/* Use this callback to setup TLS certificates and verify callbacks */
static int mqtt_aws_tls_cb(MqttClient* client)
{
int rc = SSL_FAILURE;
client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (client->tls.ctx) {
wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_PEER, mqtt_aws_tls_verify_cb);
/* Load CA certificate buffer */
rc = wolfSSL_CTX_load_verify_buffer(client->tls.ctx,
(const byte*)root_ca, (long)XSTRLEN(root_ca), SSL_FILETYPE_PEM);
/* Load Client Cert */
if (rc == SSL_SUCCESS)
rc = wolfSSL_CTX_use_certificate_buffer(client->tls.ctx,
(const byte*)device_cert, (long)XSTRLEN(device_cert), SSL_FILETYPE_PEM);
/* Load Private Key */
if (rc == SSL_SUCCESS)
rc = wolfSSL_CTX_use_PrivateKey_buffer(client->tls.ctx,
(const byte*)device_priv_key, (long)XSTRLEN(device_priv_key), SSL_FILETYPE_PEM);
}
PRINTF("MQTT TLS Setup (%d)", rc);
return rc;
}
static int build_http_request(const char* domainName, const char* path,
int ocspReqSz, byte* buf, int bufSize)
{
word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
char ocspReqSzStr[6];
domainNameLen = (word32)XSTRLEN(domainName);
pathLen = (word32)XSTRLEN(path);
ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);
completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
if (completeLen > (word32)bufSize)
return 0;
XSTRNCPY((char*)buf, "POST ", 5);
buf += 5;
XSTRNCPY((char*)buf, path, pathLen);
buf += pathLen;
XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
buf += 17;
XSTRNCPY((char*)buf, domainName, domainNameLen);
buf += domainNameLen;
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
buf += 18;
XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
buf += ocspReqSzStrLen;
XSTRNCPY((char*)buf,
"\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
return completeLen;
}
int wolfCLU_checkForArg(char* searchTerm, int length, int argc, char** argv)
{
int i;
int ret = 0;
int argFound = 0;
for (i = 0; i < argc; i++) {
if (argv[i] == NULL) {
ret = 0;
break; /* stop checking if no more args*/
} else if (XSTRNCMP(searchTerm, "-help", length) == 0 &&
XSTRNCMP(argv[i], "-help", XSTRLEN(argv[i])) == 0) {
return 1;
} else if (XSTRNCMP(argv[i], searchTerm, length) == 0 &&
XSTRNCMP(argv[i], searchTerm, XSTRLEN(argv[i])) == 0) {
ret = i;
if (argFound == 1) {
printf("ERROR: argument found twice: \"%s\"\n", searchTerm);
return USER_INPUT_ERROR;
}
argFound = 1;
}
}
return ret;
}
int md5_test(void)
{
Md5 md5;
byte hash[MD5_DIGEST_SIZE];
testVector a, b, c, d, e;
testVector test_md5[5];
int times = sizeof(test_md5) / sizeof(testVector), i;
a.input = "abc";
a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
"\x72";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "message digest";
b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
"\xd0";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
c.input = "abcdefghijklmnopqrstuvwxyz";
c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
"\x3b";
c.inLen = XSTRLEN(c.input);
c.outLen = XSTRLEN(c.output);
d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
"\x9f";
d.inLen = XSTRLEN(d.input);
d.outLen = XSTRLEN(d.output);
e.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
"\x7a";
e.inLen = XSTRLEN(e.input);
e.outLen = XSTRLEN(e.output);
test_md5[0] = a;
test_md5[1] = b;
test_md5[2] = c;
test_md5[3] = d;
test_md5[4] = e;
wc_InitMd5(&md5);
for (i = 0; i < times; ++i) {
wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
wc_Md5Final(&md5, hash);
if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
return -5 - i;
}
return 0;
}
/* Send application data. */
static int wolfssl_send(WOLFSSL* ssl, const char* msg)
{
int ret;
printf("%s", msg);
ret = wolfSSL_write(ssl, msg, XSTRLEN(msg));
if (ret < XSTRLEN(msg))
ret = -1;
else
ret = 0;
return ret;
}
int sha512_test(void)
{
Sha512 sha;
byte hash[SHA512_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
int ret;
a.input = "abc";
a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
"\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
"\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
"\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
"\x87\x4b\xe9\x09";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha512(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha512Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int sha384_test()
{
Sha384 sha;
byte hash[SHA384_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
