static void test_wolfSSL_CTX_use_certificate_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert, SSL_FILETYPE_PEM)); /* invalid cert file */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, SSL_FILETYPE_PEM)); /* invalid cert type */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert, 9999)); #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert,SSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); #endif }
static void prvInitialiseWolfSSL( void ) { int32_t iReturn; #ifdef DEBUG_WOLFSSL { wolfSSL_Debugging_ON(); } #endif /* Initialise wolfSSL. This must be done before any other wolfSSL functions are called. */ wolfSSL_Init(); /* Attempt to create a context that uses the TLS 1.2 server protocol. */ xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() ); if( xWolfSSL_ServerContext != NULL ) { /* Load the CA certificate. Real applications should ensure that wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before proceeding. */ iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); } }
static void test_server_wolfSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); AssertNull(ssl = wolfSSL_new(ctx_nocert)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); #endif }
void *mod_wolftls_create(http_server_t *server, char *unused, mod_tls_t *modconfig) { int ret; _mod_wolftls_t *mod; if (!modconfig) return NULL; mod = calloc(1, sizeof(*mod)); wolfSSL_Init(); mod->method = wolfTLSv1_2_server_method(); if ( (mod->ctx = wolfSSL_CTX_new(mod->method)) == NULL) goto wolfftls_out_ctx; if (modconfig->crtfile) { ret = wolfSSL_CTX_use_certificate_file(mod->ctx, modconfig->crtfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_file %d %d\n", ret, WOLFSSL_SUCCESS); goto wolfftls_out_certfile; } } if (modconfig->pemfile) { ret = wolfSSL_CTX_use_PrivateKey_file(mod->ctx, modconfig->pemfile, SSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_PrivateKey_file pem %d\n", ret); goto wolfftls_out_certfile; } } if (modconfig->cachain) { ret = wolfSSL_CTX_use_certificate_chain_file(mod->ctx, modconfig->cachain); if (ret != WOLFSSL_SUCCESS) { err("wolftls: CTX_use_certificate_chain_file cachain %d\n", ret); goto wolfftls_out_certfile; } } httpserver_addmod(server, _mod_wolftls_getctx, _mod_wolftls_freectx, mod, str_wolftls); return mod; wolfftls_out_certfile: wolfSSL_CTX_free(mod->ctx); wolfftls_out_ctx: free(mod); return NULL; }
int Client(const char* ip, word16 port) { int n; char msg[] = "hello wolfssl"; char reply[MAXSZ]; int msgSz = strlen(msg); SOCKET_T fd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) err_sys("Error in setting client ctx\n"); if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); /*sets the IO callback methods*/ wolfSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIOSend(ctx, CbIOSend); if ((ssl = wolfSSL_new(ctx)) == NULL) err_sys("issue when creating ssl"); tcp_connect(&fd, ip, port, 0); wolfSSL_set_fd(ssl, fd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("client connect failed"); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("client write failed"); memset(reply, 0, MAXSZ); if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) { reply[n] = '\0'; } else { printf("client read returned %d\n", n); return -1; } printf("Server sent : %s\n", reply); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return 0; }
int main() { /* set up server */ WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); if (srv_ctx == NULL) err_sys("bad server ctx new"); int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server key file load"); ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server cert file load"); wolfSSL_SetIOSend(srv_ctx, ServerSend); wolfSSL_SetIORecv(srv_ctx, ServerRecv); WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx); if (srv_ctx == NULL) err_sys("bad server new"); /* start client thread */ pthread_t tid; pthread_create(&tid, 0, client_thread, NULL); /* accept tls connection without tcp sockets */ ret = wolfSSL_accept(srv_ssl); if (ret != SSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); /* read msg post handshake from client */ unsigned char buf[80]; memset(buf, 0, sizeof(buf)); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); printf("client msg = %s\n", buf); /* clean up */ wolfSSL_free(srv_ssl); wolfSSL_CTX_free(srv_ctx); return 0; }
