123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 |
- /* tls_server.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
- #include <wolfssl/ssl.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <stdio.h>
- #define MAXSZ 1024
- /*------------------------------------------------------------------------*/
- /* TLS SERVER */
- /*------------------------------------------------------------------------*/
- static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
- {
- int ret = WOLFSSL_CBIO_ERR_GENERAL;
- (void)ssl;
- (void)ctx;
- /* TODO: Exchange data over your own transport */
- #warning TODO: Implement your own recv data transport
- #if 0
- ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz);
- if (ret == STATUS_ERR_TIMEOUT)
- return WOLFSSL_CBIO_ERR_WANT_READ;
- return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
- #else
- return ret;
- #endif
- }
- static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
- {
- int ret = WOLFSSL_CBIO_ERR_GENERAL;
- (void)ssl;
- (void)ctx;
- /* TODO: Exchange data over your own transport */
- #warning TODO: Implement your own send data transport
- #if 0
- ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz);
- if (ret == STATUS_ERR_TIMEOUT)
- return WOLFSSL_CBIO_ERR_WANT_WRITE;
- return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
- #else
- return ret;
- #endif
- }
- static int tls_server(void)
- {
- char reply[MAXSZ];
- int ret, error;
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
- printf("CTXnew failed.\n");
- goto fail;
- }
- /*------------------------------------------------------------------------*/
- /* ECDHE-ECDSA */
- /*------------------------------------------------------------------------*/
- /*--------------------*/
- /* for peer auth use: */
- /*--------------------*/
- // wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024,
- // sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1);
- // wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024,
- // sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1);
- /*---------------------*/
- /* for no peer auth: */
- /*---------------------*/
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
- /*---------------------*/
- /* end peer auth option*/
- /*---------------------*/
- if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
- wolfSSL_CTX_free(ctx);
- printf("CTXset_cipher_list failed, error: %d\n", ret);
- goto fail;
- }
- /*------------------------------------------------------------------------*/
- /* END CIPHER SUITE OPTIONS */
- /*------------------------------------------------------------------------*/
- wolfSSL_CTX_SetIORecv(ctx, CbIORecv);
- wolfSSL_CTX_SetIOSend(ctx, CbIOSend);
- if ((ssl = wolfSSL_new(ctx)) == NULL) {
- error = wolfSSL_get_error(ssl, 0);
- printf("wolfSSL_new failed %d\n", error);
- wolfSSL_CTX_free(ctx);
- return -1;
- }
- /* non blocking accept and connect */
- ret = WOLFSSL_FAILURE;
- while (ret != WOLFSSL_SUCCESS) {
- /* server accept */
- ret = wolfSSL_accept(ssl);
- error = wolfSSL_get_error(ssl, 0);
- if (ret != WOLFSSL_SUCCESS) {
- if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
- /* Fail */
- printf("wolfSSL accept failed with return code %d\n", error);
- goto fail;
- }
- }
- /* Success */
- }
- /* read and write */
- while (1) {
- /* server read */
- ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
- error = wolfSSL_get_error(ssl, 0);
- if (ret < 0) {
- if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
- /* Can put print here, the server enters a loop waiting to read
- * a confirmation message at this point */
- // printf("server read failed\n");
- goto fail;
- }
- continue;
- }
- else {
- /* Can put print here, the server enters a loop waiting to read
- * a confirmation message at this point */
- reply[ret] = '\0';
- // printf("Server Received Reply: %s\n", reply);
- break;
- }
- }
- while (1) {
- /* server write / echo */
- ret = wolfSSL_write(ssl, reply, XSTRLEN(reply));
- error = wolfSSL_get_error(ssl, 0);
- if (ret != XSTRLEN(reply)) {
- if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
- /* Write failed */
- goto fail;
- }
- }
- /* Write succeeded */
- break;
- }
- return 0;
- fail:
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- return -1;
- }
- #endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */
- int main(void)
- {
- int ret;
- #if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
- wolfSSL_Init();
- ret = tls_server();
- wolfSSL_Cleanup();
- #else
- ret = NOT_COMPILED_IN;
- #endif
- return ret;
- }
|