int ret;
a.input = "abc";
a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
"\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
"\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
"\x74\x60\x39";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha384(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha384Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int sha_test(void)
{
Sha sha;
byte hash[SHA_DIGEST_SIZE];
testVector a, b, c, d;
testVector test_sha[4];
int ret = 0;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
"\x6C\x9C\xD0\xD8\x9D";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
"\xE5\xE5\x46\x70\xF1";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaa";
c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
"\x2A\x25\xEC\x64\x4D";
c.inLen = XSTRLEN(c.input);
c.outLen = XSTRLEN(c.output);
d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa";
d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
"\x53\x99\x5E\x26\xA0";
d.inLen = XSTRLEN(d.input);
d.outLen = XSTRLEN(d.output);
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
ret = wc_InitSha(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
wc_ShaFinal(&sha, hash);
if (XMEMCMP(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int sha256_test(void)
{
Sha256 sha;
byte hash[SHA256_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int ret;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha256(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha256Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
static void use_SNI_at_ctx(CYASSL_CTX* ctx)
{
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
}
static void use_SNI_at_ssl(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(SSL_SUCCESS,
wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
static void different_SNI_at_ssl(CYASSL* ssl)
{
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "ww2.yassl.com";
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
int sha224_test(void)
{
Sha224 sha;
byte hash[SHA224_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int ret;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
"\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = SHA224_DIGEST_SIZE;
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
b.inLen = XSTRLEN(b.input);
b.outLen = SHA224_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha224(&sha);
if (ret != 0)
return -4005;
for (i = 0; i < times; ++i) {
ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha224Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA224_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int ripemd_test(void)
{
RipeMd ripemd;
byte hash[RIPEMD_DIGEST_SIZE];
testVector a, b, c, d;
testVector test_ripemd[4];
int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
"\xb0\x87\xf1\x5a\x0b\xfc";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "message digest";
b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
"\x5f\xfa\x21\x59\x5f\x36";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
"\xf4\x9a\xda\x62\xeb\x2b";
c.inLen = XSTRLEN(c.input);
c.outLen = XSTRLEN(c.output);
d.input = "12345678901234567890123456789012345678901234567890123456"
"789012345678901234567890";
d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
"\x82\xbf\x63\x32\x6b\xfb";
d.inLen = XSTRLEN(d.input);
d.outLen = XSTRLEN(d.output);
test_ripemd[0] = a;
test_ripemd[1] = b;
test_ripemd[2] = c;
test_ripemd[3] = d;
wc_InitRipeMd(&ripemd);
for (i = 0; i < times; ++i) {
wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
(word32)test_ripemd[i].inLen);
wc_RipeMdFinal(&ripemd, hash);
if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
{
if (ocsp != NULL) {
int urlSz = (int)XSTRLEN(url);
decode_url(url, urlSz,
ocsp->overrideName, ocsp->overridePath, &ocsp->overridePort);
return 1;
}
return 0;
}
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
{
if (ocsp != NULL) {
int urlSz = (int)XSTRLEN(url);
if (urlSz < (int)sizeof(ocsp->overrideUrl)) {
XSTRNCPY(ocsp->overrideUrl, url, urlSz);
return 1;
}
}
return 0;
}
static void verify_SNI_real_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = NULL;
char name[] = "www.yassl.com";
word16 length = XSTRLEN(name);
AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ(name, request);
}
static void verify_SNI_fake_matching(CYASSL* ssl)
{
byte type = CYASSL_SNI_HOST_NAME;
char* request = NULL;