int main() { int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP); if (sd < 0) err_sys("sctp socket error"); struct sockaddr_in sa; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = htonl(INADDR_ANY); sa.sin_port = htons(12345); int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa)); if (ret < 0) err_sys("sctp bind error"); listen(sd, 3); int client_sd = accept(sd, NULL, NULL); if (client_sd < 0) err_sys("sctp accept error"); const char* response = "well hello to you"; char buffer[80]; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); if (ctx == NULL) err_sys("ctx new dtls server failed"); ret = wolfSSL_CTX_dtls_set_sctp(ctx); if (ret != SSL_SUCCESS) err_sys("set sctp mode failed"); ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use private key error"); ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("use cert error"); WOLFSSL* ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("ssl new dtls server failed"); wolfSSL_set_fd(ssl, client_sd); ret = wolfSSL_accept(ssl); if (ret != SSL_SUCCESS) err_sys("ssl accept failed"); printf("TLS version is %s\n", wolfSSL_get_version(ssl)); printf("Cipher Suite is %s\n", wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl))); int got = wolfSSL_read(ssl, buffer, sizeof(buffer)); if (got > 0) { buffer[got] = 0; printf("client said: %s\n", buffer); } wolfSSL_write(ssl, response, (int)strlen(response)); unsigned char bigBuf[4096]; wolfSSL_read(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_write(ssl, bigBuf, sizeof(bigBuf)); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); close(sd); return 0; }
int main() { /* * Creates a socket that uses an internet IP address, * Sets the type to be Stream based (TCP), * 0 means choose the default protocol. */ socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0); int ret = 0; /* Return Variable */ int loopExit = 0; /* 0 = False, 1 = True */ /* Server and Client socket address structures */ struct sockaddr_in serverAddr = {0}, clientAddr = {0}; /* Initialize the server address struct to zero */ memset((char *)&serverAddr, 0, sizeof(serverAddr)); /* Fill the server's address family */ serverAddr.sin_family = AF_INET; serverAddr.sin_addr.s_addr = INADDR_ANY; serverAddr.sin_port = htons(DEFAULT_PORT); /* initialize wolfSSL */ wolfSSL_Init(); /* If positive value, the socket is valid */ if (sockfd == -1) { printf("ERROR: failed to create the socket\n"); return EXIT_FAILURE; } /* Create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return EXIT_FAILURE; } /* Load server certificate into WOLFSSL_CTX */ if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading certs/server-cert.pem, please check" "the file.\n"); return EXIT_FAILURE; } /* Load server key into WOLFSSL_CTX */ if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading certs/server-key.pem, please check" "the file.\n"); return EXIT_FAILURE; } /* Attach the server socket to our port */ if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) < 0) { printf("ERROR: failed to bind\n"); return EXIT_FAILURE; } printf("Waiting for a connection...\n"); /* Continuously accept connects while not currently in an active connection or told to quit */ while (loopExit == 0) { /* Listen for a new connection, allow 5 pending connections */ ret = listen(sockfd, 5); if (ret == 0) { /* Accept client connections and read from them */ loopExit = AcceptAndRead(sockfd, clientAddr); } } wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */ wolfSSL_Cleanup(); /* Free wolfSSL */ return EXIT_SUCCESS; }
/* Initialize the wolfSSL library and create a wolfSSL context. * * version The protocol version. * cert The server's certificate. * key The server's private key matching the certificate. * verifyCert The certificate for client authentication. * cipherList The list of negotiable ciphers. * wolfsslCtx The new wolfSSL context object. * returns EXIT_SUCCESS when a wolfSSL context object is created and * EXIT_FAILURE otherwise. */ static int WolfSSLCtx_Init(int version, char* cert, char* key, char* verifyCert, char* cipherList, int* devId, WOLFSSL_CTX** wolfsslCtx) { WOLFSSL_CTX* ctx; wolfSSL_method_func method = NULL; method = SSL_GetMethod(version); if (method == NULL) return(EXIT_FAILURE); /* Create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(method(NULL))) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return(EXIT_FAILURE); } #ifdef