/* wolfSSL.cs * * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.IO; using System.Net; using System.Net.Sockets; namespace wolfSSL.CSharp { public class wolfssl { private const string wolfssl_dll = "wolfssl.dll"; /* wait for 6 seconds default on TCP socket state poll if timeout not set */ private const int WC_WAIT = 6000000; /******************************** * Class for DTLS connections */ /// /// Contains information regarding a DTLS connection having UdpClient udp and IPEndPoint ep. /// Used to keep memory alive. /// public class DTLS_con { public UdpClient udp; public IPEndPoint ep; } /******************************** * Class for keeping ctx handles alive */ [StructLayout(LayoutKind.Sequential)] private class ctx_handle { private GCHandle rec_cb; private GCHandle snd_cb; private GCHandle psk_cb; private GCHandle sni_cb; private GCHandle sni_arg; private GCHandle vrf_cb; private IntPtr ctx; public void set_receive(GCHandle input) { this.rec_cb = input; } public GCHandle get_receive() { return this.rec_cb; } public void set_send(GCHandle input) { this.snd_cb = input; } public GCHandle get_send() { return this.snd_cb; } public void set_psk(GCHandle input) { this.psk_cb = input; } public GCHandle get_psk() { return this.psk_cb; } public void set_sni(GCHandle input) { this.sni_cb = input; } public GCHandle get_sni(GCHandle input) { return this.sni_cb; } public void set_arg(GCHandle input) { this.sni_arg= input; } public GCHandle get_arg(GCHandle input) { return this.sni_arg; } public void set_vrf(GCHandle input) { if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); } this.vrf_cb = input; } public GCHandle get_vrf() { return this.vrf_cb; } public void set_ctx(IntPtr input) { this.ctx = input; } public IntPtr get_ctx() { return this.ctx; } /// /// Called to free the pointers keeping handles alive /// public void free() { log(INFO_LOG, "freeing ctx handle"); if (!Object.Equals(this.rec_cb, default(GCHandle))) { this.rec_cb.Free(); } if (!Object.Equals(this.snd_cb, default(GCHandle))) { this.snd_cb.Free(); } if (!Object.Equals(this.psk_cb, default(GCHandle))) { this.psk_cb.Free(); } if (!Object.Equals(this.sni_cb, default(GCHandle))) { this.sni_cb.Free(); } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); } } } /******************************** * Class for keeping ssl handle alive */ [StructLayout(LayoutKind.Sequential)] private class ssl_handle { private GCHandle fd_pin; private GCHandle psk_cb; private GCHandle sni_cb; private GCHandle vrf_cb; private IntPtr ssl; public void set_fd(GCHandle input) { this.fd_pin = input; } public GCHandle get_fd() { return this.fd_pin; } public void set_psk(GCHandle input) { this.psk_cb = input; } public GCHandle get_psk() { return this.psk_cb; } public void set_vrf(GCHandle input) { if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); } this.vrf_cb = input; } public GCHandle get_vrf() { return this.vrf_cb; } public void set_ssl(IntPtr input) { this.ssl = input; } public IntPtr get_ssl() { return this.ssl; } public void free() { log(INFO_LOG, "freeing ssl handle"); if (!Object.Equals(this.fd_pin, default(GCHandle))) { this.fd_pin.Free(); } if (!Object.Equals(this.psk_cb, default(GCHandle))) { this.psk_cb.Free(); } if (!Object.Equals(this.sni_cb, default(GCHandle))) { this.sni_cb.Free(); } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); } } } /******************************** * Init wolfSSL library */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_Init(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_Cleanup(); /******************************** * Methods of connection */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfTLSv1_2_server_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfTLSv1_3_server_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSLv23_server_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfTLSv1_2_client_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfTLSv1_3_client_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSLv23_client_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfDTLSv1_2_server_method(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfDTLSv1_2_client_method(); /******************************** * Call backs */ [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int CallbackIORecv_delegate(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_SetIORecv(IntPtr ctx, CallbackIORecv_delegate recv); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SetIOReadCtx(IntPtr ssl, IntPtr rctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_GetIOReadCtx(IntPtr ssl); [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int CallbackIOSend_delegate(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_SetIOSend(IntPtr ctx, CallbackIOSend_delegate send); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SetIOWriteCtx(IntPtr ssl, IntPtr wctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_GetIOWriteCtx(IntPtr ssl); /******************************** * CTX structure */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_CTX_new(IntPtr method); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_use_certificate_file(IntPtr ctx, string file, int type); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_load_verify_locations(IntPtr ctx, string file, string path); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_use_PrivateKey_file(IntPtr ctx, string file, int type); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_free(IntPtr