/* wolfSSL-DTLS-PSK-Server.cs
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
using System;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.IO;
using System.Net;
using System.Net.Sockets;
using wolfSSL.CSharp;
public class wolfSSL_DTLS_PSK_Server
{
///
/// Example of a PSK function call back
///
/// pointer to ssl structure
/// identity of client connecting
/// buffer to hold key
/// max key size
/// size of key set
public static uint my_psk_server_cb(IntPtr ssl, string identity, IntPtr key, uint max_key)
{
/* perform a check on the identity sent across
* log function must be set for print out of logging information
*/
wolfssl.log(wolfssl.INFO_LOG, "PSK Client Identity = " + identity);
/* Use desired key, note must be a key smaller than max key size parameter
Replace this with desired key. Is trivial one for testing */
if (max_key < 4)
return 0;
byte[] tmp = { 26, 43, 60, 77 };
Marshal.Copy(tmp, 0, key, 4);
return (uint)4;
}
private static void clean(IntPtr ssl, IntPtr ctx)
{
wolfssl.free(ssl);
wolfssl.CTX_free(ctx);
wolfssl.Cleanup();
}
public static void Main(string[] args)
{
IntPtr ctx;
IntPtr ssl;
/* These paths should be changed according to use */
string fileCert = wolfssl.setPath("server-cert.pem");
string fileKey = wolfssl.setPath("server-key.pem");
StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
Console.WriteLine("Platform not supported");
return;
}
wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb);
StringBuilder buff = new StringBuilder(1024);
StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
wolfssl.Init();
Console.WriteLine("Calling ctx Init from wolfSSL");
ctx = wolfssl.CTX_dtls_new(wolfssl.useDTLSv1_2_server());
if (ctx == IntPtr.Zero)
{
Console.WriteLine("Error creating ctx structure");
return;
}
Console.WriteLine("Finished init of ctx .... now load in cert and key");
if (!File.Exists(fileCert) || !File.Exists(fileKey))
{
Console.WriteLine("Could not find cert or key file");
wolfssl.CTX_free(ctx);
return;
}
if (!File.Exists(dhparam.ToString())) {
Console.WriteLine("Could not find dh file");
wolfssl.CTX_free(ctx);
return;
}
if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
{
Console.WriteLine("Error setting cert file");
wolfssl.CTX_free(ctx);
return;
}
if (wolfssl.CTX_use_PrivateKey_file(ctx, fileKey, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
{
Console.WriteLine("Error setting key file");
wolfssl.CTX_free(ctx);
return;
}
/* Test psk use with DHE */
StringBuilder hint = new StringBuilder("cyassl server");
if (wolfssl.CTX_use_psk_identity_hint(ctx, hint) != wolfssl.SUCCESS)
{
Console.WriteLine("Error setting hint");
wolfssl.CTX_free(ctx);
return;
}
wolfssl.CTX_set_psk_server_callback(ctx, psk_cb);
short minDhKey = 128;
wolfssl.CTX_SetMinDhKey_Sz(ctx, minDhKey);
Console.Write("Setting cipher suite to ");
StringBuilder set_cipher = new StringBuilder("DHE-PSK-AES128-CBC-SHA256");
Console.WriteLine(set_cipher);
if (wolfssl.CTX_set_cipher_list(ctx, set_cipher) != wolfssl.SUCCESS)
{
Console.WriteLine("Failed to set cipher suite");
wolfssl.CTX_free(ctx);
return;
}
IPAddress ip = IPAddress.Parse("0.0.0.0");
UdpClient udp = new UdpClient(11111);
IPEndPoint ep = new IPEndPoint(ip, 11111);
Console.WriteLine("Started UDP and waiting for a connection");
ssl = wolfssl.new_ssl(ctx);
if (ssl == IntPtr.Zero)
{
Console.WriteLine("Error creating ssl object");
udp.Close();
wolfssl.CTX_free(ctx);
return;
}
if (wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
{
Console.WriteLine("Error in setting dhparam");
Console.WriteLine(wolfssl.get_error(ssl));
udp.Close();
clean(ssl, ctx);
return;
}
if (wolfssl.set_dtls_fd(ssl, udp, ep) != wolfssl.SUCCESS)
{
Console.WriteLine(wolfssl.get_error(ssl));
udp.Close();
clean(ssl, ctx);
return;
}
if (wolfssl.accept(ssl) != wolfssl.SUCCESS)
{
Console.WriteLine(wolfssl.get_error(ssl));
udp.Close();
clean(ssl, ctx);
return;
}
/* print out results of TLS/SSL accept */
Console.WriteLine("SSL version is " + wolfssl.get_version(ssl));
Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl));
/* get connection information and print ip - port */
wolfssl.DTLS_con con = wolfssl.get_dtls_fd(ssl);
Console.Write("Connected to ip ");
Console.Write(con.ep.Address.ToString());
Console.Write(" on port ");
Console.WriteLine(con.ep.Port.ToString());
/* read information sent and send a reply */
if (wolfssl.read(ssl, buff, 1023) < 0)
{
Console.WriteLine("Error reading message");
Console.WriteLine(wolfssl.get_error(ssl));
udp.Close();
clean(ssl, ctx);
return;
}
Console.WriteLine(buff);
if (wolfssl.write(ssl, reply, reply.Length) != reply.Length)
{
Console.WriteLine("Error writing message");
Console.WriteLine(wolfssl.get_error(ssl));
udp.Close();
clean(ssl, ctx);
return;
}
Console.WriteLine("At the end freeing stuff");
wolfssl.shutdown(ssl);
udp.Close();
clean(ssl, ctx);
}
}