1、网络安全程序设计报告目录一、实验选题 3二、实验环境 3三、系统设计 31、Windows下进行OpenSSL编程的主要步骤 32、系统框图 43、重要函数 4四、实验过程截图 161、安装openssl 172、客户端与服务器端安全通信 18五、实验与课程总结 20六、源代码清单 20一、实验选题基于OpenSSL的安全聊天系统 Windows或Linux平台均可 点到点模式 基于OpenSSL的安全套接字通信 客户端服务器双向认证 聊天记录本地加密存储,输入正确口令可查看二、实验环境 操作系统 Windows XP sp3 开发平台 VC+6.0 其它 OpenSSL ActivePerl
2、三、系统设计1、Windows下进行OpenSSL编程的主要步骤1. 安装ActivePerl,阅读openssl开发包中的install.w32 ,编译openssl,;2. 下载CA证书并对其进行公私钥的分割,使用openssl生成证书文件;3. 阅读相关文档,熟悉OpenSSL编程接口,编写server和client端代码;4. 将所需要的文件放到源代码目录,调试并运行程序,使用证书来验证进行安全通信的过程及身份认证方式。2、系统框图3、重要函数Client:连接服务器端并接收服务器消息的线程函数:void ClientThreadProc(void* void_parm) WSADAT
3、A wsaData; int err; int sd; struct sockaddr_in sa; SSL* ssl; X509* server_cert; char* str; char buffer 8912; int maxFd; fd_set writeFds, readFds, excFds; DWORD dwIP; dwIP = (DWORD)void_parm; /char *msg = (char *)malloc(128); char msg128; /初始化windows socket if (WSAStartup(MAKEWORD(2, 2), &wsaData) re
4、turn; /新建socket sd = socket (AF_INET, SOCK_STREAM, 0); memset (&sa, 0, sizeof(sa); /设置服务端IP地址、和端口 sa.sin_family = AF_INET; sa.sin_addr.s_addr = dwIP; sa.sin_port = htons(8443); /连接服务器 err = connect(sd, (struct sockaddr*) &sa,sizeof(sa); if(err GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); return; strcp
5、y(msg,SSL开始握手!); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); /新建SSL句柄 ssl = SSL_new (ctx); /设置socket句柄到SSL句柄 SSL_set_fd (ssl, sd); /SSL连接 err = SSL_connect (ssl); if(err != 1) / char *msg = (char *)malloc(128); strcpy(msg,SSL连接服务器失败!); SendMessage(AfxGetMainWnd()-GetSafeHw
6、nd(),WM_STATE_MSG,sd,(long )msg); return; server_cert = SSL_get_peer_certificate (ssl); strcpy(msg,Client certificate:); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); strcpy(msg,subject: ); SendMessage(AfxGet
7、MainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); strcpy(msg,str); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); strcpy(msg,issuer:); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_M
8、SG,sd,(long )msg); strcpy(msg,str); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); OPENSSL_free (str); X509_free (server_cert);/ printf (SSL connection using %sn, SSL_get_cipher (ssl); strcpy(msg,SSL connection using:); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,s
9、d,(long )msg); /*打印所有加密算法的信息(可选)*/ strcpy(msg,SSL_get_cipher (ssl); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); maxFd = sd; client.fd=sd; client.ssl=ssl; strcpy(msg,连接服务器成功!); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); for(;) FD_ZERO(&writeFds);
10、 FD_ZERO(&readFds); FD_ZERO(&excFds); FD_SET(sd, &readFds); /select 异步等待服务器 int nfd = select(maxFd + 1, &readFds, &writeFds, &excFds, NULL); if(nfd = 0) if(errno = EINTR) /* interrupted system call */ continue; return; if(FD_ISSET(sd, &readFds) /接收服务器消息 int len = SSL_read(ssl,buffer,sizeof(buffer);
11、if(len GetSafeHwnd(),WM_STATE_MSG,sd,(long )msg); return; bufferlen=0; char *msg = (char *)malloc(len +1); strcpy(msg,buffer); /通过WM_CLIENT_MSG消息,发送到主窗体 SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_CLIENT_MSG,sd,(long )msg); return;链接服务器:void CClientDlg:OnConnect() unsigned long idThread; DWORD dwIP
12、=0; CIP ipaddr;/让用户输入客户端IP m_liststate.ResetContent(); if(client.fd=0)/判断是否已经连接 if(ipaddr.DoModal() = IDOK) dwIP=inet_addr(ipaddr.IP.GetBuffer(0); /创建线程,连接服务器,并接收服务器端消息 CreateThread(NULL,0, (LPTHREAD_START_ROUTINE)ClientThreadProc, (void *)dwIP, 0 ,&idThread); else m_liststate.InsertString(0,已经连接!);
13、 发送消息到服务器:void CClientDlg:OnSend() UpdateData(); if(client.fd !=0) /发送消息 SSL_write(client.ssl,m_str.GetBuffer(0),m_str.GetLength(); m_str.ReleaseBuffer(); else return; /插入发送的消息的列表框 m_list.InsertString(0,m_str); m_str.Empty(); UpdateData(FALSE); (CEdit *)GetDlgItem(IDC_EDIT1)-SetActiveWindow(); 处理WM_