WOLFSSL_ASYNC_CRYPT if (wolfAsync_DevOpen(devId) != 0) { fprintf(stderr, "Async device open failed\nRunning without async\n"); } wolfSSL_CTX_UseAsync(ctx, *devId); #endif /* Load server certificate into WOLFSSL_CTX */ if (wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", cert); wolfSSL_CTX_free(ctx); return(EXIT_FAILURE); } /* Load server key into WOLFSSL_CTX */ if (wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", key); wolfSSL_CTX_free(ctx); return(EXIT_FAILURE); } /* Setup client authentication. */ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", verifyCert); wolfSSL_CTX_free(ctx); return(EXIT_FAILURE); } if (cipherList != NULL) { if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) { fprintf(stderr, "Server can't set cipher list.\n"); wolfSSL_CTX_free(ctx); return(EXIT_FAILURE); } } #ifndef NO_DH SetDHCtx(ctx); #endif *wolfsslCtx = ctx; return EXIT_SUCCESS; }
int main(int argc, char **argv) { struct sockaddr_in srvaddr, cliaddr; socklen_t socketfd,clisocketfd; socklen_t clilen; WOLFSSL_CTX *wsslctx; WOLFSSL *sslconn; int portnum; const char *certpath; const char *privpath; std::string cliipaddr; std::string data; std::string dbpath; pid_t pid; clilen = sizeof(cliaddr); wolfSSL_Init(); if (argc == 4) { if (prompt_y_n("Create new user database?", "")) { do { std::cout << "Please specify a filename for the new database: "; std::getline(std::cin, dbpath); if (!access(dbpath.c_str(), F_OK)) { if (prompt_y_n("File already exists, overwrite?", "")) { break; } } else { break; } } while (true); std::string jsondat = "{ \"users\" : { } }"; std::ofstream outputfile; outputfile.open(dbpath); if (outputfile.is_open()) { outputfile << jsondat; outputfile.close(); std::cout << "Created new database file!" << std::endl; } else { std::cout << "Failed to create new database file!" << std::endl; } } else { std::cout << "Ok, please specify an existing user database" << std::endl; std::cout<<"Usage: "<<argv[0]<<" <port #> <certfile> <privkey> [userdb]"<<std::endl; return -1; } } else if (argc < 5) { std::cout<<"Usage: "<<argv[0]<<" <port #> <certfile> <privkey> [userdb]"<<std::endl; std::cout<<"If [userdb] is unspecified, we will create a new one"<<std::endl; return 1; } portnum = atoi(argv[1]); certpath = argv[2]; privpath = argv[3]; if (argc == 5) dbpath = std::string(argv[4]); if (portnum < 1 || portnum > 65535) { std::cout<<"Please choose a port in the range: 1-65535"<<std::endl; return 1; } /*userdb_file.open(dbpath); if (!userdb_file.is_open()) { std::cout<<"[-] Could not open user database"<<std::endl; return 1; }*/ if ( (socketfd = socket(AF_INET, SOCK_STREAM, 0)) == -1 ) { std::cout<<"Failed to initialize socket"<<std::endl; return -1; } memset((void*)&srvaddr,0,sizeof(srvaddr)); srvaddr.sin_family = AF_INET; srvaddr.sin_addr.s_addr = INADDR_ANY; srvaddr.sin_port = htons(portnum); if ( (wsslctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL ) { std::cout<<"Failed to create new WolfSSL CTX"<<std::endl; return -1; } if (wolfSSL_CTX_use_PrivateKey_file(wsslctx,privpath,SSL_FILETYPE_PEM) != SSL_SUCCESS) { std::cout<<"Failed to load SSL private key file"<<std::endl; return -2; } if (wolfSSL_CTX_use_certificate_file(wsslctx,certpath,SSL_FILETYPE_PEM) != SSL_SUCCESS) { std::cout<<"Failed to load SSL certificate file"<<std::endl; return -2; } if (bind(socketfd, (struct sockaddr *)&srvaddr, sizeof(srvaddr)) != 0) { std::cout<<"Failed to bind to port "<<portnum<<std::endl; return -3; } listen(socketfd,10); std::cout<<"[+] KeyLocker server started. Waiting for connections..."<<std::endl; while(1) { if ( (clisocketfd = accept(socketfd,(struct sockaddr *)&cliaddr,&clilen)) == -1 ) { std::cout<<"Failed to accept connection on socket"<<std::endl; //return -3; } if ( (pid=fork()) < 0 ) { std::cout<<"Fork failed"<<std::endl; return -4; } else if (pid > 0) { /* parent */ close(clisocketfd); waitpid(pid, 0, 0); continue; } else { /* child */ close(socketfd); //15 second timeout signal(SIGALRM,sighandler); alarm(15); cliipaddr = std::string(inet_ntoa(cliaddr.sin_addr)); std::cout<<"[+] Client connected from IP address: "<<cliipaddr <<std::endl; sslconn = start_ssl(wsslctx,clisocketfd,cliaddr); data = get_cli_data(sslconn); //shut alarm off alarm(0); process_data(data,dbpath,sslconn); close(clisocketfd); break; } usleep(1000); } //close(clisocketfd); wolfSSL_free(sslconn); wolfSSL_CTX_free(wsslctx); wolfSSL_Cleanup(); return 0; }
