/*
* Pulled in from examples/server/server.c
* Function to handle nonblocking. Loops until tcp_select notifies that it's
* ready for action.
*/
int NonBlockingSSL(WOLFSSL* ssl)
{
int ret;
int error;
int select_ret;
int sockfd = wolfSSL_get_fd(ssl);
ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0);
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
int currTimeout = 1;
/* print out for user notification */
if (error == SSL_ERROR_WANT_READ)
printf("... server would read block\n");
else
printf("... server would write block\n");
select_ret = tcp_select(sockfd, currTimeout);
/* if tcp_select signals ready try to accept otherwise continue loop*/
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT) {
error = SSL_ERROR_WANT_READ;
}
else {
error = SSL_FATAL_ERROR;
}
}
/* faliure to accept */
if (ret != SSL_SUCCESS) {
printf("Fatal error : SSL_accept failed\n");
ret = SSL_FATAL_ERROR;
}
return ret;
}
/* Server accepting a client using TLS */
static int wolfssl_server_accept(WOLFSSL* server_ssl)
{
int ret = 0;
if (wolfSSL_accept(server_ssl) != WOLFSSL_SUCCESS) {
if (wolfSSL_want_read(server_ssl)) {
printf("Server waiting for server\n");
}
else if (wolfSSL_want_write(server_ssl)) {
printf("Server waiting for buffer\n");
}
else
ret = -1;
}
return ret;
}
int main()
{
/* set up server */
WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (srv_ctx == NULL) err_sys("bad server ctx new");
int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server key file load");
ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) err_sys("bad server cert file load");
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("bad server new");
/* start client thread */
pthread_t tid;
pthread_create(&tid, 0, client_thread, NULL);
/* accept tls connection without tcp sockets */
ret = wolfSSL_accept(srv_ssl);
if (ret != SSL_SUCCESS) err_sys("bad server tls accept");
printf("wolfSSL accept success!\n");
/* read msg post handshake from client */
unsigned char buf[80];
memset(buf, 0, sizeof(buf));
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
printf("client msg = %s\n", buf);
/* clean up */
wolfSSL_free(srv_ssl);
wolfSSL_CTX_free(srv_ctx);
return 0;
}
/* Accept/negotiate a secure connection.
*
* ssl The wolfSSL object.
* acceptTime The amount of time spent accepting a client.
* resumeTime The amount of time spent resuming a connection with a client.
* returns 0 on failure, 1 on success, 2 on want read and 3 on want write.
*/
static int SSL_Accept(WOLFSSL* ssl, double* acceptTime, double* resumeTime)
{
int ret;
int error;
double start, diff;
/* Accept the connection. */
start = current_time(1);
ret = wolfSSL_accept(ssl);
diff = current_time(0) - start;
pthread_mutex_lock(&sslConnMutex);
if (!wolfSSL_session_reused(ssl))
*acceptTime += diff;
else
*resumeTime += diff;
pthread_mutex_unlock(&sslConnMutex);
if (ret == 0) {
fprintf(stderr, "The client has closed the connection - accept!\n");
return 0;
}
if (ret == SSL_SUCCESS)
return 1;
error = wolfSSL_get_error(ssl, 0);
if (error == SSL_ERROR_WANT_READ)
return 2;
if (error == SSL_ERROR_WANT_WRITE)
return 3;
if (error == WC_PENDING_E)
return 4;
/* Cannot do anything about other errors. */
fprintf(stderr, "wolfSSL_accept error = %d\n", error);
return 0;
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
err_sys("sctp accept error");
const char* response = "well hello to you";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
if (ctx == NULL)
err_sys("ctx new dtls server failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use private key error");
ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls server failed");
wolfSSL_set_fd(ssl, client_sd);
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl accept failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
wolfSSL_write(ssl, response, (int)strlen(response));
unsigned char bigBuf[4096];
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port = wolfSSLPort;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
!defined(WOLFSSL_TIRTOS)
port = 0;
#endif
wolfSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef OPENSSL_EXTRA
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0);
CloseSocket(sfd);
wolfSSL_set_fd(ssl, cfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
/* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */
if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
} else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
wolfSSL_shutdown(ssl);
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port = wolfSSLPort;
WOLFSSL_METHOD* method = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
method = wolfSSLv23_server_method();
ctx = wolfSSL_CTX_new(method);
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
!defined(WOLFSSL_TIRTOS)
port = 0;
#endif
wolfSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef OPENSSL_EXTRA
