tls_server.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. /* tls_server.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #include <wolfssl/wolfcrypt/settings.h>
  22. #include <wolfssl/wolfcrypt/error-crypt.h>
  23. #if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
  24. #include <wolfssl/ssl.h>
  25. #include <wolfssl/wolfcrypt/logging.h>
  26. #include <stdio.h>
  27. #define MAXSZ 1024
  28. /*------------------------------------------------------------------------*/
  29. /* TLS SERVER */
  30. /*------------------------------------------------------------------------*/
  31. static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
  32. {
  33. int ret = WOLFSSL_CBIO_ERR_GENERAL;
  34. (void)ssl;
  35. (void)ctx;
  36. /* TODO: Exchange data over your own transport */
  37. #warning TODO: Implement your own recv data transport
  38. #if 0
  39. ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz);
  40. if (ret == STATUS_ERR_TIMEOUT)
  41. return WOLFSSL_CBIO_ERR_WANT_READ;
  42. return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
  43. #else
  44. return ret;
  45. #endif
  46. }
  47. static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
  48. {
  49. int ret = WOLFSSL_CBIO_ERR_GENERAL;
  50. (void)ssl;
  51. (void)ctx;
  52. /* TODO: Exchange data over your own transport */
  53. #warning TODO: Implement your own send data transport
  54. #if 0
  55. ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz);
  56. if (ret == STATUS_ERR_TIMEOUT)
  57. return WOLFSSL_CBIO_ERR_WANT_WRITE;
  58. return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
  59. #else
  60. return ret;
  61. #endif
  62. }
  63. static int tls_server(void)
  64. {
  65. char reply[MAXSZ];
  66. int ret, error;
  67. WOLFSSL* ssl = NULL;
  68. WOLFSSL_CTX* ctx = NULL;
  69. if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
  70. printf("CTXnew failed.\n");
  71. goto fail;
  72. }
  73. /*------------------------------------------------------------------------*/
  74. /* ECDHE-ECDSA */
  75. /*------------------------------------------------------------------------*/
  76. /*--------------------*/
  77. /* for peer auth use: */
  78. /*--------------------*/
  79. // wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024,
  80. // sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1);
  81. // wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024,
  82. // sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1);
  83. /*---------------------*/
  84. /* for no peer auth: */
  85. /*---------------------*/
  86. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
  87. /*---------------------*/
  88. /* end peer auth option*/
  89. /*---------------------*/
  90. if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
  91. wolfSSL_CTX_free(ctx);
  92. printf("CTXset_cipher_list failed, error: %d\n", ret);
  93. goto fail;
  94. }
  95. /*------------------------------------------------------------------------*/
  96. /* END CIPHER SUITE OPTIONS */
  97. /*------------------------------------------------------------------------*/
  98. wolfSSL_CTX_SetIORecv(ctx, CbIORecv);
  99. wolfSSL_CTX_SetIOSend(ctx, CbIOSend);
  100. if ((ssl = wolfSSL_new(ctx)) == NULL) {
  101. error = wolfSSL_get_error(ssl, 0);
  102. printf("wolfSSL_new failed %d\n", error);
  103. wolfSSL_CTX_free(ctx);
  104. return -1;
  105. }
  106. /* non blocking accept and connect */
  107. ret = WOLFSSL_FAILURE;
  108. while (ret != WOLFSSL_SUCCESS) {
  109. /* server accept */
  110. ret = wolfSSL_accept(ssl);
  111. error = wolfSSL_get_error(ssl, 0);
  112. if (ret != WOLFSSL_SUCCESS) {
  113. if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
  114. /* Fail */
  115. printf("wolfSSL accept failed with return code %d\n", error);
  116. goto fail;
  117. }
  118. }
  119. /* Success */
  120. }
  121. /* read and write */
  122. while (1) {
  123. /* server read */
  124. ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
  125. error = wolfSSL_get_error(ssl, 0);
  126. if (ret < 0) {
  127. if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
  128. /* Can put print here, the server enters a loop waiting to read
  129. * a confirmation message at this point */
  130. // printf("server read failed\n");
  131. goto fail;
  132. }
  133. continue;
  134. }
  135. else {
  136. /* Can put print here, the server enters a loop waiting to read
  137. * a confirmation message at this point */
  138. reply[ret] = '\0';
  139. // printf("Server Received Reply: %s\n", reply);
  140. break;
  141. }
  142. }
  143. while (1) {
  144. /* server write / echo */
  145. ret = wolfSSL_write(ssl, reply, XSTRLEN(reply));
  146. error = wolfSSL_get_error(ssl, 0);
  147. if (ret != XSTRLEN(reply)) {
  148. if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
  149. /* Write failed */
  150. goto fail;
  151. }
  152. }
  153. /* Write succeeded */
  154. break;
  155. }
  156. return 0;
  157. fail:
  158. wolfSSL_shutdown(ssl);
  159. wolfSSL_free(ssl);
  160. wolfSSL_CTX_free(ctx);
  161. return -1;
  162. }
  163. #endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */
  164. int main(void)
  165. {
  166. int ret;
  167. #if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
  168. wolfSSL_Init();
  169. ret = tls_server();
  170. wolfSSL_Cleanup();
  171. #else
  172. ret = NOT_COMPILED_IN;
  173. #endif
  174. return ret;
  175. }