static void run_wolfssl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCert, 0)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sfd); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } else { AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Server response: %s\n", input); } } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif }
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = wolfSSLPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(WOLFSSL_TIRTOS) port = 0; #endif wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0); CloseSocket(sfd); wolfSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */ if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif wolfSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif }
static void test_client_nofail(void* args) { SOCKET_T sockfd = 0; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)strlen(msg); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = wolfSSLv23_client_method(); ctx = wolfSSL_CTX_new(method); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done2; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done2; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done2; } tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0); ssl = wolfSSL_new(ctx); wolfSSL_set_fd(ssl, sockfd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ goto done2; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done2; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); } done2: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif return; }
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port = wolfSSLPort; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = wolfSSLv23_server_method(); ctx = wolfSSL_CTX_new(method); #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(WOLFSSL_TIRTOS) port = 0; #endif wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } ssl = wolfSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0); CloseSocket(sockfd); wolfSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif done: wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif }
/* Initialize the wolfSSL library and create a wolfSSL context. * * version The protocol version. * cert The server's certificate. * key The server's private key matching the certificate. * verifyCert The certificate for client authentication. * cipherList The list of negotiable ciphers. * wolfsslCtx The new wolfSSL context object. * returns EXIT_SUCCESS when a wolfSSL context object is created and * EXIT_FAILURE otherwise. */ static int WolfSSLCtx_Init(ThreadData* threadData, int version, int allowDowngrade, char* cert, char* key, char* verifyCert, char* cipherList) { wolfSSL_method_func method = NULL; method = SSL_GetMethod(version, allowDowngrade); if (method == NULL) return(EXIT_FAILURE); /* Create and initialize WOLFSSL_CTX structure */ if ((threadData->ctx = wolfSSL_CTX_new(method(NULL))) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); return(EXIT_FAILURE); } #ifdef WOLFSSL_ASYNC_CRYPT #ifndef WC_NO_ASYNC_THREADING if (wolfAsync_DevOpenThread(&threadData->devId, &threadData->thread_id) < 0) #else if (wolfAsync_DevOpen(&threadData->devId) < 0) #endif { fprintf(stderr, "Async device open failed\nRunning without async\n"); } wolfSSL_CTX_UseAsync(threadData->ctx, threadData->devId); #endif /* Load server certificate into WOLFSSL_CTX */ if (wolfSSL_CTX_use_certificate_file(threadData->ctx, cert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", cert); WolfSSLCtx_Final(threadData); return(EXIT_FAILURE); } /* Load server key into WOLFSSL_CTX */ if (wolfSSL_CTX_use_PrivateKey_file(threadData->ctx, key, SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", key); WolfSSLCtx_Final(threadData); return(EXIT_FAILURE); } /* Setup client authentication. */ wolfSSL_CTX_set_verify(threadData->ctx, SSL_VERIFY_PEER, 0); if (wolfSSL_CTX_load_verify_locations(threadData->ctx, verifyCert, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", verifyCert); WolfSSLCtx_Final(threadData); return(EXIT_FAILURE); } if (cipherList != NULL) { if (wolfSSL_CTX_set_cipher_list(threadData->ctx, cipherList) != SSL_SUCCESS) { fprintf(stderr, "Server can't set cipher list.\n"); WolfSSLCtx_Final(threadData); return(EXIT_FAILURE); } } #ifndef NO_DH SetDHCtx(threadData->ctx); #endif return EXIT_SUCCESS; }