char name[] = "ww2.yassl.com";
word16 length = XSTRLEN(name);
AssertIntEQ(CYASSL_SNI_FAKE_MATCH, CyaSSL_SNI_Status(ssl, type));
AssertIntEQ(length, CyaSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ(name, request);
}
/* get the peer information in human readable form (ip, port, family)
* default function assumes BSD sockets
* can be overriden with wolfSSL_CTX_SetIOGetPeer
*/
int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam)
{
SOCKADDR_S peer;
word32 peerSz;
int ret;
if (ssl == NULL || ip == NULL || ipSz == NULL ||
port == NULL || fam == NULL) {
return BAD_FUNC_ARG;
}
/* get peer information stored in ssl struct */
peerSz = sizeof(SOCKADDR_S);
if ((ret = wolfSSL_dtls_get_peer(ssl, (void*)&peer, &peerSz))
!= SSL_SUCCESS) {
return ret;
}
/* extract family, ip, and port */
*fam = ((SOCKADDR_S*)&peer)->ss_family;
switch (*fam) {
case WOLFSSL_IP4:
if (XINET_NTOP(*fam, &(((SOCKADDR_IN*)&peer)->sin_addr),
ip, *ipSz) == NULL) {
WOLFSSL_MSG("XINET_NTOP error");
return SOCKET_ERROR_E;
}
*port = XNTOHS(((SOCKADDR_IN*)&peer)->sin_port);
break;
case WOLFSSL_IP6:
if (XINET_NTOP(*fam, &(((SOCKADDR_IN6*)&peer)->sin6_addr),
ip, *ipSz) == NULL) {
WOLFSSL_MSG("XINET_NTOP error");
return SOCKET_ERROR_E;
}
*port = XNTOHS(((SOCKADDR_IN6*)&peer)->sin6_port);
break;
default:
WOLFSSL_MSG("Unknown family type");
return SOCKET_ERROR_E;
}
ip[*ipSz - 1] = '\0'; /* make sure has terminator */
*ipSz = (word16)XSTRLEN(ip);
return SSL_SUCCESS;
}
static int mqtt_message_cb(MqttClient *client, MqttMessage *msg,
byte msg_new, byte msg_done)
{
byte buf[PRINT_BUFFER_SIZE+1];
word32 len;
MQTTCtx* mqttCtx = (MQTTCtx*)client->ctx;
(void)mqttCtx;
if (msg_new) {
/* Determine min size to dump */
len = msg->topic_name_len;
if (len > PRINT_BUFFER_SIZE) {
len = PRINT_BUFFER_SIZE;
}
XMEMCPY(buf, msg->topic_name, len);
buf[len] = '\0'; /* Make sure its null terminated */
/* Print incoming message */
PRINTF("MQTT Message: Topic %s, Qos %d, Len %u",
buf, msg->qos, msg->total_len);
/* for test mode: check if TEST_MESSAGE was received */
if (mqttCtx->test_mode) {
if (XSTRLEN(TEST_MESSAGE) == msg->buffer_len &&
XSTRNCMP(TEST_MESSAGE, (char*)msg->buffer, msg->buffer_len) == 0) {
mStopRead = 1;
}
}
}
/* Print message payload */
len = msg->buffer_len;
if (len > PRINT_BUFFER_SIZE) {
len = PRINT_BUFFER_SIZE;
}
XMEMCPY(buf, msg->buffer, len);
buf[len] = '\0'; /* Make sure its null terminated */
PRINTF("Payload (%d - %d): %s",
msg->buffer_pos, msg->buffer_pos + len, buf);
if (msg_done) {
PRINTF("MQTT Message: Done");
}
/* Return negative to terminate publish processing */
return MQTT_CODE_SUCCESS;
}
static int fwfile_save(const char* filePath, byte* fileBuf, int fileLen)
{
#if !defined(NO_FILESYSTEM)
int ret = 0;
FILE* file = NULL;
/* Check arguments */
if (filePath == NULL || XSTRLEN(filePath) == 0 || fileLen == 0 ||
fileBuf == NULL) {
return EXIT_FAILURE;
}
/* Open file */
file = fopen(filePath, "wb");
if (file == NULL) {
PRINTF("File %s write error!", filePath);
ret = EXIT_FAILURE;
goto exit;
}
/* Save file */
ret = (int)fwrite(fileBuf, 1, fileLen, file);
if (ret != fileLen) {
PRINTF("Error reading file! %d", ret);
ret = EXIT_FAILURE;
goto exit;
}
PRINTF("Saved %d bytes to %s", fileLen, filePath);
exit:
if (file) {
fclose(file);
}
return ret;
#else
(void)filePath;
(void)fileBuf;
PRINTF("Firmware File Save: Len=%d (No Filesystem)", fileLen);
return fileLen;
#endif
}
THREAD_RETURN CYASSL_THREAD client_test(void* args)
{
SOCKET_T sockfd = 0;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
CYASSL* ssl = 0;
CYASSL* sslResume = 0;
CYASSL_SESSION* session = 0;
char resumeMsg[] = "resuming cyassl!";
int resumeSz = sizeof(resumeMsg);
char msg[32] = "hello cyassl!"; /* GET may make bigger */
char reply[80];
int input;
int msgSz = (int)strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'f' :
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'z' :
#ifndef CYASSL_LEANPSK
CyaSSL_GetObjectSize();
#endif
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < CYASSL_MFL_2_9 ||
maxFragment > CYASSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = CyaSSLv3_client_method();
break;
#ifndef NO_TLS
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
method = CyaTLSv1_2_client_method();
break;
#endif
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
break;
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