ctx); /******************************** * PSK */ [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate uint psk_delegate(IntPtr ssl, string identity, IntPtr key, uint max_sz); [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate uint psk_client_delegate(IntPtr ssl, string hint, IntPtr identity, uint id_max_len, IntPtr key, uint max_sz); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_set_psk_server_callback(IntPtr ssl, psk_delegate psk_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_psk_server_callback(IntPtr ctx, psk_delegate psk_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_psk_client_callback(IntPtr ctx, psk_client_delegate psk_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_use_psk_identity_hint(IntPtr ctx, StringBuilder identity); /******************************** * SNI */ [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int sni_delegate(IntPtr ssl, IntPtr ret, IntPtr exArg); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static ushort wolfSSL_SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SNI_GetFromBuffer(byte[] clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz); /******************************** * SSL Structure */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_new(IntPtr ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_accept(IntPtr ssl); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_connect(IntPtr ssl); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_read(IntPtr ssl, IntPtr buf, int sz); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_write(IntPtr ssl, IntPtr buf, int sz); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_shutdown(IntPtr ssl); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_free(IntPtr ssl); /******************************** * Cipher lists */ /* only supports full name from cipher_name[] delimited by : */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_set_cipher_list(IntPtr ctx, StringBuilder ciphers); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_set_cipher_list(IntPtr ssl, StringBuilder ciphers); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_get_ciphers(StringBuilder ciphers, int sz); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_get_cipher(IntPtr ssl); [DllImport(wolfssl_dll, CharSet = CharSet.Ansi, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_CIPHER_get_name(IntPtr cipher); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_get_current_cipher(IntPtr ssl); [DllImport(wolfssl_dll, CharSet = CharSet.Ansi, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_get_version(IntPtr ssl); [DllImport(wolfssl_dll, CharSet = CharSet.Ansi, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_get_cipher_list(IntPtr ssl); /******************************** * Error logging */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)] private extern static IntPtr wolfSSL_ERR_error_string(uint err, StringBuilder errOut); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_get_error(IntPtr ssl, int err); [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate void loggingCb(int lvl, StringBuilder msg); private static loggingCb internal_log; [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_Debugging_ON(); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_Debugging_OFF(); /******************************** * DH */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_SetMinDhKey_Sz(IntPtr ctx, short size); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SetTmpDH_file(IntPtr ssl, StringBuilder dhParam, int type); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_SetTmpDH_file(IntPtr ctx, StringBuilder dhParam, int type); /******************************** * Verify Callback */ [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int CallbackVerify_delegate(int ret, IntPtr x509_ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_verify(IntPtr ctx, int mode, CallbackVerify_delegate vc); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_set_verify(IntPtr ssl, int mode, CallbackVerify_delegate vc); /******************************** * X509 Store */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_X509_STORE_CTX_get_current_cert(IntPtr x509Ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_X509_STORE_CTX_get_error(IntPtr sk); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_X509_STORE_GetCerts(IntPtr x509Ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_sk_X509_num(IntPtr sk); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_sk_X509_free(IntPtr sk); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static IntPtr wolfSSL_sk_X509_pop(IntPtr sk); /******************************** * Enum types from wolfSSL library */ public static readonly int SSL_FILETYPE_PEM = 1; public static readonly int SSL_FILETYPE_ASN1 = 2; public static readonly int SSL_FILETYPE_RAW = 3; public static readonly int SSL_VERIFY_NONE = 0; public static readonly int SSL_VERIFY_PEER = 1; public static readonly int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2; public static readonly int SSL_VERIFY_CLIENT_ONCE = 4; public static readonly int SSL_VERIFY_POST_HANDSHAKE = 8; public static readonly int SSL_VERIFY_FAIL_EXCEPT_PSK = 16; public static readonly int CBIO_ERR_GENERAL = -1; public static readonly int CBIO_ERR_WANT_READ = -2; public static readonly int CBIO_ERR_WANT_WRITE = -2; public static readonly int CBIO_ERR_CONN_RST = -3; public static readonly int CBIO_ERR_ISR = -4; public static readonly int CBIO_ERR_CONN_CLOSE = -5; public static readonly int CBIO_ERR_TIMEOUT = -6; public static readonly int ERROR_LOG = 0; public static readonly int INFO_LOG = 1; public static readonly int ENTER_LOG = 2; public static readonly int LEAVE_LOG = 3; public static readonly int OTHER_LOG = 4; public static readonly int SUCCESS = 1; public static readonly int FAILURE = 0; public static readonly int WOLFSSL_SNI_HOST_NAME = 0; private static IntPtr unwrap_ctx(IntPtr ctx) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; return handles.get_ctx(); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx pointer is incorrect " + e); return IntPtr.Zero; } } private static IntPtr unwrap_ssl(IntPtr ssl) { try { GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; return handles.get_ssl(); } catch (Exception e) { log(ERROR_LOG, "wolfssl pointer is incorrect " + e); return IntPtr.Zero; } } /// /// Utility function used to access the certificates /// based on the platform. /// return the platform specific path to the certificate /// public static string setPath(string file) { if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { Console.WriteLine("Linux - " + file); return @"../../certs/" + file; } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Console.WriteLine("Windows - " + file); return @"../../../../certs/" + file; } else { return ""; } } /// /// Call back to allow receiving TLS information /// /// structure of ssl passed in /// buffer to contain received msg /// size of buffer /// optional information passed in /// size of message received private static int wolfSSLCbIORecv(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx) { if (sz <= 0) { log(ERROR_LOG, "wolfssl receive error, size less than 0"); return wolfssl.CBIO_ERR_GENERAL; } int amtRecv = 0; try { System.Runtime.InteropServices.GCHandle gch; gch = GCHandle.FromIntPtr(ctx); Socket con = (System.Net.Sockets.Socket)gch.Target; Byte[] msg = new Byte[sz]; amtRecv = con.Receive(msg, msg.Length, 0); if (amtRecv == 0) { /* No data received so check for a response to see if connection is still open */ if (con.Poll((con.ReceiveTimeout > 0) ? con.ReceiveTimeout : WC_WAIT, SelectMode.SelectRead)) { log(ERROR_LOG, "socket connection issue, suspected connection termination."); return wolfssl.CBIO_ERR_CONN_CLOSE; } } Marshal.Copy(msg, 0, buf, sz); } catch (Exception e) { log(ERROR_LOG, "Error in receive " + e.ToString()); return wolfssl.CBIO_ERR_CONN_CLOSE; } return amtRecv; } /// /// Call back used for sending TLS information /// /// pointer to ssl struct /// buffer containing information to send /// size of buffer to send /// optional information /// amount of information sent private static int wolfSSLCbIOSend(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx) { if (sz <= 0) { log(ERROR_LOG, "wolfssl send error, size less than 0"); return wolfssl.CBIO_ERR_GENERAL; } try { System.Runtime.InteropServices.GCHandle gch; gch = GCHandle.FromIntPtr(ctx); Socket con = (System.Net.Sockets.Socket)gch.Target; Byte[] msg = new Byte[sz]; Marshal.Copy(buf, msg, 0, sz); if (con.Send(msg, 0, msg.Length, SocketFlags.None) == 0 && sz != 0) { /* no data sent and msg size is larger then 0, check for lost connection */ if (con.Poll((con.SendTimeout > 0) ? con.SendTimeout : WC_WAIT, SelectMode.SelectWrite)) { log(ERROR_LOG, "socket connection issue, suspect connection termination"); return wolfssl.CBIO_ERR_CONN_CLOSE; } } return sz; } catch (Exception e) { log(ERROR_LOG, "socket connection issue " + e.ToString()); return wolfssl.CBIO_ERR_CONN_CLOSE; } } /// /// Call back used for sending DTLS information /// /// pointer to ssl struct /// buffer containing information to send /// size of buffer to send /// optional information /// amount of information sent private static int wolfSSL_dtlsCbIOSend(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx) { if (sz <= 0) { log(ERROR_LOG, "wolfssl dtls send error, size less than 0"); return wolfssl.CBIO_ERR_GENERAL; } try { System.Runtime.InteropServices.GCHandle gch; gch = GCHandle.FromIntPtr(ctx); DTLS_con con = (DTLS_con)gch.Target; Byte[] msg = new Byte[sz]; Marshal.Copy(buf, msg, 0, sz); con.udp.Send(msg, msg.Length, con.ep); return msg.Length; } catch (Exception e) { log(ERROR_LOG, "socket connection issue " + e.ToString()); return wolfssl.CBIO_ERR_CONN_CLOSE; } } /// /// Call back to allow receiving DTLS information /// /// structure of ssl passed in /// buffer to contain received msg /// size of buffer /// optional information passed in /// size of message received private static int wolfSSL_dtlsCbIORecv(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx) { if (sz <= 0) { log(ERROR_LOG, "wolfssl dtls receive error, size less than 0"); return wolfssl.CBIO_ERR_GENERAL; } try { System.Runtime.InteropServices.GCHandle gch; gch = GCHandle.FromIntPtr(ctx); DTLS_con con = (DTLS_con)gch.Target; Byte[] msg = con.udp.Receive(ref con.ep); if (msg.Length > sz) { log(ERROR_LOG, "wolfssl DTLS packet received was larger than buffer"); return wolfssl.CBIO_ERR_GENERAL; } Marshal.Copy(msg, 0, buf, msg.Length); return msg.Length; } catch (Exception e) { /* issue with receive or size of buffer */ log(ERROR_LOG, "socket read issue " + e.ToString()); return wolfssl.CBIO_ERR_CONN_CLOSE; } } /// /// Create a new ssl structure /// /// structure to create ssl structure from /// pointer to ssl structure public static IntPtr new_ssl(IntPtr ctx) { if (ctx == IntPtr.Zero) return IntPtr.Zero; try { ssl_handle io; IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "new_ssl ctx unwrap error"); return IntPtr.Zero; } io = new ssl_handle(); io.set_ssl(wolfSSL_new(local_ctx)); /* check if null */ if (io.get_ssl() == IntPtr.Zero) { return IntPtr.Zero; } /* keep memory pinned to be able to reference by address */ return GCHandle.ToIntPtr(GCHandle.Alloc(io, GCHandleType.Pinned)); } catch (Exception e) { log(ERROR_LOG, e.ToString()); return IntPtr.Zero; } } /// /// Used for a server to accept a connection /// /// structure containing info for connection /// 1 on success public static int accept(IntPtr ssl) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "accept ssl unwrap error"); return FAILURE; } return wolfSSL_accept(sslCtx); } catch (Exception e) { log(ERROR_LOG, "accept error " + e.ToString()); return FAILURE; } } /// /// Used for a client to connect /// /// structure containing connection info /// 1 on success public static int connect(IntPtr ssl) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "connect ssl unwrap error"); return FAILURE; } return wolfSSL_connect(sslCtx); } catch (Exception e) { log(ERROR_LOG, "connect error " + e.ToString()); return FAILURE; } } /// /// Read message from secure connection /// /// structure containing info about connection /// object to hold incoming message (Unicode format) /// size of available memory in buf /// amount of data read on success public static int read(IntPtr ssl, StringBuilder buf, int sz) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); IntPtr data; int ret; byte[] msg; buf.Clear(); /* Clear incoming buffer */ if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "read ssl unwrap error"); return FAILURE; } data = Marshal.AllocHGlobal(sz); ret = wolfSSL_read(sslCtx, data, sz); if (ret >= 0) { /* Get data that was sent across and store it using a literal read of * the conversion from bytes to character. Takes care of if * a null terminator is part of the message read. */ msg = new byte[ret]; Marshal.Copy(data, msg, 0, ret); for (int i = 0; i < ret; i++) { buf.Append(@Convert.ToChar(msg[i])); } } Marshal.FreeHGlobal(data); return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl read error " + e.ToString()); return FAILURE; } } /// /// Read message from secure connection using a byte array /// /// structure containing info about connection /// object to hold incoming message (raw bytes) /// size of available memory in buf /// amount of data read on success public static int read(IntPtr ssl, byte[] buf, int sz) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); IntPtr data; int ret; if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "read ssl unwrap error"); return FAILURE; } data = Marshal.AllocHGlobal(sz); ret = wolfSSL_read(sslCtx, data, sz); if (ret >= 0) { Marshal.Copy(data, buf, 0, ret); } Marshal.FreeHGlobal(data); return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl read error " + e.ToString()); return FAILURE; } } /// /// Write message to secure connection /// /// structure containing connection info /// message to send /// size of the message /// amount sent on success public static int write(IntPtr ssl, StringBuilder buf, int sz) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); IntPtr data; int ret; if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "write ssl unwrap error"); return FAILURE; } data = Marshal.AllocHGlobal(sz); Marshal.Copy(System.Text.Encoding.Default.GetBytes(buf.ToString()), 0, data, System.Text.Encoding.Default.GetByteCount(buf.ToString())); ret = wolfSSL_write(sslCtx, data, sz); Marshal.FreeHGlobal(data); return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl write error " + e.ToString()); return FAILURE; } } /// /// Write message to secure connection /// /// structure containing connection info /// message to send /// size of the message /// amount sent on success public static int write(IntPtr ssl, byte[] buf, int sz) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); IntPtr data; int ret; if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "write ssl unwrap error"); return FAILURE; } data = Marshal.AllocHGlobal(sz); Marshal.Copy(buf, 0, data, sz); ret = wolfSSL_write(sslCtx, data, sz); Marshal.FreeHGlobal(data); return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl write error " + e.ToString()); return FAILURE; } } /// /// Free information stored in ssl struct /// /// pointer to ssl struct to free public static void free(IntPtr ssl) { try { IntPtr sslCtx; GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; sslCtx = handles.get_ssl(); wolfSSL_free(sslCtx); handles.free(); gch.Free(); } catch (Exception e) { log(ERROR_LOG, "wolfssl free error " + e.ToString()); } } /// /// Shutdown a connection /// /// pointer to ssl struct to close connection of /// 1 on success public static int shutdown(IntPtr ssl) { if (ssl == IntPtr.Zero) return FAILURE; try { IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "shutdown ssl unwrap error"); return FAILURE; } return wolfSSL_shutdown(sslCtx); } catch (Exception e) { log(ERROR_LOG, "wolfssl shutdwon error " + e.ToString()); return FAILURE; } } /// /// Optional, can be used to set a custom receive function /// /// structure to set receive function in /// function to use when reading socket public static void SetIORecv(IntPtr ctx, CallbackIORecv_delegate func) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; /* check if already stored handle needs freed */ gch = handles.get_receive(); if (!Object.Equals(gch, default(GCHandle))) { gch.Free(); } /* keep new function alive */ handles.set_receive(GCHandle.Alloc(func)); wolfSSL_CTX_SetIORecv(handles.get_ctx(), func); } catch (Exception e) { log(ERROR_LOG, "wolfssl setIORecv error " + e.ToString()); } } /// /// Optional, can be used to set a custom send function /// /// structure to set function in /// function to use when sending data public static void SetIOSend(IntPtr ctx, CallbackIOSend_delegate func) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; /* check if already stored handle needs freed */ gch = handles.get_send(); if (!Object.Equals(gch, default(GCHandle))) { gch.Free(); } /* keep new function alive */ handles.set_send(GCHandle.Alloc(func)); wolfSSL_CTX_SetIOSend(handles.get_ctx(), func); } catch (Exception e) { log(ERROR_LOG, "wolfssl setIOSend error " + e.ToString()); } } /// /// Create a new CTX structure /// /// method to use such as TLSv1.2 /// pointer to CTX structure public static IntPtr CTX_new(IntPtr method) { try { IntPtr ctx = wolfSSL_CTX_new(method); if (ctx == IntPtr.Zero) return ctx; ctx_handle io = new ctx_handle(); io.set_ctx(ctx); CallbackIORecv_delegate recv = new CallbackIORecv_delegate(wolfssl.wolfSSLCbIORecv); io.set_receive(GCHandle.Alloc(recv)); wolfSSL_CTX_SetIORecv(ctx, recv); CallbackIOSend_delegate send = new CallbackIOSend_delegate(wolfssl.wolfSSLCbIOSend); io.set_send(GCHandle.Alloc(send)); wolfSSL_CTX_SetIOSend(ctx, send); /* keep memory pinned */ return GCHandle.ToIntPtr(GCHandle.Alloc(io, GCHandleType.Pinned)); } catch (Exception e) { log(ERROR_LOG, "ctx_new error " + e.ToString()); return IntPtr.Zero; } } /// /// Create a new CTX structure for a DTLS connection /// /// Method to use in connection ie DTLSv1.2 /// public static IntPtr CTX_dtls_new(IntPtr method) { try { IntPtr ctx = wolfSSL_CTX_new(method); if (ctx == IntPtr.Zero) return ctx; ctx_handle io = new ctx_handle(); io.set_ctx(ctx); CallbackIORecv_delegate recv = new CallbackIORecv_delegate(wolfssl.wolfSSL_dtlsCbIORecv); io.set_receive(GCHandle.Alloc(recv)); wolfSSL_CTX_SetIORecv(ctx, recv); CallbackIOSend_delegate send = new CallbackIOSend_delegate(wolfssl.wolfSSL_dtlsCbIOSend); io.set_send(GCHandle.Alloc(send)); wolfSSL_CTX_SetIOSend(ctx, send); /* keep memory pinned */ return GCHandle.ToIntPtr(GCHandle.Alloc(io, GCHandleType.Pinned)); } catch (Exception e) { log(ERROR_LOG, "ctx_dtls_new error " + e.ToString()); return IntPtr.Zero; } } /// /// Free information used in CTX structure /// /// structure to free public static void CTX_free(IntPtr ctx) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; wolfSSL_CTX_free(handles.get_ctx()); handles.free(); gch.Free(); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx free error " + e.ToString()); } } public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; handles.set_sni(GCHandle.Alloc(sni_cb)); wolfSSL_CTX_set_servername_callback(handles.get_ctx(), sni_cb); } catch (Exception e) { log(ERROR_LOG, "wolfssl servername callback error: " + e.ToString()); } } public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; handles.set_arg(GCHandle.Alloc(arg)); return wolfSSL_CTX_set_servername_arg(handles.get_ctx(), arg); } catch (Exception e) { log(ERROR_LOG, "wolfssl arg servername callback error: " + e.ToString()); return FAILURE; } } public static int CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; return wolfSSL_CTX_UseSNI(handles.get_ctx(), type, data, size); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx use sni error: " + e.ToString()); return FAILURE; } } public static int UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size) { try { GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; return wolfSSL_UseSNI(handles.get_ssl(), type, data, size); } catch (Exception e) { log(ERROR_LOG, "wolfssl use sni error: " + e.ToString()); return FAILURE; } } public static ushort SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data) { try { GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; return wolfSSL_SNI_GetRequest(handles.get_ssl(), type, ref data); } catch (Exception e) { log(ERROR_LOG, "wolfssl sni get request error: " + e.ToString()); return ushort.MaxValue; } } public static int SNI_GetFromBuffer(byte []clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) { try { return wolfSSL_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz); } catch(Exception e) { log(ERROR_LOG, "wolfssl sni get from buffer error: " + e.ToString()); return FAILURE; } } /// /// Set identity hint to use /// /// pointer to structure of ctx to set hint in /// hint to use /// 1 on success public static int CTX_use_psk_identity_hint(IntPtr ctx, StringBuilder hint) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX use psk identity hint unwrap error"); return FAILURE; } return wolfSSL_CTX_use_psk_identity_hint(local_ctx, hint); } catch (Exception e) { log(ERROR_LOG, "wolfssl psk identity hint error " + e.ToString()); return FAILURE; } } /// /// Set the function to use for PSK connections /// /// pointer to CTX that the function is set in /// PSK function to use public static void CTX_set_psk_server_callback(IntPtr ctx, psk_delegate psk_cb) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; handles.set_psk(GCHandle.Alloc(psk_cb)); wolfSSL_CTX_set_psk_server_callback(handles.get_ctx(), psk_cb); } catch (Exception e) { log(ERROR_LOG, "wolfssl psk server callback error " + e.ToString()); } } /// /// Set the function to use for PSK connections /// /// pointer