bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
/* Use this callback to setup TLS certificates and verify callbacks */ static int mqtt_aws_tls_cb(MqttClient* client) { int rc = SSL_FAILURE; client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqtt_aws_tls_verify_cb); /* Load CA certificate buffer */ rc = wolfSSL_CTX_load_verify_buffer(client->tls.ctx, (const byte*)root_ca, (long)XSTRLEN(root_ca), SSL_FILETYPE_PEM); /* Load Client Cert */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_certificate_buffer(client->tls.ctx, (const byte*)device_cert, (long)XSTRLEN(device_cert), SSL_FILETYPE_PEM); /* Load Private Key */ if (rc == SSL_SUCCESS) rc = wolfSSL_CTX_use_PrivateKey_buffer(client->tls.ctx, (const byte*)device_priv_key, (long)XSTRLEN(device_priv_key), SSL_FILETYPE_PEM); } PRINTF("MQTT TLS Setup (%d)", rc); return rc; }
/* Create a new wolfSSL client with a server CA certificate. */ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) { int ret = 0; WOLFSSL_CTX* client_ctx = NULL; WOLFSSL* client_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(), HEAP_HINT_CLIENT)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; } if (ret == 0) { /* Load CA certificates into WOLFSSL_CTX */ if (wolfSSL_CTX_load_verify_buffer(client_ctx, CA_CERTS, CA_CERTS_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load CA certificate\n"); ret = -1; } } if (ret == 0) { /* Register callbacks */ wolfSSL_SetIORecv(client_ctx, recv_client); wolfSSL_SetIOSend(client_ctx, send_client); } if (ret == 0) { /* Create a WOLFSSL object */ if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) { printf("ERROR: failed to create WOLFSSL object\n"); ret = -1; } } if (ret == 0) { /* make wolfSSL object nonblocking */ wolfSSL_set_using_nonblock(client_ssl, 1); } if (ret == 0) { *ctx = client_ctx; *ssl = client_ssl; } else { if (client_ssl != NULL) wolfSSL_free(client_ssl); if (client_ctx != NULL) wolfSSL_CTX_free(client_ctx); } return ret; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the private key wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the client certificate wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
bool WolfSSLConnection::load_certificate(const unsigned char* certificate, size_t size) { bool result; if (sslContext == NULL) { LogError("NULL SSL context\r\n"); result = false; } else { result = (wolfSSL_CTX_load_verify_buffer(sslContext,(unsigned char*)certificate, size, SSL_FILETYPE_PEM) == SSL_SUCCESS); } return result; }
static int add_certificate_to_store(TLS_IO_INSTANCE* tls_io_instance) { int result; if (tls_io_instance->certificate != NULL) { int res = wolfSSL_CTX_load_verify_buffer(tls_io_instance->ssl_context, (const unsigned char*)tls_io_instance->certificate, strlen(tls_io_instance->certificate)+1, SSL_FILETYPE_PEM); if (res != SSL_SUCCESS) { result = __LINE__; } else { result = 0; } } else { result = 0; } return result; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; const uint8_t * clientCertPtr; const uint8_t * clientKeyPtr; int32_t caCertsLen; int32_t clientCertLen; int32_t clientKeyLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (!NET_PRES_CertStoreGetClientCerts(&clientCertPtr, &clientCertLen, 0)) { return false; } if (!NET_PRES_CertStoreGetClientKey(&clientKeyPtr, &clientKeyLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Loading the rootCA cert so we can authenticate the server certificate given to us if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the private key for client authentication use if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientKeyPtr, clientKeyLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the private key //SYS_CONSOLE_MESSAGE("Something went wrong loading the private key\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientCertPtr, clientCertLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the client certificate //SYS_CONSOLE_MESSAGE("Something went wrong loading the client certificate\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn on verification, ensure SNTP is not blocked by firewall // SSL_VERIFY_PEER: This option is turned on by default so technically this // is not needed wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
/* * ======== tcpHandler ======== * Creates new Task to handle new TCP connections. */ Void tcpHandler(UArg arg0, UArg arg1) { int sockfd; int ret; struct sockaddr_in servAddr; Error_Block eb; bool flag = true; bool internal_flag = true; int nbytes; char *buffer; char msg[] = "Hello from TM4C1294XL Connected Launchpad"; WOLFSSL* ssl = (WOLFSSL *) arg0; fdOpenSession(TaskSelf()); wolfSSL_Init(); WOLFSSL_CTX* ctx = NULL; ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (ctx == 0) { System_printf("tcpHandler: wolfSSL_CTX_new error.\n"); exitApp(ctx); } if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof(ca_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading ca_cert_der_2048" " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } if (wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048, sizeof(client_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_cert_der_2048," " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, sizeof(client_key_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS) { System_printf("tcpHandler: Error loading client_key_der_2048," " please check the wolfssl/certs_test.h file.\n"); exitApp(ctx); } /* Init the Error_Block */ Error_init(&eb); do { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { System_printf("tcpHandler: socket failed\n"); Task_sleep(2000); continue; } memset((char *) &servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(TCPPORT); inet_aton(IP_ADDR, &servAddr.sin_addr); ret = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if (ret < 0) { fdClose((SOCKET) sockfd); Task_sleep(2000); continue; } } while (ret != 0); if ((ssl = wolfSSL_new(ctx)) == NULL) { System_printf("tcpHandler: wolfSSL_new error.\n"); exitApp(ctx); } wolfSSL_set_fd(ssl, sockfd); ret = wolfSSL_connect(ssl); /* Delete "TOP_LINE" and "END_LINE" for debugging. */ /* TOP_LINE System_printf("looked for: %d.\n", SSL_SUCCESS); System_printf("return was: %d.\n", ret); int err; char err_buffer[80]; err = wolfSSL_get_error(ssl, 0); System_printf("wolfSSL error: %d\n", err); System_printf("wolfSSL error string: %s\n", wolfSSL_ERR_error_string(err, err_buffer)); END_LINE */ if (ret == SSL_SUCCESS) { sockfd = wolfSSL_get_fd(ssl); /* Get a buffer to receive incoming packets. Use the default heap. */ buffer = Memory_alloc(NULL, TCPPACKETSIZE, 0, &eb); if (buffer == NULL) { System_printf("tcpWorker: failed to alloc memory\n"); exitApp(ctx); } /* Say hello to the server */ while (flag) { if (wolfSSL_write(ssl, msg, strlen(msg)) != strlen(msg)) { ret = wolfSSL_get_error(ssl, 0); System_printf("Write error: %i.\n", ret); } while (internal_flag) { nbytes = wolfSSL_read(ssl, (char *) buffer, TCPPACKETSIZE); if (nbytes > 0) { internal_flag = false; } } /* success */ System_printf("Heard: \"%s\".\n", buffer); wolfSSL_free(ssl); fdClose((SOCKET) sockfd); flag = false; } /* Free the buffer back to the heap */ Memory_free(NULL, buffer, TCPPACKETSIZE); /* * Since deleteTerminatedTasks is set in the cfg file, * the Task will be deleted when the idle task runs. */ exitApp(ctx); } else { wolfSSL_free(ssl); fdClose((SOCKET) sockfd); System_printf("wolfSSL_connect failed.\n"); fdCloseSession(TaskSelf()); exitApp(ctx); } }