14、CLIENT_MSG消息:LRESULT CClientDlg:OnClientMsg(WPARAM wParam,LPARAM lParam) CString msg; msg.Format(Socket:%d%s,wParam,(char *)lParam); m_list.InsertString(0,msg); free(void*)lParam); return 0L;LRESULT CClientDlg:OnStateMsg(WPARAM wParam,LPARAM lParam) CString msg; msg.Format(Socket:%d%s,wParam,(char *
15、)lParam); m_liststate.InsertString(-1,msg);/ m_liststate.AddString(msg);/ free(void*)lParam); return 0L;void CClientDlg:OnDestroy() WSACleanup(); SSL_CTX_free(ctx); CDialog:OnDestroy();断开链接:void CClientDlg:OnDisconnect() if(client.fd !=0) closesocket(client.fd); SSL_shutdown(client.ssl); SSL_free(cl
16、ient.ssl); client.ssl=NULL; client.fd=0; m_liststate.InsertString(0,已断开和服务器的链接!); m_liststate.ResetContent(); Server:处理客户端事务线程函数,接收客户端消息:void client( void* void_parmint ) int clientFd = (int) void_parmint; int maxFd; int len; int flag=0; fd_set writeFds, readFds, excFds; char buffer8192; descriptor_
17、t clientDesc; clientDesc.fd = clientFd; clientDesc.ssl = NULL; SSL *ssl; char *str; X509* client_cert; /新建SSL连接句柄 if(ssl = SSL_new(ctx) = NULL) return; /设置SSL连接Socket句柄 SSL_set_fd(ssl, clientFd); /接收SSL连接 if(SSL_accept(ssl) GetSafeHwnd(),WM_STATE_MSG,clientFd,(long )msg); /*打印所有加密算法的信息(可选)*/ strcpy(
18、msg,SSL_get_cipher (ssl); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,clientFd,(long )msg); /*得到客户端的证书并打印些信息(可选) */ client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) / printf (Client certificate:n); strcpy(msg,Client certificate:); SendMessage(AfxGetMainWnd()-GetSafeH
19、wnd(),WM_STATE_MSG,clientFd,(long )msg); str=X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); /printf (t subject: %sn, str); strcpy(msg,subject:); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,clientFd,(long )msg); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,clientF
20、d,(long )str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); /printf (t issuer: %sn, str); strcpy(msg,issuer:); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,clientFd,(long )msg); SendMessage(AfxGetMainWnd()-GetSafeHwnd(),WM_STATE_MSG,clientFd,(long
21、 )str); OPENSSL_free (str); X509_free (client_cert);/*如不再需要,需将证书释放 */ clientDesc.ssl = ssl; /把客户端链接句柄保存到全局变量中。 for(int i=0;iMAX_CLIENT;i+) if(Clientsi.fd=0) Clientsi.fd=clientFd; Clientsi.ssl=ssl; flag = 1; break; if(!flag) /已经达到链接最大限制 SSL_write(ssl,服务器已满!,strlen(服务器已满!); SSL_shutdown(ssl); SSL_free
22、(ssl); return; maxFd = clientFd; for(;) FD_ZERO(&writeFds); FD_ZERO(&readFds); FD_ZERO(&excFds); FD_SET(clientFd, &readFds); /异步的方式等待客户端数据 int nfd = select(maxFd + 1, &readFds, &writeFds, &excFds, NULL); if(nfd = 0) if(errno = EINTR) /* interrupted system call */ continue; return; if(FD_ISSET(client
23、Fd, &readFds)/有客户端数据需要读取 /接收客户端数据 len = SSL_read(clientDesc.ssl,buffer,sizeof(buffer); if(len GetSafeHwnd(),WM_STATE_MSG,clientFd,(long )msg); return; bufferlen=0; char *msg1 = (char *)malloc(len +1); strcpy(msg1,buffer); /发送WM_CLIENT_MSG消息到主窗体,把接收到的消息显示到列表框 SendMessage(AfxGetMainWnd()-GetSafeHwnd()
24、,WM_CLIENT_MSG,clientFd,(long )msg1); return;接收连接线程函数:void AcceptThreadProc( void* void_parm ) int sockFd = (int) void_parm; HANDLE hd; unsigned long idThread; int clientFd; /接收连接 clientFd = accept(sockFd, NULL, NULL); if(clientFd GetSafeHwnd(),WM_STATE_MSG,0,(long )msg); return; /新建socket句柄 listen_
25、sd = socket (AF_INET, SOCK_STREAM, 0); /初始化sockaddr_in结构体,设置TCP协议和端口 memset (&sa_serv, 0, sizeof(sa_serv); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (port); /绑定端口 err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv); if(err GetSafeHwnd(),WM_STATE_MSG,listen_sd,(long )msg); return; /侦听,tcp连接 err = listen (listen_sd, 5); char *msg = (char *)malloc(128); strcpy(msg,启动服务成功!);
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 