to CTX that the function is set in /// PSK function to use public static void CTX_set_psk_client_callback(IntPtr ctx, psk_client_delegate psk_cb) { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; handles.set_psk(GCHandle.Alloc(psk_cb)); wolfSSL_CTX_set_psk_client_callback(handles.get_ctx(), psk_cb); } catch (Exception e) { log(ERROR_LOG, "wolfssl psk client callback error " + e.ToString()); } } /// /// Set the function to use for PSK connections on a single TLS/DTLS connection /// /// pointer to SSL that the function is set in /// PSK function to use public static void set_psk_server_callback(IntPtr ssl, psk_delegate psk_cb) { try { GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; handles.set_psk(GCHandle.Alloc(psk_cb)); wolfSSL_set_psk_server_callback(handles.get_ssl(), psk_cb); } catch (Exception e) { log(ERROR_LOG, "wolfssl psk server callback error " + e.ToString()); } } /// /// Set Socket for TLS connection /// /// structure to set Socket in /// Socket to use /// 1 on success public static int set_fd(IntPtr ssl, Socket fd) { /* sanity check on inputs */ if (ssl == IntPtr.Zero) { return FAILURE; } try { if (!fd.Equals(null)) { GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; IntPtr sslCtx = handles.get_ssl(); IntPtr ptr; GCHandle fd_pin = GCHandle.Alloc(fd); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl error setting up fd!!"); return FAILURE; } handles.set_fd(fd_pin); ptr = GCHandle.ToIntPtr(fd_pin); wolfSSL_SetIOWriteCtx(sslCtx, ptr); //pass along the socket for writing to wolfSSL_SetIOReadCtx(sslCtx, ptr); //pass along the socket for reading from return SUCCESS; } return FAILURE; } catch (Exception e) { log(ERROR_LOG, "Error setting up fd!! " + e.ToString()); return FAILURE; } } /// /// Get socket of a TLS connection /// /// structure to get socket from /// Socket object used for connection public static Socket get_fd(IntPtr ssl) { try { IntPtr ptr; IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl get_fd error"); return null; } ptr = wolfSSL_GetIOReadCtx(sslCtx); if (ptr != IntPtr.Zero) { GCHandle gch = GCHandle.FromIntPtr(ptr); return (System.Net.Sockets.Socket)gch.Target; } return null; } catch (Exception e) { log(ERROR_LOG, "wolfssl get_fd error " + e.ToString()); return null; } } /// /// Set information needed to send and receive a DTLS connection /// /// structure to set information in /// UDP object to send and receive /// End point of connection /// 1 on success public static int set_dtls_fd(IntPtr ssl, UdpClient udp, IPEndPoint ep) { /* sanity check on inputs */ if (ssl == IntPtr.Zero) { return FAILURE; } try { if (!udp.Equals(null) && !ep.Equals(null)) { IntPtr ptr; DTLS_con con; GCHandle gch = GCHandle.FromIntPtr(ssl); ssl_handle handles = (ssl_handle)gch.Target; GCHandle fd_pin; con = new DTLS_con(); con.udp = udp; con.ep = ep; fd_pin = GCHandle.Alloc(con); handles.set_fd(fd_pin); ptr = GCHandle.ToIntPtr(fd_pin); wolfSSL_SetIOWriteCtx(handles.get_ssl(), ptr); //pass along the socket for writing to wolfSSL_SetIOReadCtx(handles.get_ssl(), ptr); //pass along the socket for reading from return SUCCESS; } return FAILURE; } catch (Exception e) { log(ERROR_LOG, "Error setting up fd!! " + e.ToString()); return FAILURE; } } /// /// Get the pointer to DTLS_con class used for connection /// /// structure to get connection from /// DTLS_con object public static DTLS_con get_dtls_fd(IntPtr ssl) { try { IntPtr ptr; IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl get_dtls_fd error"); return null; } ptr = wolfSSL_GetIOReadCtx(sslCtx); if (ptr != IntPtr.Zero) { GCHandle gch = GCHandle.FromIntPtr(ptr); return (DTLS_con)gch.Target; } return null; } catch (Exception e) { log(ERROR_LOG, "wolfssl get_dtls_fd error " + e.ToString()); return null; } } /// /// Get available cipher suites /// /// list to fill with cipher suite names /// size of list available to fill /// 1 on success public static int get_ciphers(StringBuilder list, int sz) { try { return wolfSSL_get_ciphers(list, sz); } catch (Exception e) { log(ERROR_LOG, "wolfssl get_ciphers error " + e.ToString()); return FAILURE; } } /// /// Initialize wolfSSL library /// /// 1 on success public static int Init() { try { return wolfSSL_Init(); } catch (Exception e) { log(ERROR_LOG, "wolfssl init error " + e.ToString()); return FAILURE; } } /// /// Clean up wolfSSL library memory /// /// 1 on success public static int Cleanup() { try { return wolfSSL_Cleanup(); } catch (Exception e) { log(ERROR_LOG, "wolfssl cleanup error " + e.ToString()); return FAILURE; } } /// /// Set up TLS version 1.2 method /// /// pointer to TLSv1.2 method public static IntPtr useTLSv1_2_server() { try { return wolfTLSv1_2_server_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Set up TLS version 1.3 method /// /// pointer to TLSv1.3 method public static IntPtr useTLSv1_3_server() { try { return wolfTLSv1_3_server_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Use any TLS version /// /// pointer to method public static IntPtr usev23_server() { try { return wolfSSLv23_server_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Set up TLS version 1.2 method /// /// pointer to TLSv1.2 method public static IntPtr useTLSv1_2_client() { try { return wolfTLSv1_2_client_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Set up TLS version 1.3 method /// /// pointer to TLSv1.3 method public static IntPtr useTLSv1_3_client() { try { return wolfTLSv1_3_client_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Use