#ifdef CYASSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
if (usePsk) {
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
}
#endif
useClientCert = 0;
}
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
| CYASSL_OCSP_URL_OVERRIDE);
}
else
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
}
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from CyaSSL home dir");
}
if (!usePsk) {
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#ifdef HAVE_CAVIUM
CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
if (benchmark) {
/* time passed in number of connects give average */
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed");
CyaSSL_shutdown(ssl);
CyaSSL_free(ssl);
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
}
#if defined(CYASSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
CyaSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
msg[msgSz] = '\0';
}
if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
err_sys("SSL_write failed");
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
}
else if (input < 0) {
int readErr = CyaSSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("CyaSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
}
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
showPeer(sslResume);
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
}
input = CyaSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
/* try to send session break */
CyaSSL_write(sslResume, msg, msgSz);
CyaSSL_shutdown(sslResume);
CyaSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
return 0;
}
int main(int argc, char** argv)
{
int ret = 0, option = 0, long_index = 0;
int i;
if (argc == 1) {
printf("Main Help.\n");
wolfCLU_help();
}
/* flexibility: allow users to input any CAPS or lower case,
* we will do all processing on lower case only. */
for (i = 0; i < argc; i++) {
convert_to_lower(argv[i], (int) XSTRLEN(argv[i]));
}
while ((option = getopt_long_only(argc, argv,"",
long_options, &long_index )) != -1) {
switch (option) {
/* Encrypt */
case ENCRYPT: ret = wolfCLU_setup(argc, argv, 'e');
break;
/* Decrypt */
case DECRYPT: ret = wolfCLU_setup(argc, argv, 'd');;
break;
/* Benchmark */
case BENCHMARK:ret = wolfCLU_benchSetup(argc, argv);
break;
/* Hash */
case HASH: ret = wolfCLU_hashSetup(argc, argv);
break;
/* x509 Certificate processing */
case X509: ret = wolfCLU_certSetup(argc, argv);
break;
/* x509 Certificate request */
case REQUEST: ret = wolfCLU_requestSetup(argc, argv);
break;
/* Ignore the following arguments for now. Will be handled by their respective
* setups IE Crypto setup, Benchmark setup, or Hash Setup */
/* File passed in by user */
case INFILE: break;
/* Output file */
case OUTFILE: break;
/* Password */
case PASSWORD: break;
/* Key if used must be in hex */
case KEY: break;
/* IV if used must be in hex */
case IV: break;
/* Opt to benchmark all available algorithms */
case ALL: break;
/* size for hash to output */
case SIZE: break;
/* Time to benchmark for 1-10 seconds optional default: 3s */
case TIME: break;
/* Verify results, used with -iv and -key */
case VERIFY: break;
/* Certificate Stuff*/
case INFORM: break;
case OUTFORM: break;
case NOOUT: break;
case TEXT_OUT: break;
case SILENT: break;
case HELP1:
if (argc == 2) {
printf("Main help menu:\n");
wolfCLU_help();
return 0;
}
break;
case HELP2:
if (argc == 2) {
printf("Main help menu:\n");
wolfCLU_help();
return 0;
}
break;
/* which version of clu am I using */
case VERBOSE:
wolfCLU_verboseHelp();
return 0;
/*End of ignored arguments */
case 'v': wolfCLU_version();
return 0;
default:
printf("Main help default.\n");
wolfCLU_help();
return 0;
}
}
if (ret != 0)
printf("Error returned: %d.\n", ret);
return ret;
}
int mqttclient_test(MQTTCtx *mqttCtx)
{
int rc = MQTT_CODE_SUCCESS, i;
switch (mqttCtx->stat) {
case WMQ_BEGIN:
{
PRINTF("MQTT Client: QoS %d, Use TLS %d", mqttCtx->qos, mqttCtx->use_tls);
}
case WMQ_NET_INIT:
{
mqttCtx->stat = WMQ_NET_INIT;
/* Initialize Network */
rc = MqttClientNet_Init(&mqttCtx->net);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Net Init: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto exit;
}
/* setup tx/rx buffers */
mqttCtx->tx_buf = (byte*)WOLFMQTT_MALLOC(MAX_BUFFER_SIZE);
mqttCtx->rx_buf = (byte*)WOLFMQTT_MALLOC(MAX_BUFFER_SIZE);
}
case WMQ_INIT:
{
mqttCtx->stat = WMQ_INIT;
/* Initialize MqttClient structure */
