libevent筆記6：ssl bufferevent

Libevent另外提供了基於openssl的bufferevent來支持ssl，通過特殊的ssl bufferevent來對數據進行加密。
ps：本文不對openssl相應的接口做介紹因為不熟

SSL bufferevent相關函數

• struct bufferevent *bufferevent_openssl_socket_new(struct event_base *base, evutil_socket_t fd, struct ssl_st *ssl, enum bufferevent_ssl_state state, int options) 該函數能夠基於給定的文件描述符及ssl對象創建一個ssl bufferevent。其中，bufferevent_ssl_state state參數表明了該bufferevent的角色，在作為服務端時一般使用BUFFEREVENT_SSL_ACCEPTING，在作為客戶端時一般使用BUFFEREVENT_SSL_CONNECTING。

• struct bufferevent *bufferevent_openssl_filter_new(struct event_base *base, struct bufferevent *underlying, struct ssl_st *ssl, enum bufferevent_ssl_state state, int options) 該函數能夠基於給定的底層bufferevent及ssl對象創建一個過濾器，該過濾器的過濾函數已經由系統通過ssl對象定義好，我們只需另外定義過濾器讀寫回調函數即可。

ps：在下例的客戶端代碼中，注釋中即為使用過濾器來實現ssl bufferevent。

Demo

• 服務器，這段代碼來自Libevent book。服務器的主要工作時回顯客戶端發來的數據。

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>

#include <event.h>
#include <event2/listener.h>
#include <event2/bufferevent_ssl.h>

#include "basicev.h"//包含對中斷信號的處理事件及回調函數

static void 
ssl_readcb(struct bufferevent * bev, void * arg)
{
   //將輸入緩存區的數據輸出
   struct evbuffer *in = bufferevent_get_input(bev);
   printf("Received %zu bytes\n", evbuffer_get_length(in));
   printf("----- data ----\n");
   printf("%.*s\n", (int)evbuffer_get_length(in), evbuffer_pullup(in, -1));
   //將輸入緩存區的數據放入輸出緩存區發生到客戶端
   bufferevent_write_buffer(bev, in);
}

static void ssl_acceptcb(struct evconnlistener *serv, int sock, struct sockaddr *sa,
             int sa_len, void *arg)
{
   struct event_base *evbase;
   struct bufferevent *bev;
   SSL_CTX *server_ctx;
   SSL *client_ctx;

   server_ctx = (SSL_CTX *)arg;
   client_ctx = SSL_new(server_ctx);
   evbase = evconnlistener_get_base(serv);

   bev = bufferevent_openssl_socket_new(evbase, sock, client_ctx,
                                         BUFFEREVENT_SSL_ACCEPTING,
                                         BEV_OPT_CLOSE_ON_FREE);

   bufferevent_enable(bev, EV_READ);
   bufferevent_enable(bev, EV_WRITE);
   bufferevent_setcb(bev, ssl_readcb, NULL, NULL, NULL);

   char buf[] = "Hello, this is ECHO";
   bufferevent_write(bev, buf, sizeof(buf));
}

static SSL_CTX *evssl_init(void)
{
   SSL_CTX  *server_ctx;

    /* Initialize the OpenSSL library */
   SSL_load_error_strings();
   SSL_library_init();

    /* We MUST have entropy, or else there's no point to crypto. */
   if (!RAND_poll())
      return NULL;
   server_ctx = SSL_CTX_new(SSLv23_server_method());

   if (! SSL_CTX_use_certificate_chain_file(server_ctx, "cacert.pem") ||
       ! SSL_CTX_use_PrivateKey_file(server_ctx, "privkey.pem", SSL_FILETYPE_PEM)) {
      puts("Couldn't read 'pkey' or 'cert' file.  To generate a key\n"
           "and self-signed certificate, run:\n"
           "  openssl genrsa -out pkey 2048\n"
           "  openssl req -new -key pkey -out cert.req\n"
           "  openssl x509 -req -days 365 -in cert.req -signkey pkey -out cert");
      return NULL;
   }
   SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv2);
   return server_ctx;
}

int main(int argc, char **argv)
{
   SSL_CTX *ctx;
   struct evconnlistener *listener;
   struct event_base *evbase;
   struct sockaddr_in sin;

   memset(&sin, 0, sizeof(sin));
   sin.sin_family = AF_INET;
   sin.sin_port = htons(9999);
   sin.sin_addr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */

   //初始化ssl環境
   ctx = evssl_init();
   if (ctx == NULL)
      return 1;

   //初始化event2環境
   evbase = event_base_new();
   if(evbase == NULL)
   {
      printf("%s\n", strerror(errno));
      exit(1);
   }

   //創建監聽器
   listener = evconnlistener_new_bind(
                         evbase, ssl_acceptcb, (void *)ctx,
                         LEV_OPT_CLOSE_ON_FREE | LEV_OPT_REUSEABLE, 1024,
                         (struct sockaddr *)&sin, sizeof(sin));
   //添加中斷信號處理事件
   add_signal(evbase);
   event_base_loop(evbase, 0);

   evconnlistener_free(listener);
   SSL_CTX_free(ctx);
   return 0;
}

• 客戶端

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include <resolv.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
 
#include <event2/event.h>
#include <event2/bufferevent.h>
#include <event2/bufferevent_ssl.h>

#include "basicev.h"
 
static void read_cb(struct bufferevent *bev, void *arg)
{
   char buf[1024] = {0};
   bufferevent_read(bev, buf, 1024);
   printf("%s\n", buf);
}

int main(int argc, char **argv)
{
   int sockfd, len;
   struct sockaddr_in dest;
   SSL_CTX *ctx;
   SSL *ssl;
 
   //初始化ssl環境
   SSL_library_init();
   OpenSSL_add_all_algorithms();
   ERR_load_crypto_strings();
   SSL_load_error_strings();
   ctx = SSL_CTX_new(SSLv23_client_method());
   if (ctx == NULL) {
      ERR_print_errors_fp(stdout);
      exit(1);
   }
    
   // 創建一個 socket 用於底層通信 
   if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
      printf("Socket: %s\n", strerror(errno));
      exit(1);
   }
    
   // 初始化服務器端地址
   memset(&dest, 0 ,sizeof(dest));
   dest.sin_family = AF_INET;
   dest.sin_port = htons(9999);
   if (inet_aton("127.0.0.1", (struct in_addr *) &dest.sin_addr.s_addr) == 0) {
      exit(errno);
   }
    
   // 連接服務器 
   if (connect(sockfd, (struct sockaddr *) &dest, sizeof(dest)) != 0) {
      printf("Connect: %s\n ", strerror(errno));
      exit(errno);
   }
   
   //初始化event2
   struct event_base *base = NULL;
   struct bufferevent *sslbev = NULL;

   base = event_base_new();
   if(base == NULL)
   {
      printf("%s\n", strerror(errno));
      exit(1);
   }

   //創建一個ssl對象
   ssl = SSL_new(ctx);
   
   //創建ssl的bufferevent
   sslbev = bufferevent_openssl_socket_new(base, sockfd, ssl,
		    BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
   
   /* 使用過濾器的ssl bufferevent 
   struct bufferevent *bev = bufferevent_socket_new(base, sockfd, BEV_OPT_CLOSE_ON_FREE);
   sslbev = bufferevent_openssl_filter_new(base, bev, ssl,
                   BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
   */

   bufferevent_setcb(sslbev, read_cb, NULL, NULL, NULL);
   bufferevent_enable(sslbev, EV_READ|EV_WRITE);
   
   //添加中斷信號處理事件
   add_signal(base);
   //添加標准輸入處理事件
   //該事件的回調函數會將從標准輸入得到的數據寫入sslbev
   add_stdin(base, sslbev);
   event_base_dispatch(base);

   bufferevent_free(sslbev);
   event_base_free(base);  
   SSL_CTX_free(ctx);
   return 0;
}

• 客戶端輸出

sunminming@sunminming:~/libevent/ssl$ ./client 
Hello, this is ECHO
hello, this is client   //這行為手動鍵入
hello, this is client   //這行為服務器回顯

• 服務器輸出

sunminming@sunminming:~/libevent/ssl$ ./server 
Received 21 bytes
----- data ----
hello, this is client