any TLS version /// /// pointer to method public static IntPtr usev23_client() { try { return wolfSSLv23_client_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Set up DTLS version 1.2 /// /// pointer to DTLSv1.2 method public static IntPtr useDTLSv1_2_server() { try { return wolfDTLSv1_2_server_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Set up DTLS version 1.2 /// /// pointer to DTLSv1.2 method public static IntPtr useDTLSv1_2_client() { try { return wolfDTLSv1_2_client_method(); } catch (Exception e) { log(ERROR_LOG, "wolfssl error " + e.ToString()); return IntPtr.Zero; } } /// /// Gets the current cipher suite being used in connection /// /// SSL struct to get cipher suite from /// string containing current cipher suite public static string get_current_cipher(IntPtr ssl) { if (ssl == IntPtr.Zero) return null; try { IntPtr ssl_cipher; IntPtr ssl_cipher_ptr; string ssl_cipher_str; IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl get_current_cipher error"); return null; } ssl_cipher = wolfSSL_get_current_cipher(sslCtx); ssl_cipher_ptr = wolfSSL_CIPHER_get_name(ssl_cipher); ssl_cipher_str = Marshal.PtrToStringAnsi(ssl_cipher_ptr); return ssl_cipher_str; } catch (Exception e) { log(ERROR_LOG, "wolfssl get current cipher error " + e.ToString()); return null; } } /// /// Set available cipher suites for all ssl structs created from ctx /// /// CTX structure to set /// List full of ciphers suites /// 1 on success public static int CTX_set_cipher_list(IntPtr ctx, StringBuilder list) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX set cipher list error"); return FAILURE; } return wolfSSL_CTX_set_cipher_list(local_ctx, list); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx set cipher list error " + e.ToString()); return FAILURE; } } /// /// Set available cipher suite in local connection /// /// Structure to set cipher suite in /// List of cipher suites /// 1 on success public static int set_cipher_list(IntPtr ssl, StringBuilder list) { try { IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl set_cipher_list error"); return FAILURE; } return wolfSSL_set_cipher_list(sslCtx, list); } catch (Exception e) { log(ERROR_LOG, "wolfssl set cipher error " + e.ToString()); return FAILURE; } } /// /// Gets the version of the connection made ie TLSv1.2 /// /// SSL struct to get version of /// string containing version public static string get_version(IntPtr ssl) { if (ssl == IntPtr.Zero) return null; try { IntPtr version_ptr; string version; IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl get_version error"); return null; } version_ptr = wolfSSL_get_version(sslCtx); version = Marshal.PtrToStringAnsi(version_ptr); return version; } catch (Exception e) { log(ERROR_LOG, "wolfssl get version error " + e.ToString()); return null; } } /// /// Get a string containing error value and reason /// /// SSL struct that had error /// String containing error value and reason public static string get_error(IntPtr ssl) { if (ssl == IntPtr.Zero) return null; try { int err; StringBuilder err_name; StringBuilder ret; IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "wolfssl get_error error"); return null; } /* wolfSSL max error length is 80 */ ret = new StringBuilder(' ', 100); err = wolfSSL_get_error(sslCtx, 0); err_name = new StringBuilder(new String(' ', 80)); wolfSSL_ERR_error_string((uint)err, err_name); ret.Append("Error " + err + " " + err_name.ToString()); return ret.ToString(); } catch (Exception e) { log(ERROR_LOG, "wolfssl get error, error " + e.ToString()); return null; } } /// /// Used to load in the certificate file /// /// CTX structure for TLS/SSL connections /// Name of the file to load including absolute path /// Type of file ie PEM or DER /// 1 on success public static int CTX_use_certificate_file(IntPtr ctx, string fileCert, int type) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX use certificate file error"); return FAILURE; } return wolfSSL_CTX_use_certificate_file(local_ctx, fileCert, type); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx use cert file error " + e.ToString()); return FAILURE; } } /// /// Used to load in the peer trusted root file /// /// CTX structure for TLS/SSL connections /// Name of the file to load including absolute path /// path to multiple certificates (try to load all in path) /// 1 on success public static int CTX_load_verify_locations(IntPtr ctx, string fileCert, string path) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX load verify locations certificate file error"); return FAILURE; } return wolfSSL_CTX_load_verify_locations(local_ctx, fileCert, path); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx load verify locations file error " + e.ToString()); return FAILURE; } } /// /// Used to load in the private key from a file /// /// CTX structure for TLS/SSL connections /// Name of the file, including absolute directory /// Type of file ie PEM or DER /// 1 on success public static int CTX_use_PrivateKey_file(IntPtr ctx, string fileKey, int type) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX use PrivateKey file error"); return FAILURE; } return wolfSSL_CTX_use_PrivateKey_file(local_ctx, fileKey, type); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx use key file error " + e.ToString()); return FAILURE; } } /// /// Set temporary DH parameters /// /// Structure to set in /// file name /// type of file ie PEM /// 1 on success public static int