rc = MqttClient_Init(&mqttCtx->client, &mqttCtx->net,
mqtt_message_cb,
mqttCtx->tx_buf, MAX_BUFFER_SIZE,
mqttCtx->rx_buf, MAX_BUFFER_SIZE,
mqttCtx->cmd_timeout_ms);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Init: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto exit;
}
mqttCtx->client.ctx = mqttCtx;
}
case WMQ_TCP_CONN:
{
mqttCtx->stat = WMQ_TCP_CONN;
/* Connect to broker */
rc = MqttClient_NetConnect(&mqttCtx->client, mqttCtx->host, mqttCtx->port,
DEFAULT_CON_TIMEOUT_MS, mqttCtx->use_tls, mqtt_tls_cb);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Socket Connect: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto exit;
}
}
case WMQ_MQTT_CONN:
{
mqttCtx->stat = WMQ_MQTT_CONN;
XMEMSET(&mqttCtx->connect, 0, sizeof(MqttConnect));
mqttCtx->connect.keep_alive_sec = mqttCtx->keep_alive_sec;
mqttCtx->connect.clean_session = mqttCtx->clean_session;
mqttCtx->connect.client_id = mqttCtx->client_id;
/* Last will and testament sent by broker to subscribers
of topic when broker connection is lost */
XMEMSET(&mqttCtx->lwt_msg, 0, sizeof(mqttCtx->lwt_msg));
mqttCtx->connect.lwt_msg = &mqttCtx->lwt_msg;
mqttCtx->connect.enable_lwt = mqttCtx->enable_lwt;
if (mqttCtx->enable_lwt) {
/* Send client id in LWT payload */
mqttCtx->lwt_msg.qos = mqttCtx->qos;
mqttCtx->lwt_msg.retain = 0;
mqttCtx->lwt_msg.topic_name = WOLFMQTT_TOPIC_NAME"lwttopic";
mqttCtx->lwt_msg.buffer = (byte*)mqttCtx->client_id;
mqttCtx->lwt_msg.total_len = (word16)XSTRLEN(mqttCtx->client_id);
}
/* Optional authentication */
mqttCtx->connect.username = mqttCtx->username;
mqttCtx->connect.password = mqttCtx->password;
/* Send Connect and wait for Connect Ack */
rc = MqttClient_Connect(&mqttCtx->client, &mqttCtx->connect);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Connect: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
/* Validate Connect Ack info */
PRINTF("MQTT Connect Ack: Return Code %u, Session Present %d",
mqttCtx->connect.ack.return_code,
(mqttCtx->connect.ack.flags &
MQTT_CONNECT_ACK_FLAG_SESSION_PRESENT) ?
1 : 0
);
/* Build list of topics */
mqttCtx->topics[0].topic_filter = mqttCtx->topic_name;
mqttCtx->topics[0].qos = mqttCtx->qos;
/* Subscribe Topic */
XMEMSET(&mqttCtx->subscribe, 0, sizeof(MqttSubscribe));
mqttCtx->subscribe.packet_id = mqtt_get_packetid();
mqttCtx->subscribe.topic_count = sizeof(mqttCtx->topics)/sizeof(MqttTopic);
mqttCtx->subscribe.topics = mqttCtx->topics;
}
case WMQ_SUB:
{
mqttCtx->stat = WMQ_SUB;
rc = MqttClient_Subscribe(&mqttCtx->client, &mqttCtx->subscribe);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Subscribe: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
/* show subscribe results */
for (i = 0; i < mqttCtx->subscribe.topic_count; i++) {
mqttCtx->topic = &mqttCtx->subscribe.topics[i];
PRINTF(" Topic %s, Qos %u, Return Code %u",
mqttCtx->topic->topic_filter,
mqttCtx->topic->qos, mqttCtx->topic->return_code);
}
/* Publish Topic */
XMEMSET(&mqttCtx->publish, 0, sizeof(MqttPublish));
mqttCtx->publish.retain = 0;
mqttCtx->publish.qos = mqttCtx->qos;
mqttCtx->publish.duplicate = 0;
mqttCtx->publish.topic_name = mqttCtx->topic_name;
mqttCtx->publish.packet_id = mqtt_get_packetid();
mqttCtx->publish.buffer = (byte*)TEST_MESSAGE;
mqttCtx->publish.total_len = (word16)XSTRLEN(TEST_MESSAGE);
}
case WMQ_PUB:
{
mqttCtx->stat = WMQ_PUB;
rc = MqttClient_Publish(&mqttCtx->client, &mqttCtx->publish);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Publish: Topic %s, %s (%d)",
mqttCtx->publish.topic_name, MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
/* Read Loop */
PRINTF("MQTT Waiting for message...");
MqttClientNet_CheckForCommand_Enable(&mqttCtx->net);
}
case WMQ_WAIT_MSG:
{
mqttCtx->stat = WMQ_WAIT_MSG;
do {
/* Try and read packet */
rc = MqttClient_WaitMessage(&mqttCtx->client,
mqttCtx->cmd_timeout_ms);
/* check for test mode */
if (mStopRead) {
rc = MQTT_CODE_SUCCESS;
break;
}
/* check return code */
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
else if (rc == MQTT_CODE_ERROR_TIMEOUT) {
/* Check to see if command data (stdin) is available */
rc = MqttClientNet_CheckForCommand(&mqttCtx->net,
mqttCtx->rx_buf, MAX_BUFFER_SIZE);
if (rc > 0) {
/* Publish Topic */
mqttCtx->stat = WMQ_PUB;
XMEMSET(&mqttCtx->publish, 0, sizeof(MqttPublish));
mqttCtx->publish.retain = 0;
mqttCtx->publish.qos = mqttCtx->qos;
mqttCtx->publish.duplicate = 0;
mqttCtx->publish.topic_name = mqttCtx->topic_name;
