static void prvInitialiseWolfSSL( void )
{
int32_t iReturn;
#ifdef DEBUG_WOLFSSL
{
wolfSSL_Debugging_ON();
}
#endif
/* Initialise wolfSSL. This must be done before any other wolfSSL functions
are called. */
wolfSSL_Init();
/* Attempt to create a context that uses the TLS 1.2 server protocol. */
xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
if( xWolfSSL_ServerContext != NULL )
{
/* Load the CA certificate. Real applications should ensure that
wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before
proceeding. */
iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 );
configASSERT( iReturn == SSL_SUCCESS );
iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM );
configASSERT( iReturn == SSL_SUCCESS );
iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM );
configASSERT( iReturn == SSL_SUCCESS );
}
}
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig)
{
int ret;
_mod_wolftls_t *mod;
if (!modconfig)
return NULL;
mod = calloc(1, sizeof(*mod));
wolfSSL_Init();
mod->method = wolfTLSv1_2_server_method();
if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL)
goto wolfftls_out_ctx;
if (modconfig->crtfile)
{
ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS);
goto wolfftls_out_certfile;
}
}
if (modconfig->pemfile)
{
ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret);
goto wolfftls_out_certfile;
}
}
if (modconfig->cachain)
{
ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain);
if (ret != WOLFSSL_SUCCESS)
{
err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret);
goto wolfftls_out_certfile;
}
}
httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls);
return mod;
wolfftls_out_certfile:
wolfSSL_CTX_free(mod->ctx);
wolfftls_out_ctx:
free(mod);
return NULL;
}
int main()
{
/* set up server */
WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (srv_ctx == NULL) err_sys("bad server ctx new");
int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server key file load");
ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server cert file load");
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("bad server new");
/* start client thread */
pthread_t tid;
pthread_create(&tid, 0, client_thread, NULL);
/* accept tls connection without tcp sockets */
ret = wolfSSL_accept(srv_ssl);
if (ret != SSL_SUCCESS) err_sys("bad server tls accept");
printf("wolfSSL accept success!\n");
/* read msg post handshake from client */
unsigned char buf[80];
memset(buf, 0, sizeof(buf));
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
printf("client msg = %s\n", buf);
/* clean up */
wolfSSL_free(srv_ssl);
wolfSSL_CTX_free(srv_ctx);
return 0;
}
int main()
{
/*
* Creates a socket that uses an internet IP address,
* Sets the type to be Stream based (TCP),
* 0 means choose the default protocol.
*/
socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0);
int ret = 0; /* Return Variable */
int loopExit = 0; /* 0 = False, 1 = True */
/* Server and Client socket address structures */
struct sockaddr_in serverAddr = {0}, clientAddr = {0};
/* Initialize the server address struct to zero */
memset((char *)&serverAddr, 0, sizeof(serverAddr));
/* Fill the server's address family */
serverAddr.sin_family = AF_INET;
serverAddr.sin_addr.s_addr = INADDR_ANY;
serverAddr.sin_port = htons(DEFAULT_PORT);
/* initialize wolfSSL */
wolfSSL_Init();
/* If positive value, the socket is valid */
if (sockfd == -1) {
printf("ERROR: failed to create the socket\n");
return EXIT_FAILURE;
}
/* Create and initialize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
}
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
return EXIT_FAILURE;
}
/* Attach the server socket to our port */
if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr))
< 0) {
printf("ERROR: failed to bind\n");
return EXIT_FAILURE;
}
printf("Waiting for a connection...\n");
/* Continuously accept connects while not currently in an active connection
or told to quit */
while (loopExit == 0) {
/* Listen for a new connection, allow 5 pending connections */
ret = listen(sockfd, 5);
if (ret == 0) {
/* Accept client connections and read from them */
loopExit = AcceptAndRead(sockfd, clientAddr);
}
}
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
}
/* Create a new wolfSSL server with a certificate for authentication. */
static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
HEAP_HINT_SERVER)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(server_ctx, SERVER_CERT,
SERVER_CERT_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
SERVER_KEY, SERVER_KEY_LEN, WOLFSSL_FILETYPE_ASN1) !=
WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server key\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(server_ctx, recv_server);
wolfSSL_SetIOSend(server_ctx, send_server);
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(server_ssl, 1);
}
if (ret == 0) {
*ctx = server_ctx;
*ssl = server_ssl;
}
else {
if (server_ssl != NULL)
wolfSSL_free(server_ssl);
if (server_ctx != NULL)
wolfSSL_CTX_free(server_ctx);
}
return ret;
}
int main(int argc, char **argv)
{
struct sockaddr_in srvaddr, cliaddr;
socklen_t socketfd,clisocketfd;
socklen_t clilen;
WOLFSSL_CTX *wsslctx;
WOLFSSL *sslconn;
int portnum;
const char *certpath;
const char *privpath;
std::string cliipaddr;
std::string data;
std::string dbpath;
pid_t pid;
clilen = sizeof(cliaddr);
wolfSSL_Init();
if (argc == 4)
{
if (prompt_y_n("Create new user database?", ""))
{
do
{
std::cout << "Please specify a filename for the new database: ";
std::getline(std::cin, dbpath);
if (!access(dbpath.c_str(), F_OK))
{
if (prompt_y_n("File already exists, overwrite?", ""))
{
break;
}
}
else
{
break;
}
} while (true);
std::string jsondat = "{ \"users\" : { } }";
std::ofstream outputfile;
outputfile.open(dbpath);
if (outputfile.is_open())
{
outputfile << jsondat;
outputfile.close();
std::cout << "Created new database file!"