SetTmpDH_file(IntPtr ssl, StringBuilder dhparam, int file_type) { try { IntPtr sslCtx = unwrap_ssl(ssl); if (sslCtx == IntPtr.Zero) { log(ERROR_LOG, "SetTmpDH_file ssl unwrap error"); return FAILURE; } return wolfSSL_SetTmpDH_file(sslCtx, dhparam, file_type); } catch (Exception e) { log(ERROR_LOG, "SetTmpDH_file error " + e.ToString()); return FAILURE; } } /// /// Set temporary DH parameters /// /// Structure to set in /// file name /// type of file ie PEM /// 1 on success public static int CTX_SetTmpDH_file(IntPtr ctx, StringBuilder dhparam, int file_type) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX_SetTmpDH_file ctx unwrap error"); return FAILURE; } return wolfSSL_CTX_SetTmpDH_file(local_ctx, dhparam, file_type); } catch (Exception e) { log(ERROR_LOG, "CTX_SetTmpDH_file error " + e.ToString()); return FAILURE; } } /// /// Used to set the minimum size of DH key /// /// Structure to store key size /// Min key size /// 1 on success public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey) { try { IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX SetMinDhKey_Sz error"); return FAILURE; } return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKey); } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx set min dh key error " + e.ToString()); return FAILURE; } } /// /// Set the certificate verification mode and optional callback function /// /// pointer to CTX that the function is set in /// See SSL_VERIFY options /// Optional verify callback function to use public static int CTX_set_verify(IntPtr ctx, int mode, CallbackVerify_delegate vc) { try { GCHandle gch; ctx_handle handles; IntPtr local_ctx = unwrap_ctx(ctx); if (local_ctx == IntPtr.Zero) { log(ERROR_LOG, "CTX set_verify error"); return FAILURE; } /* pin the verify callback to protect from garbage collection */ if (!vc.Equals(null)) { gch = GCHandle.FromIntPtr(ctx); handles = (ctx_handle)gch.Target; handles.set_vrf(GCHandle.Alloc(vc)); } wolfSSL_CTX_set_verify(local_ctx, mode, vc); return SUCCESS; } catch (Exception e) { log(ERROR_LOG, "wolfssl ctx set verify error " + e.ToString()); return FAILURE; } } /// /// Set the certificate verification mode and optional callback function /// /// pointer to SSL object that the function is set in /// See SSL_VERIFY options /// Optional verify callback function to use public static int set_verify(IntPtr ssl, int mode, CallbackVerify_delegate vc) { try { GCHandle gch; ssl_handle handles; IntPtr local_ssl = unwrap_ssl(ssl); if (local_ssl == IntPtr.Zero) { log(ERROR_LOG, "set_verify error"); return FAILURE; } /* pin the verify callback to protect from garbage collection */ if (!vc.Equals(null)) { gch = GCHandle.FromIntPtr(ssl); handles = (ssl_handle)gch.Target; handles.set_vrf(GCHandle.Alloc(vc)); } wolfSSL_set_verify(local_ssl, mode, vc); return SUCCESS; } catch (Exception e) { log(ERROR_LOG, "wolfssl set verify error " + e.ToString()); return FAILURE; } } /// /// Set the certificate verification mode and optional callback function /// /// pointer to SSL object that the function is set in /// See SSL_VERIFY options /// Optional verify callback function to use public static X509 X509_STORE_CTX_get_current_cert(IntPtr x509Ctx) { X509 ret = null; try { if (x509Ctx == IntPtr.Zero) { log(ERROR_LOG, "pointer passed in was not set"); return ret; } IntPtr x509 = wolfSSL_X509_STORE_CTX_get_current_cert(x509Ctx); if (x509 != IntPtr.Zero) { return new X509(x509, false); } return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl WOLFSSL_X509_STORE_CTX error " + e.ToString()); return ret; } } /// /// Gets all of the certificates from store /// /// pointer to store to get certificates from public static X509[] X509_STORE_CTX_get_certs(IntPtr x509Ctx) { X509[] ret = null; try { if (x509Ctx == IntPtr.Zero) { log(ERROR_LOG, "pointer passed in was not set"); return ret; } IntPtr sk = wolfSSL_X509_STORE_GetCerts(x509Ctx); if (sk != IntPtr.Zero) { int i; int numCerts = wolfSSL_sk_X509_num(sk); ret = new X509[numCerts]; for (i = 0; i < numCerts; i++) { IntPtr current = wolfSSL_sk_X509_pop(sk); if (current != IntPtr.Zero) { ret[i] = new X509(current, true); } } wolfSSL_sk_X509_free(sk); } return ret; } catch (Exception e) { log(ERROR_LOG, "wolfssl WOLFSSL_X509_STORE_CTX error " + e.ToString()); return ret; } } /// /// Get the current WOLFSSL_X509_STORE_CTX error value /// /// pointer to store to get error from public static int X509_STORE_CTX_get_error(IntPtr x509Ctx) { try { if (x509Ctx == IntPtr.Zero) { log(ERROR_LOG, "pointer passed in was not set"); return -1; } return wolfSSL_X509_STORE_CTX_get_error(x509Ctx); } catch (Exception e) { log(ERROR_LOG, "wolfssl WOLFSSL_X509_STORE_CTX error " + e.ToString()); return -1; } } /// /// Print low level C library debug messages to stdout when compiled with macro DEBUG_WOLFSSL /// public static void Debugging_ON() { wolfSSL_Debugging_ON(); } /// /// Turn off low level C debug messages /// public static void Debugging_OFF() { wolfSSL_Debugging_OFF(); } /// /// Set the function to use for logging /// /// Function that conforms as to loggingCb /// 1 on success public static int SetLogging(loggingCb input) { internal_log = input; return SUCCESS; } /// /// Log a message to set logging function /// /// Level of log message /// Message to log public static void log(int lvl, string msg) { /* if log is not set then print nothing */ if (internal_log == null) return; StringBuilder ptr = new StringBuilder(msg); internal_log(lvl, ptr); } } }