bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
//SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
static void* client_thread(void* args)
{
/* set up client */
WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (cli_ctx == NULL) err_sys("bad client ctx new");
int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL);
if (ret != SSL_SUCCESS) err_sys("bad ca load");
wolfSSL_SetIOSend(cli_ctx, ClientSend);
wolfSSL_SetIORecv(cli_ctx, ClientRecv);
WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx);
if (cli_ctx == NULL) err_sys("bad client new");
ret = wolfSSL_connect(cli_ssl);
if (ret != SSL_SUCCESS) err_sys("bad client tls connect");
printf("wolfSSL client success!\n");
ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21);
/* clean up */
wolfSSL_free(cli_ssl);
wolfSSL_CTX_free(cli_ctx);
return NULL;
}
/* Create a new wolfSSL client with a server CA certificate. */
static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
HEAP_HINT_CLIENT)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load CA certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_buffer(client_ctx, CA_CERTS, CA_CERTS_LEN,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load CA certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(client_ctx, recv_client);
wolfSSL_SetIOSend(client_ctx, send_client);
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(client_ssl, 1);
}
if (ret == 0) {
*ctx = client_ctx;
*ssl = client_ssl;
}
else {
if (client_ssl != NULL)
wolfSSL_free(client_ssl);
if (client_ctx != NULL)
wolfSSL_CTX_free(client_ctx);
}
return ret;
}
int Client(const char* ip, word16 port)
{
int n;
char msg[] = "hello wolfssl";
char reply[MAXSZ];
int msgSz = strlen(msg);
SOCKET_T fd;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
err_sys("Error in setting client ctx\n");
if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("trouble loading client cert");
/*sets the IO callback methods*/
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
if ((ssl = wolfSSL_new(ctx)) == NULL)
err_sys("issue when creating ssl");
tcp_connect(&fd, ip, port, 0);
wolfSSL_set_fd(ssl, fd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("client connect failed");
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("client write failed");
memset(reply, 0, MAXSZ);
if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) {
reply[n] = '\0';
}
else {
printf("client read returned %d\n", n);
return -1;
}
printf("Server sent : %s\n", reply);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return 0;
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the private key
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Loading the client cert so that the server can authenticate us (client authentication))
if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Couldn't load the client certificate
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn off verification, because SNTP is usually blocked by a firewall
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
int main()
{
/* set up server */
WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (srv_ctx == NULL) err_sys("bad server ctx new");
int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server key file load");
ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server cert file load");
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("bad server new");
/* start client thread */
pthread_t tid;
pthread_create(&tid, 0, client_thread, NULL);
/* accept tls connection without tcp sockets */
ret = wolfSSL_accept(srv_ssl);
if (ret != SSL_SUCCESS) err_sys("bad server tls accept");
printf("wolfSSL accept success!\n");
/* read msg post handshake from client */
unsigned char buf[80];
memset(buf, 0, sizeof(buf));
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
printf("client msg = %s\n", buf);
/* clean up */
wolfSSL_free(srv_ssl);
wolfSSL_CTX_free(srv_ctx);
return 0;
}
static int create_wolfssl_instance(TLS_IO_INSTANCE* tls_io_instance)
{
int result;
if (add_certificate_to_store(tls_io_instance) != 0)
{
wolfSSL_CTX_free(tls_io_instance->ssl_context);
result = __LINE__;
}
else
{
tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context);
if (tls_io_instance->ssl == NULL)
{
wolfSSL_CTX_free(tls_io_instance->ssl_context);
result = __LINE__;
}
else
{
tls_io_instance->socket_io_read_bytes = NULL;
tls_io_instance->socket_io_read_byte_count = 0;
tls_io_instance->on_send_complete = NULL;
tls_io_instance->on_send_complete_callback_context = NULL;
wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1);
wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send);
wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv);
wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance);
wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance);
wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance);
tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN;
result = 0;
}
}
return result;
}
int MqttSocket_Connect(MqttClient *client, const char* host, word16 port,
int timeout_ms, int use_tls, MqttTlsCb cb)
{
int rc;
/* Validate arguments */
if (client == NULL || client->net == NULL ||
client->net->connect == NULL) {
return MQTT_CODE_ERROR_BAD_ARG;
}
/* Validate port */
if (port == 0) {
port = (use_tls) ? MQTT_SECURE_PORT : MQTT_DEFAULT_PORT;
}
/* Connect to host */
rc = client->net->connect(client->net->context, host, port, timeout_ms);
if (rc != 0) {
return rc;
}
client->flags |= MQTT_CLIENT_FLAG_IS_CONNECTED;
#ifdef ENABLE_MQTT_TLS
if (use_tls) {
/* Setup the WolfSSL library */
wolfSSL_Init();
