0

我正在通过 openssl 开发一个带有 psk 的客户端服务器。

目前服务器端还没有实现,我的 Ubuntu Linux 机器上有一个存根,仅用于测试目的,如下所示:

openssl s_server -accept 9999 -cipher ECDHE-PSK-CHACHA20-POLY1305 -nocert -psk 6161616161 -psk_identity admin

客户端有一些问题,我陷入了困境,因为一切似乎都按照以下方式实现

 class Program
    {

        private static readonly SecureRandom _secureRandom = new SecureRandom();


        internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, Org.BouncyCastle.Crypto.Tls.TlsClient client)
        {
            var tcp = new TcpClient(hostname, port);


            var protocol = new TlsClientProtocol(tcp.GetStream(), _secureRandom);

            protocol.Connect(client);


            return protocol;
        }

        static void Main(string[] args)
        {

            var hostname = "192.168.132.160";
            var port = 9999;

            var psk_identity = "admin";


            // hardcoded psk
            var psk = new byte[] { 0x61, 0x61, 0x61, 0x61, 0x61 };

            var pskIdentity = new BasicTlsPskIdentity(psk_identity, psk);



            var client = new PskTlsClient(null, pskIdentity);




            var protocol = OpenTlsConnection(hostname, port, client);


            // Tryng to send something
            var req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");

            var tlsStream = protocol.Stream;
            tlsStream.Write(req, 0, req.Length);
            tlsStream.Flush();

            var reader = new StreamReader(tlsStream);

            string line;
            while ((line = reader.ReadLine()) != null)
            {
                Console.WriteLine(">>> " + line);
            }

            protocol.Close();


        }
    }

我每次都得到这个异常:

System.IO.IOException:“无法从传输连接中读取数据:连接尝试失败,因为连接方在一段时间后没有正确响应,或者建立连接失败,因为连接的主机没有响应。”

另外,我的 Linux 机器上的这段代码可以工作

openssl s_client -connect 192.168.132.160:9999 -psk 6161616161  -psk_identity admin -tls1_2

我错过了客户端的某些内容吗?谁能帮我?我要疯了。

谢谢

4

1 回答 1

0

PskTlsClient 默认只提供一些密码,为了添加我想要的内容,我开发了一个覆盖 GetCipherSuites() 的 PskTlsClient 的小代理(设计模式),如下所示:

    public class PskTlsClientProxy : PskTlsClient
{
    public PskTlsClientProxy(TlsPskIdentity pskIdentity) : base(pskIdentity)
    {




    }

    public PskTlsClientProxy(TlsCipherFactory cipherFactory, TlsPskIdentity pskIdentity) : base(cipherFactory, pskIdentity)
    {
    }

    public PskTlsClientProxy(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier, TlsPskIdentity pskIdentity) : base(cipherFactory, dhVerifier, pskIdentity)
    {
    }

    public override void NotifyServerVersion(ProtocolVersion serverVersion)
    {
        base.NotifyServerVersion(serverVersion);

        Console.WriteLine("TLS-PSK client negotiated " + serverVersion);
    }


    public override int[] GetCipherSuites()
    {
        return new int[] {
            CipherSuite.DRAFT_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
        };

    }



}
于 2020-11-20T15:09:21.377 回答