<< std::endl;
}
else
{
std::cout << "Failed to create new database file!"
<< std::endl;
}
}
else
{
std::cout << "Ok, please specify an existing user database" << std::endl;
std::cout<<"Usage: "<<argv[0]<<" <port #> <certfile> <privkey> [userdb]"<<std::endl;
return -1;
}
}
else if (argc < 5)
{
std::cout<<"Usage: "<<argv[0]<<" <port #> <certfile> <privkey> [userdb]"<<std::endl;
std::cout<<"If [userdb] is unspecified, we will create a new one"<<std::endl;
return 1;
}
portnum = atoi(argv[1]);
certpath = argv[2];
privpath = argv[3];
if (argc == 5)
dbpath = std::string(argv[4]);
if (portnum < 1 || portnum > 65535)
{
std::cout<<"Please choose a port in the range: 1-65535"<<std::endl;
return 1;
}
/*userdb_file.open(dbpath);
if (!userdb_file.is_open())
{
std::cout<<"[-] Could not open user database"<<std::endl;
return 1;
}*/
if ( (socketfd = socket(AF_INET, SOCK_STREAM, 0)) == -1 )
{
std::cout<<"Failed to initialize socket"<<std::endl;
return -1;
}
memset((void*)&srvaddr,0,sizeof(srvaddr));
srvaddr.sin_family = AF_INET;
srvaddr.sin_addr.s_addr = INADDR_ANY;
srvaddr.sin_port = htons(portnum);
if ( (wsslctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL )
{
std::cout<<"Failed to create new WolfSSL CTX"<<std::endl;
return -1;
}
if (wolfSSL_CTX_use_PrivateKey_file(wsslctx,privpath,SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
std::cout<<"Failed to load SSL private key file"<<std::endl;
return -2;
}
if (wolfSSL_CTX_use_certificate_file(wsslctx,certpath,SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
std::cout<<"Failed to load SSL certificate file"<<std::endl;
return -2;
}
if (bind(socketfd, (struct sockaddr *)&srvaddr, sizeof(srvaddr)) != 0)
{
std::cout<<"Failed to bind to port "<<portnum<<std::endl;
return -3;
}
listen(socketfd,10);
std::cout<<"[+] KeyLocker server started. Waiting for connections..."<<std::endl;
while(1)
{
if ( (clisocketfd = accept(socketfd,(struct sockaddr *)&cliaddr,&clilen)) == -1 )
{
std::cout<<"Failed to accept connection on socket"<<std::endl;
//return -3;
}
if ( (pid=fork()) < 0 )
{
std::cout<<"Fork failed"<<std::endl;
return -4;
}
else if (pid > 0)
{
/* parent */
close(clisocketfd);
waitpid(pid, 0, 0);
continue;
}
else
{
/* child */
close(socketfd);
//15 second timeout
signal(SIGALRM,sighandler);
alarm(15);
cliipaddr = std::string(inet_ntoa(cliaddr.sin_addr));
std::cout<<"[+] Client connected from IP address: "<<cliipaddr
<<std::endl;
sslconn = start_ssl(wsslctx,clisocketfd,cliaddr);
data = get_cli_data(sslconn);
//shut alarm off
alarm(0);
process_data(data,dbpath,sslconn);
close(clisocketfd);
break;
}
usleep(1000);
}
//close(clisocketfd);
wolfSSL_free(sslconn);
wolfSSL_CTX_free(wsslctx);
wolfSSL_Cleanup();
return 0;
}
int main()
{
int sockfd;
int connd;
struct sockaddr_in servAddr;
struct sockaddr_in clientAddr;
socklen_t size = sizeof(clientAddr);
char command[256];
char buffer[256];
int shutDown = 0;
int ret, err, firstRead, gotFirstG, echoSz;
unsigned char serverDer[2048];
int serverDerSz = sizeof(serverDer);
/* PEM certificate buffers */
unsigned char server[2048];
unsigned char serveK[2048];
unsigned char cert[4096]; /* certificate chain to send */
int serverSz = sizeof(server);
int serveKSz = sizeof(serveK);
int certSz = sizeof(cert);
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Debugging_ON();
/* Initialize wolfSSL */
wolfSSL_Init();
/* create new certificate with IP address as common name */
if (createSignedCert(
(unsigned char*)server_cert_der_2048, sizeof_server_cert_der_2048,
(unsigned char*)server_key_der_2048, sizeof_server_key_der_2048,
serverDer, &serverDerSz,
server, &serverSz,
serveK, &serveKSz,
"127.0.0.1", 0) != 0) {
fprintf(stderr, "Failure creating new certificate\n");
return -1;
}
XMEMCPY(cert, server, serverSz);
/* convert CA to PEM format */
ret = wc_DerToPem((unsigned char*)server_cert_der_2048,