mqttCtx->publish.packet_id = mqtt_get_packetid();
mqttCtx->publish.buffer = mqttCtx->rx_buf;
mqttCtx->publish.total_len = (word16)rc;
rc = MqttClient_Publish(&mqttCtx->client, &mqttCtx->publish);
PRINTF("MQTT Publish: Topic %s, %s (%d)",
mqttCtx->publish.topic_name,
MqttClient_ReturnCodeToString(rc), rc);
}
/* Keep Alive */
else {
rc = MqttClient_Ping(&mqttCtx->client);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
else if (rc != MQTT_CODE_SUCCESS) {
PRINTF("MQTT Ping Keep Alive Error: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
break;
}
}
}
else if (rc != MQTT_CODE_SUCCESS) {
/* There was an error */
PRINTF("MQTT Message Wait: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
break;
}
} while (1);
/* Check for error */
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
/* Unsubscribe Topics */
XMEMSET(&mqttCtx->unsubscribe, 0, sizeof(MqttUnsubscribe));
mqttCtx->unsubscribe.packet_id = mqtt_get_packetid();
mqttCtx->unsubscribe.topic_count =
sizeof(mqttCtx->topics) / sizeof(MqttTopic);
mqttCtx->unsubscribe.topics = mqttCtx->topics;
}
case WMQ_UNSUB:
{
mqttCtx->stat = WMQ_UNSUB;
PRINTF("MQTT Exiting...");
/* Unsubscribe Topics */
rc = MqttClient_Unsubscribe(&mqttCtx->client, &mqttCtx->unsubscribe);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Unsubscribe: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
mqttCtx->return_code = rc;
}
case WMQ_DISCONNECT:
{
/* Disconnect */
rc = MqttClient_Disconnect(&mqttCtx->client);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Disconnect: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
if (rc != MQTT_CODE_SUCCESS) {
goto disconn;
}
}
case WMQ_NET_DISCONNECT:
{
mqttCtx->stat = WMQ_NET_DISCONNECT;
rc = MqttClient_NetDisconnect(&mqttCtx->client);
if (rc == MQTT_CODE_CONTINUE) {
return rc;
}
PRINTF("MQTT Socket Disconnect: %s (%d)",
MqttClient_ReturnCodeToString(rc), rc);
}
case WMQ_DONE:
{
mqttCtx->stat = WMQ_DONE;
rc = mqttCtx->return_code;
goto exit;
}
default:
rc = MQTT_CODE_ERROR_STAT;
goto exit;
} /* switch */
disconn:
mqttCtx->stat = WMQ_NET_DISCONNECT;
mqttCtx->return_code = rc;
return MQTT_CODE_CONTINUE;
exit:
/* Free resources */
if (mqttCtx->tx_buf) WOLFMQTT_FREE(mqttCtx->tx_buf);
if (mqttCtx->rx_buf) WOLFMQTT_FREE(mqttCtx->rx_buf);
/* Cleanup network */
MqttClientNet_DeInit(&mqttCtx->net);
return rc;
}
static void test_CyaSSL_UseSNI(void)
{
#ifdef HAVE_SNI
callback_functions client_callbacks = {CyaSSLv23_client_method, 0, 0, 0};
callback_functions server_callbacks = {CyaSSLv23_server_method, 0, 0, 0};
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
/* success case */
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
/* Testing success case at ctx */
client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx;
server_callbacks.on_result = verify_SNI_real_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing success case at ssl */
client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL;
client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing default mismatch behaviour */
client_callbacks.ssl_ready = different_SNI_at_ssl;
client_callbacks.on_result = verify_SNI_abort_on_client;
server_callbacks.on_result = verify_SNI_abort_on_server;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
client_callbacks.on_result = NULL;
/* Testing continue on mismatch */
client_callbacks.ssl_ready = different_SNI_at_ssl;
server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl;
server_callbacks.on_result = verify_SNI_no_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
/* Testing fake answer on mismatch */
server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl;
server_callbacks.on_result = verify_SNI_fake_matching;
test_CyaSSL_client_server(&client_callbacks, &server_callbacks);
test_CyaSSL_SNI_GetFromBuffer();
#endif
}
/*
* hash argument function
*/
int wolfsslHashSetup(int argc, char** argv)
{
int ret = 0; /* return variable, counter */
int i = 0; /* loop variable */
char* in; /* input variable */
char* out = NULL; /* output variable */
const char* algs[] = { /* list of acceptable algorithms */
#ifndef NO_MD5
"md5"
#endif
#ifndef NO_SHA
, "sha"
#endif
#ifndef NO_SHA256
, "sha256"
#endif
#ifdef WOLFSSL_SHA384
, "sha384"
#endif
#ifdef WOLFSSL_SHA512
, "sha512"
#endif
#ifdef HAVE_BLAKE2
, "blake2b"
#endif
};
char* alg; /* algorithm being used */
