t *msg) {
+    app_to_ssl->rebuild(msg->data(), msg->size(), NULL, NULL);
+}
+
+SSL_CTX *TLSZmq::init_ctx_(SSL_METHOD *meth) {
+    OpenSSL_add_all_algorithms();
+    SSL_library_init();
+    SSL_load_error_strings();
+    ERR_load_BIO_strings();
+
+    SSL_CTX *ctxt = SSL_CTX_new (meth);
+    if(!ctxt) {
+        ERR_print_errors_fp(stderr);
+    }
+    
+    return ctxt;
+}
+
+void TLSZmq::init_(SSL_CTX *ctxt) 
+{
+    ssl = SSL_new(ctxt);
+    
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+    SSL_set_bio(ssl, rbio, wbio);
+    
+    ssl_to_app = new zmq::message_t(0);
+    app_to_ssl = new zmq::message_t(0);
+    zmq_to_ssl = new zmq::message_t(0);
+    ssl_to_zmq = new zmq::message_t(0);
+}
+
+void TLSZmq::net_write_() {
+    std::string nwrite;
+    // Read any data to be written to the network from the memory BIO
+    while (1) {
+        char readto[1024];
+        int read = BIO_read(wbio, readto, 1024);
+
+        if (read > 0) {
+            size_t cur_size = nwrite.length();
+            nwrite.resize(cur_size + read);
+            std::copy(readto, readto + read, nwrite.begin() + cur_size);
+        } 
+
+        if (static_cast<size_t>(read) != 1024 || read == 0) break;
+    }
+    
+    if (!nwrite.empty()) {
+        printf("DEBUG: %d read from BIO\n", (int)nwrite.length());
+        ssl_to_zmq->rebuild(nwrite.length());
+        memcpy(ssl_to_zmq->data(), nwrite.c_str(), nwrite.length());
+    }
+}
+
+void TLSZmq::net_read_() {
+    std::string aread;
+    // Read data for the application from the encrypted connection and place it in the string for the app to read
+    while (1) {
+        char readto[1024];
+        int read = SSL_read(ssl, readto, 1024);
+
+        if (!continue_ssl_(read)) {
+            throw std::runtime_error("An SSL error occured.");
+        }
+
+        if (read > 0) {
+            size_t cur_size = aread.length();
+            aread.resize(cur_size + read);
+            std::copy(readto, readto + read, aread.begin() + cur_size);
+        }
+
+        if (static_cast<size_t>(read) != 1024 || read == 0) break;
+    }
+    
+    if (!aread.empty()) {
+        ssl_to_app->rebuild(aread.length());
+        memcpy(ssl_to_app->data(), aread.c_str(), aread.length());
+    }
+}
+
+bool TLSZmq::continue_ssl_(int rc) {
+    int err = SSL_get_error(ssl, rc);
+
+    if (err == SSL_ERROR_NONE || err == SSL_ERROR_WANT_READ) {
+        return true;
+    }
+
+    if (err == SSL_ERROR_SYSCALL) {
+        ERR_print_errors_fp(stderr);
+        perror("DEBUG: syscall error: ");
+        return false;
+    }
+
+    if (err == SSL_ERROR_SSL) {
+        ERR_print_errors_fp(stderr);
+        return false;
+    }
+    return true;
+}
+
+
diff --git a/tlszmq.h b/tlszmq.h
@@ -0,0 +1,42 @@
+/*
+ * Quick and dirty class to wrap data in TLS for use over ZeroMQ
+ * Based on code from http://funcptr.net/2012/04/08/openssl-as-a-filter-%28or-non-blocking-openssl%29/
+ */
+
+#include <openssl/ssl.h>
+#include <zmq.hpp>
+
+class TLSZmq {
+    public:
+        TLSZmq();
+        TLSZmq( const char *certificate,
+                const char *key);
+        virtual ~TLSZmq();
+
+        void update();
+        
+        bool can_recv();
+        bool needs_write();
+        
+        zmq::message_t *recv();
+        zmq::message_t *get_data();
+        void put_data(zmq::message_t *msg);
+        void send(zmq::message_t *msg);
+
+    private:
+        void init_(SSL_CTX *ctxt);
+        SSL_CTX *init_ctx_(SSL_METHOD *meth);
+        
+        bool continue_ssl_(int function_return);
+        void net_read_();
+        void net_write_();
+
+        SSL * ssl;
+        BIO * rbio;
+        BIO * wbio;
+        
+        zmq::message_t *app_to_ssl;
+        zmq::message_t *ssl_to_app;
+        zmq::message_t *ssl_to_zmq;
+        zmq::message_t *zmq_to_ssl;
+};