sizeof_server_cert_der_2048, cert + serverSz, certSz - serverSz,
CERT_TYPE);
if (ret <= 0) {
fprintf(stderr, "error converting CA to PEM format.\n");
return -1;
}
certSz = ret + serverSz;
{
/* for debugging print out created certificate to files */
FILE* f = fopen("created_chain.pem", "wb");
if (f != NULL ) {
fwrite(cert, 1, certSz, f);
fclose(f);
}
f = fopen("created_cert.der", "wb");
if (f != NULL ) {
fwrite(server, 1, serverSz, f);
fclose(f);
}
f = fopen("created_key.der", "wb");
if (f != NULL ) {
fwrite(serveK, 1, serveKSz, f);
fclose(f);
}
}
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
return -1;
}
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
return -1;
}
/* For this example load certificate chain into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, cert, certSz)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certificate chain.\n");
return -1;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, serveK, serveKSz,
SSL_FILETYPE_ASN1)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load server key.\n");
return -1;
}
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
/* Bind the server socket to our port */
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
fprintf(stderr, "ERROR: failed to bind\n");
return -1;
}
/* Listen for a new connection, allow 5 pending connections */
if (listen(sockfd, 5) == -1) {
fprintf(stderr, "ERROR: failed to listen\n");
return -1;
}
/* Continue to accept clients until shutdown is issued */
while (!shutDown) {
printf("Waiting for a connection...\n");
/* Accept client connections */
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
== -1) {
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
return -1;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
return -1;
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, connd);
printf("Client connected successfully\n");
/* Very basic HTTP GET command -- intended to be used as an example.
* read and write from wolfssl-root/examples/echoserver/echoserver.c */
while (1) {
err = 0; /* reset error */
ret = wolfSSL_read(ssl, command, sizeof(command)-1);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_ZERO_RETURN){
printf("SSL_read echo error %d, %s!\n", err,
wolfSSL_ERR_error_string(err, buffer));
}
break;
}
echoSz = ret;
if (firstRead == 1) {
firstRead = 0; /* browser may send 1 byte 'G' to start */
if (echoSz == 1 && command[0] == 'G') {
gotFirstG = 1;
continue;
}
}
else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
strncpy(command, "GET", 4);
/* fall through to normal GET */
}
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutDown = 1;
break;
}
if ( strncmp(command, "break", 5) == 0) {
printf("client sent break command: closing session!\n");
break;
}
if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from wolfSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += (int)sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += (int)sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += (int)sizeof(footer);
err = 0; /* reset error */
ret = wolfSSL_write(ssl, command, echoSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
}
if (ret != echoSz) {
printf("SSL_write get error = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
printf("SSL_write get failed\n");
}
break;
}
command[echoSz] = 0;
ret = wolfSSL_write(ssl, command, echoSz);
if (ret <= 0) {
printf("Error %d\n", wolfSSL_get_error(ssl, 0));
break;
}
if (ret != echoSz) {
printf("SSL_write echo error = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
printf("SSL_write echo failed\n");
}
}
/* Cleanup after this connection */
wolfSSL_free(ssl); /* Free the wolfSSL object */
close(connd); /* Close the connection to the client */
}
printf("Shutdown complete\n");
/* Cleanup and return */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the socket listening for clients */
return 0; /* Return reporting a success */
}