int algCheck= 0; /* acceptable algorithm check */
int inCheck = 0; /* input check */
int size = 0; /* message digest size */
#ifdef HAVE_BLAKE2
size = BLAKE_DIGEST_SIZE;
#endif
/* help checking */
if (argc == 2) {
wolfsslHashHelp();
return 0;
}
for (i = 2; i < argc; i++) {
if (strcmp(argv[i], "-help") == 0) {
wolfsslHashHelp();
return 0;
}
}
for (i = 0; i < (int) sizeof(algs)/(int) sizeof(algs[0]); i++) {
/* checks for acceptable algorithms */
if (strcmp(argv[2], algs[i]) == 0) {
alg = argv[2];
algCheck = 1;
}
}
if (algCheck == 0) {
printf("Invalid algorithm\n");
return FATAL_ERROR;
}
for (i = 3; i < argc; i++) {
if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) {
/* input file/text */
in = malloc(strlen(argv[i+1])+1);
XSTRNCPY(in, &argv[i+1][0], XSTRLEN(&argv[i+1][0]));
in[strlen(argv[i+1])] = '\0';
inCheck = 1;
i++;
}
else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) {
/* output file */
out = argv[i+1];
i++;
}
else if (strcmp(argv[i], "-s") == 0 && argv[i+1] != NULL) {
/* size of output */
#ifndef HAVE_BLAKE2
printf("Sorry, only to be used with Blake2b enabled\n");
#else
size = atoi(argv[i+1]);
if (size <= 0 || size > 64) {
printf("Invalid size, Must be between 1-64. Using default.\n");
size = BLAKE_DIGEST_SIZE;
}
#endif
i++;
}
else {
printf("Unknown argument %s. Ignoring\n", argv[i]);
}
}
if (inCheck == 0) {
printf("Must have input as either a file or standard I/O\n");
return FATAL_ERROR;
}
/* sets default size of algorithm */
#ifndef NO_MD5
if (strcmp(alg, "md5") == 0)
size = MD5_DIGEST_SIZE;
#endif
#ifndef NO_SHA
if (strcmp(alg, "sha") == 0)
size = SHA_DIGEST_SIZE;
#endif
#ifndef NO_SHA256
if (strcmp(alg, "sha256") == 0)
size = SHA256_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
if (strcmp(alg, "sha384") == 0)
size = SHA384_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA512
if (strcmp(alg, "sha512") == 0)
size = SHA512_DIGEST_SIZE;
#endif
/* hashing function */
wolfsslHash(in, out, alg, size);
free(in);
return ret;
}
/* create new error node and add it to the queue
* buffers are assumed to be of size WOLFSSL_MAX_ERROR_SZ for this internal
* function. debug_mutex should be locked before a call to this function. */
int wc_AddErrorNode(int error, int line, char* buf, char* file)
{
struct wc_error_queue* err;
err = (struct wc_error_queue*)XMALLOC(
sizeof(struct wc_error_queue), wc_error_heap, DYNAMIC_TYPE_LOG);
if (err == NULL) {
WOLFSSL_MSG("Unable to create error node for log");
return MEMORY_E;
}
else {
int sz;
XMEMSET(err, 0, sizeof(struct wc_error_queue));
err->heap = wc_error_heap;
sz = (int)XSTRLEN(buf);
if (sz > WOLFSSL_MAX_ERROR_SZ - 1) {
sz = WOLFSSL_MAX_ERROR_SZ - 1;
}
if (sz > 0) {
XMEMCPY(err->error, buf, sz);
}
sz = (int)XSTRLEN(file);
if (sz > WOLFSSL_MAX_ERROR_SZ - 1) {
sz = WOLFSSL_MAX_ERROR_SZ - 1;
}
if (sz > 0) {
XMEMCPY(err->file, file, sz);
}
err->value = error;
err->line = line;
/* make sure is terminated */
err->error[WOLFSSL_MAX_ERROR_SZ - 1] = '\0';
err->file[WOLFSSL_MAX_ERROR_SZ - 1] = '\0';
/* since is queue place new node at last of the list */
if (wc_last_node == NULL) {
/* case of first node added to queue */
if (wc_errors != NULL) {
/* check for unexpected case before over writing wc_errors */
WOLFSSL_MSG("ERROR in adding new node to logging queue!!\n");
}
else {
wc_errors = err;
wc_last_node = err;
}
}
else {
wc_last_node->next = err;
err->prev = wc_last_node;
wc_last_node = err;
}
}
return 0;
}
static void run_cyassl_client(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method());
CYASSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello cyassl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, caCert, 0));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sfd);
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
} else {
AssertIntEQ(len, CyaSSL_write(ssl, msg, len));
if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Server response: %s\n", input);
}
}
if (callbacks->on_result)
callbacks->on_result(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(sfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
}
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method());
CYASSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port = yasslPort;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \
!defined(CYASSL_TIRTOS)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef OPENSSL_EXTRA