/* Issue callback to allow setup of the wolfSSL_CTX and cert
verification settings */
rc = SSL_SUCCESS;
if (cb) {
rc = cb(client);
}
if (rc == SSL_SUCCESS) {
/* Create and initialize the WOLFSSL_CTX structure */
if (client->tls.ctx == NULL) {
/* Use defaults */
client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (client->tls.ctx) {
wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_NONE, 0);
}
}
if (client->tls.ctx) {
/* Seutp the async IO callbacks */
wolfSSL_SetIORecv(client->tls.ctx,
MqttSocket_TlsSocketReceive);
wolfSSL_SetIOSend(client->tls.ctx,
MqttSocket_TlsSocketSend);
client->tls.ssl = wolfSSL_new(client->tls.ctx);
if (client->tls.ssl) {
wolfSSL_SetIOReadCtx(client->tls.ssl, (void *)client);
wolfSSL_SetIOWriteCtx(client->tls.ssl, (void *)client);
rc = wolfSSL_connect(client->tls.ssl);
if (rc == SSL_SUCCESS) {
client->flags |= MQTT_CLIENT_FLAG_IS_TLS;
rc = MQTT_CODE_SUCCESS;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: wolfSSL_new error!\n");
#endif
rc = -1;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: wolfSSL_CTX_new error!\n");
#endif
rc = -1;
}
}
else {
#ifndef WOLFMQTT_NO_STDIO
printf("MqttSocket_TlsConnect: TLS callback error!\n");
#endif
rc = -1;
}
/* Handle error case */
if (rc) {
#ifndef WOLFMQTT_NO_STDIO
const char* errstr = NULL;
int errnum = 0;
if (client->tls.ssl) {
errnum = wolfSSL_get_error(client->tls.ssl, 0);
errstr = wolfSSL_ERR_reason_error_string(errnum);
}
printf("MqttSocket_TlsConnect Error %d: Num %d, %s\n",
rc, errnum, errstr);
#endif
/* Make sure we cleanup on error */
MqttSocket_Disconnect(client);
rc = MQTT_CODE_ERROR_TLS_CONNECT;
}
}
#else
(void)cb;
#endif /* ENABLE_MQTT_TLS */
#ifdef WOLFMQTT_DEBUG_SOCKET
printf("MqttSocket_Connect: Rc=%d\n", rc);
#endif
/* Check for error */
if (rc < 0) {
rc = MQTT_CODE_ERROR_NETWORK;
}
return rc;
}
int WolfSSLConnection::connect(const char* host, const int port)
{
int result;
if(sslContext == NULL)
{
LogError("NULL SSL context\r\n");
result = __LINE__;
}
else
{
if (init_socket(SOCK_STREAM) < 0)
{
LogError("init_socket failed\r\n");
result = __LINE__;
}
else
{
if (set_address(host, port) != 0)
{
LogError("set_address failed\r\n");
result = __LINE__;
}
else if (lwip_connect(_sock_fd, (const struct sockaddr *) &_remoteHost, sizeof(_remoteHost)) < 0)
{
close();
LogError("lwip_connect failed\r\n");
result = __LINE__;
}
else
{
wolfSSL_SetIOSend(sslContext, &sendCallback);
wolfSSL_SetIORecv(sslContext, &receiveCallback);
ssl = wolfSSL_new(sslContext);
if(ssl == NULL)
{
LogError("wolfssl new error\r\n");
result = __LINE__;
}
else
{
wolfSSL_set_fd(ssl, _sock_fd);
result = wolfSSL_connect(ssl);
if (result != SSL_SUCCESS)
{
LogError("wolfssl connect error=%d\r\n", result);
result = __LINE__;
}
else
{
result = 0;
isConnected = true;
}
}
}
}
}
return result;
};
/* Create a new wolfSSL server with a certificate for authentication. */
static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
HEAP_HINT_SERVER)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(server_ctx, SERVER_CERT,
SERVER_CERT_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
SERVER_KEY, SERVER_KEY_LEN, WOLFSSL_FILETYPE_ASN1) !=
WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server key\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(server_ctx, recv_server);
wolfSSL_SetIOSend(server_ctx, send_server);
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(server_ssl, 1);
}
if (ret == 0) {
*ctx = server_ctx;
*ssl = server_ssl;
}
else {
if (server_ssl != NULL)
wolfSSL_free(server_ssl);
if (server_ctx != NULL)
wolfSSL_CTX_free(server_ctx);
}
return ret;
}
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
const uint8_t * clientCertPtr;
const uint8_t * clientKeyPtr;
int32_t caCertsLen;
int32_t clientCertLen;
int32_t clientKeyLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (!NET_PRES_CertStoreGetClientCerts(&clientCertPtr, &clientCertLen, 0))
{
return false;
}
if (!NET_PRES_CertStoreGetClientKey(&clientKeyPtr, &clientKeyLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}
net_pres_wolfSSLInfoStreamClient0.transObject = transObject;
net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (net_pres_wolfSSLInfoStreamClient0.context == 0)
{
return false;
}
wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0);
wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0);
// Loading the rootCA cert so we can authenticate the server certificate given to us
if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the certificates
//SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Loading the private key for client authentication use
if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientKeyPtr, clientKeyLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the private key
//SYS_CONSOLE_MESSAGE("Something went wrong loading the private key\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Loading the client cert so that the server can authenticate us (client authentication))
if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientCertPtr, clientCertLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
{
// Couldn't load the client certificate
//SYS_CONSOLE_MESSAGE("Something went wrong loading the client certificate\r\n");
wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context);
return false;
}
// Turn on verification, ensure SNTP is not blocked by firewall
// SSL_VERIFY_PEER: This option is turned on by default so technically this
// is not needed
wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0);
net_pres_wolfSSLInfoStreamClient0.isInited = true;
return true;
}