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
{
/*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
{
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
ssl = wolfSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0);
CloseSocket(sockfd);
wolfSSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (wolfSSL_accept(ssl) != SSL_SUCCESS)
{
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_accept failed");*/
goto done;
}
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
{
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
int main(int argc, char** argv)
{
/* cont short for "continue?", Loc short for "location" */
int cont = 0;
char caCertLoc[] = "../certs/ca-cert.pem";
char servCertLoc[] = "../certs/server-cert.pem";
char servKeyLoc[] = "../certs/server-key.pem";
WOLFSSL_CTX* ctx;
/* Variables for awaiting datagram */
int on = 1;
int res = 1;
int connfd = 0;
int recvLen = 0; /* length of message */
int listenfd = 0; /* Initialize our socket */
WOLFSSL* ssl = NULL;
socklen_t cliLen;
socklen_t len = sizeof(int);
unsigned char b[MSGLEN]; /* watch for incoming messages */
char buff[MSGLEN]; /* the incoming message */
char ack[] = "I hear you fashizzle!\n";
/* Code for handling signals */
struct sigaction act, oact;
act.sa_handler = sig_handler;
sigemptyset(&act.sa_mask);
act.sa_flags = 0;
sigaction(SIGINT, &act, &oact);
/* "./config --enable-debug" and uncomment next line for debugging */
/* wolfSSL_Debugging_ON(); */
/* Initialize wolfSSL */
wolfSSL_Init();
/* Set ctx to DTLS 1.2 */
if ((ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())) == NULL) {
printf("wolfSSL_CTX_new error.\n");
return 1;
}
/* Load CA certificates */
if (wolfSSL_CTX_load_verify_locations(ctx,caCertLoc,0) !=
SSL_SUCCESS) {
printf("Error loading %s, please check the file.\n", caCertLoc);
return 1;
}
/* Load server certificates */
if (wolfSSL_CTX_use_certificate_file(ctx, servCertLoc, SSL_FILETYPE_PEM) !=
SSL_SUCCESS) {
printf("Error loading %s, please check the file.\n", servCertLoc);
return 1;
}
/* Load server Keys */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, servKeyLoc,
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
printf("Error loading %s, please check the file.\n", servKeyLoc);
return 1;
}
/* Await Datagram */
while (cleanup != 1) {
/* Create a UDP/IP socket */
if ((listenfd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0 ) {
printf("Cannot create socket.\n");
cleanup = 1;
}
printf("Socket allocated\n");
/* clear servAddr each loop */
memset((char *)&servAddr, 0, sizeof(servAddr));
/* host-to-network-long conversion (htonl) */
/* host-to-network-short conversion (htons) */
servAddr.sin6_family = AF_INET6;
servAddr.sin6_port = htons(SERV_PORT);
/* Eliminate socket already in use error */
res = setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
if (res < 0) {
printf("Setsockopt SO_REUSEADDR failed.\n");
cleanup = 1;
cont = 1;
}
/*Bind Socket*/
if (bind(listenfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) {
printf("Bind failed.\n");
cleanup = 1;
cont = 1;
}
printf("Awaiting client connection on port %d\n", SERV_PORT);
cliLen = sizeof(cliaddr);
connfd = (int)recvfrom(listenfd, (char *)&b, sizeof(b), MSG_PEEK,
(struct sockaddr*)&cliaddr, &cliLen);
if (connfd < 0) {
printf("No clients in que, enter idle state\n");
continue;
}
else if (connfd > 0) {
if (connect(listenfd, (const struct sockaddr *)&cliaddr,
sizeof(cliaddr)) != 0) {
printf("Udp connect failed.\n");
cleanup = 1;
cont = 1;
}
}
else {
printf("Recvfrom failed.\n");
cleanup = 1;
cont = 1;
}
printf("Connected!\n");
/* Create the WOLFSSL Object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
cleanup = 1;
cont = 1;
}
/* set the session ssl to client connection port */
wolfSSL_set_fd(ssl, listenfd);
if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
int e = wolfSSL_get_error(ssl, 0);
printf("error = %d, %s\n", e, wolfSSL_ERR_reason_error_string(e));
printf("SSL_accept failed.\n");
continue;
}
if ((recvLen = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
printf("heard %d bytes\n", recvLen);
buff[recvLen] = 0;
printf("I heard this: \"%s\"\n", buff);
}
else if (recvLen < 0) {
int readErr = wolfSSL_get_error(ssl, 0);
if(readErr != SSL_ERROR_WANT_READ) {
printf("SSL_read failed.\n");
cleanup = 1;
cont = 1;
}
}
if (wolfSSL_write(ssl, ack, sizeof(ack)) < 0) {
printf("wolfSSL_write fail.\n");
cleanup = 1;
cont = 1;
}
else {
printf("Sending reply.\n");
}
printf("reply sent \"%s\"\n", ack);
wolfSSL_set_fd(ssl, 0);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
printf("Client left cont to idle state\n");
cont = 0;
}
/* With the "continue" keywords, it is possible for the loop to exit *
* without changing the value of cont */
if (cleanup == 1) {
cont = 1;
}
if (cont == 1) {
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
}
return 0;
}