int main(int argc, char** argv) { /* cont short for "continue?", Loc short for "location" */ int cont = 0; char caCertLoc[] = "../certs/ca-cert.pem"; char servCertLoc[] = "../certs/server-cert.pem"; char servKeyLoc[] = "../certs/server-key.pem"; WOLFSSL_CTX* ctx; /* Variables for awaiting datagram */ int on = 1; int res = 1; int connfd = 0; int recvLen = 0; /* length of message */ int listenfd = 0; /* Initialize our socket */ WOLFSSL* ssl = NULL; socklen_t cliLen; socklen_t len = sizeof(int); unsigned char b[MSGLEN]; /* watch for incoming messages */ char buff[MSGLEN]; /* the incoming message */ char ack[] = "I hear you fashizzle!\n"; /* Code for handling signals */ struct sigaction act, oact; act.sa_handler = sig_handler; sigemptyset(&act.sa_mask); act.sa_flags = 0; sigaction(SIGINT, &act, &oact); /* "./config --enable-debug" and uncomment next line for debugging */ /* wolfSSL_Debugging_ON(); */ /* Initialize wolfSSL */ wolfSSL_Init(); /* Set ctx to DTLS 1.2 */ if ((ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())) == NULL) { printf("wolfSSL_CTX_new error.\n"); return 1; } /* Load CA certificates */ if (wolfSSL_CTX_load_verify_locations(ctx,caCertLoc,0) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", caCertLoc); return 1; } /* Load server certificates */ if (wolfSSL_CTX_use_certificate_file(ctx, servCertLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servCertLoc); return 1; } /* Load server Keys */ if (wolfSSL_CTX_use_PrivateKey_file(ctx, servKeyLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servKeyLoc); return 1; } /* Await Datagram */ while (cleanup != 1) { /* Create a UDP/IP socket */ if ((listenfd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0 ) { printf("Cannot create socket.\n"); cleanup = 1; } printf("Socket allocated\n"); /* clear servAddr each loop */ memset((char *)&servAddr, 0, sizeof(servAddr)); /* host-to-network-long conversion (htonl) */ /* host-to-network-short conversion (htons) */ servAddr.sin6_family = AF_INET6; servAddr.sin6_port = htons(SERV_PORT); /* Eliminate socket already in use error */ res = setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, &on, len); if (res < 0) { printf("Setsockopt SO_REUSEADDR failed.\n"); cleanup = 1; cont = 1; } /*Bind Socket*/ if (bind(listenfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) { printf("Bind failed.\n"); cleanup = 1; cont = 1; } printf("Awaiting client connection on port %d\n", SERV_PORT); cliLen = sizeof(cliaddr); connfd = (int)recvfrom(listenfd, (char *)&b, sizeof(b), MSG_PEEK, (struct sockaddr*)&cliaddr, &cliLen); if (connfd < 0) { printf("No clients in que, enter idle state\n"); continue; } else if (connfd > 0) { if (connect(listenfd, (const struct sockaddr *)&cliaddr, sizeof(cliaddr)) != 0) { printf("Udp connect failed.\n"); cleanup = 1; cont = 1; } } else { printf("Recvfrom failed.\n"); cleanup = 1; cont = 1; } printf("Connected!\n"); /* Create the WOLFSSL Object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); cleanup = 1; cont = 1; } /* set the session ssl to client connection port */ wolfSSL_set_fd(ssl, listenfd); if (wolfSSL_accept(ssl) != SSL_SUCCESS) { int e = wolfSSL_get_error(ssl, 0); printf("error = %d, %s\n", e, wolfSSL_ERR_reason_error_string(e)); printf("SSL_accept failed.\n"); continue; } if ((recvLen = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { printf("heard %d bytes\n", recvLen); buff[recvLen] = 0; printf("I heard this: \"%s\"\n", buff); } else if (recvLen < 0) { int readErr = wolfSSL_get_error(ssl, 0); if(readErr != SSL_ERROR_WANT_READ) { printf("SSL_read failed.\n"); cleanup = 1; cont = 1; } } if (wolfSSL_write(ssl, ack, sizeof(ack)) < 0) { printf("wolfSSL_write fail.\n"); cleanup = 1; cont = 1; } else { printf("Sending reply.\n"); } printf("reply sent \"%s\"\n", ack); wolfSSL_set_fd(ssl, 0); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); printf("Client left cont to idle state\n"); cont = 0; } /* With the "continue" keywords, it is possible for the loop to exit * * without changing the value of cont */ if (cleanup == 1) { cont = 1; } if (cont == 1) { wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); } return 0; }