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = CyaSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0);
CloseSocket(sfd);
CyaSSL_set_fd(ssl, cfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
/* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
int err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
} else {
if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, CyaSSL_write(ssl, msg, len));
#ifdef CYASSL_TIRTOS
Task_yield();
#endif
CyaSSL_shutdown(ssl);
}
if (callbacks->on_result)
callbacks->on_result(ssl);
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CloseSocket(cfd);
((func_args*)args)->return_code = TEST_SUCCESS;
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
SSL_METHOD* method = 0;
SSL_CTX* ctx = 0;
SSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[80];
int idx;
int ch;
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
word16 port = yasslPort;
int usePsk = 0;
int useAnon = 0;
int doDTLS = 0;
int useNtruKey = 0;
int nonBlocking = 0;
int trackMemory = 0;
int fewerPackets = 0;
int pkCallbacks = 0;
int serverReadyFile = 0;
char* cipherList = NULL;
const char* verifyCert = cliCert;
const char* ourCert = svrCert;
const char* ourKey = svrKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)cliEccCert;
ourCert = (char*)eccCert;
ourKey = (char*)eccKey;
#endif
(void)trackMemory;
(void)pkCallbacks;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
#endif
while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'd' :
doCliCertCheck = 0;
break;
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'n' :
useNtruKey = 1;
break;
case 'u' :
doDTLS = 1;
break;
case 'f' :
fewerPackets = 1;
break;
case 'r' :
serverReadyFile = 1;
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'p' :
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'N':
nonBlocking = 1;
break;
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
method = SSLv3_server_method();
break;
#ifndef NO_TLS
case 1:
method = TLSv1_server_method();
break;
case 2:
method = TLSv1_1_server_method();
break;
#endif
#endif
#ifndef NO_TLS
case 3:
method = TLSv1_2_server_method();
break;
#endif
#ifdef CYASSL_DTLS
case -1:
method = DTLSv1_server_method();
break;
case -2:
method = DTLSv1_2_server_method();
break;
#endif
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = SSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 1");
#ifdef CYASSL_LEANPSK
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!usePsk && !useAnon) {
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
}
#endif
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!useNtruKey && !usePsk && !useAnon) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server private key file, check file and run "
"from CyaSSL home dir");
}
#endif
if (usePsk) {
#ifndef NO_PSK
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
}
#endif
}
if (useAnon) {
#ifdef HAVE_ANON
CyaSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("server can't set cipher list 4");
}
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0 && useAnon == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
err_sys("server can't set cipher list 3");
}
#endif
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
| CYASSL_OCSP_URL_OVERRIDE);
}
else
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
}
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS,
serverReadyFile);
if (!doDTLS)
CloseSocket(sockfd);
SSL_set_fd(ssl, clientfd);
if (usePsk == 0 || useAnon == 1 || cipherList != NULL) {
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif
}
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&clientfd);
NonBlockingSSL_Accept(ssl);
} else if (SSL_accept(ssl) != SSL_SUCCESS) {
int err = SSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
err_sys("SSL_accept failed");
}
#else
NonBlockingSSL_Accept(ssl);
#endif
showPeer(ssl);
idx = SSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
else if (idx < 0) {
int readErr = SSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("SSL_read failed");
}
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
err_sys("SSL_write failed");
#if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
os_dly_wait(500) ;
#elif defined (CYASSL_TIRTOS)
Task_yield();
#endif
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
CloseSocket(clientfd);
((func_args*)args)->return_code = 0;
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
}
