2
0

async_server.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367
  1. /* async_server.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* TLS server demonstrating asynchronous cryptography features and optionally
  22. * using the crypto or PK callbacks */
  23. #ifdef HAVE_CONFIG_H
  24. #include <config.h>
  25. #endif
  26. /* std */
  27. #include <stdlib.h>
  28. #include <stdio.h>
  29. #include <string.h>
  30. /* socket */
  31. #include <sys/socket.h>
  32. #include <arpa/inet.h>
  33. #include <netinet/in.h>
  34. #include <unistd.h>
  35. #define HAVE_SIGNAL
  36. #ifdef HAVE_SIGNAL
  37. #include <signal.h> /* for catching ctrl+c */
  38. #endif
  39. /* wolfSSL */
  40. #ifndef WOLFSSL_USER_SETTINGS
  41. #include <wolfssl/options.h>
  42. #endif
  43. #include <wolfssl/ssl.h>
  44. #include <wolfssl/wolfio.h>
  45. #include <wolfssl/wolfcrypt/error-crypt.h>
  46. #include "examples/async/async_tls.h"
  47. /* Test certificates and keys for RSA and ECC */
  48. #ifndef NO_RSA
  49. #define CERT_FILE "./certs/server-cert.pem"
  50. #define KEY_FILE "./certs/server-key.pem"
  51. #define CA_FILE "./certs/client-cert.pem"
  52. #elif defined(HAVE_ECC)
  53. #define CERT_FILE "./certs/server-ecc.pem"
  54. #define KEY_FILE "./certs/ecc-key.pem"
  55. #define CA_FILE "./certs/client-ecc-cert.pem"
  56. #else
  57. #error No authentication algorithm (ECC/RSA)
  58. #endif
  59. static int mSockfd = SOCKET_INVALID;
  60. static int mConnd = SOCKET_INVALID;
  61. static int mShutdown = 0;
  62. #ifdef HAVE_SIGNAL
  63. static void sig_handler(const int sig)
  64. {
  65. #ifdef DEBUG_WOLFSSL
  66. fprintf(stderr, "SIGINT handled = %d.\n", sig);
  67. #else
  68. (void)sig;
  69. #endif
  70. mShutdown = 1;
  71. if (mConnd != SOCKET_INVALID) {
  72. close(mConnd); /* Close the connection to the client */
  73. mConnd = SOCKET_INVALID;
  74. }
  75. if (mSockfd != SOCKET_INVALID) {
  76. close(mSockfd); /* Close the socket listening for clients */
  77. mSockfd = SOCKET_INVALID;
  78. }
  79. }
  80. #endif
  81. int server_async_test(int argc, char** argv)
  82. {
  83. int ret = 0;
  84. struct sockaddr_in servAddr;
  85. struct sockaddr_in clientAddr;
  86. socklen_t size = sizeof(clientAddr);
  87. char buff[TEST_BUF_SZ];
  88. size_t len;
  89. const char* reply = "I hear ya fa shizzle!\n";
  90. int on;
  91. int devId = 1; /* anything besides -2 (INVALID_DEVID) */
  92. #ifdef WOLF_CRYPTO_CB
  93. AsyncTlsCryptoCbCtx myCtx;
  94. #endif
  95. int err;
  96. char errBuff[WOLFSSL_MAX_ERROR_SZ];
  97. /* declare wolfSSL objects */
  98. WOLFSSL_CTX* ctx = NULL;
  99. WOLFSSL* ssl = NULL;
  100. #ifdef HAVE_SIGNAL
  101. if ((signal(SIGINT, sig_handler)) == SIG_ERR) {
  102. fprintf(stderr, "ERROR: failed to listen to SIGINT (errno: %d)\n",errno);
  103. goto exit;
  104. }
  105. #endif
  106. /* Initialize the server address struct with zeros */
  107. memset(&servAddr, 0, sizeof(servAddr));
  108. /* Fill in the server address */
  109. servAddr.sin_family = AF_INET; /* using IPv4 */
  110. servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
  111. servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
  112. /* Create a socket that uses an internet IPv4 address,
  113. * Sets the socket to be stream based (TCP),
  114. * 0 means choose the default protocol. */
  115. if ((mSockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  116. fprintf(stderr, "ERROR: failed to create the socket\n");
  117. goto exit;
  118. }
  119. /* make sure server is setup for reuse addr/port */
  120. on = 1;
  121. if (setsockopt(mSockfd, SOL_SOCKET, SO_REUSEADDR,
  122. (char*)&on, (socklen_t)sizeof(on)) != 0) {
  123. fprintf(stderr, "ERROR: failed to set SO_REUSEADDR (errno: %d)\n",errno);
  124. goto exit;
  125. }
  126. #ifdef SO_REUSEPORT
  127. if (setsockopt(mSockfd, SOL_SOCKET, SO_REUSEPORT,
  128. (char*)&on, (socklen_t)sizeof(on)) != 0) {
  129. fprintf(stderr, "ERROR: failed to set SO_REUSEPORT (errno: %d)\n",errno);
  130. goto exit;
  131. }
  132. #endif
  133. /* Bind the server socket to our port */
  134. if (bind(mSockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
  135. fprintf(stderr, "ERROR: failed to bind\n");
  136. goto exit;
  137. }
  138. /* Listen for a new connection, allow 5 pending connections */
  139. if (listen(mSockfd, 5) == -1) {
  140. fprintf(stderr, "ERROR: failed to listen\n");
  141. goto exit;
  142. }
  143. /*---------------------------------*/
  144. /* Start of wolfSSL initialization and configuration */
  145. /*---------------------------------*/
  146. #ifdef DEBUG_WOLFSSL
  147. wolfSSL_Debugging_ON();
  148. #endif
  149. /* Initialize wolfSSL */
  150. if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
  151. fprintf(stderr, "ERROR: Failed to initialize the library\n");
  152. goto exit;
  153. }
  154. /* Create and initialize WOLFSSL_CTX */
  155. if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
  156. fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
  157. ret = -1;
  158. goto exit;
  159. }
  160. #ifdef WOLF_CRYPTO_CB
  161. XMEMSET(&myCtx, 0, sizeof(myCtx));
  162. /* register a devID for crypto callbacks */
  163. ret = wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &myCtx);
  164. if (ret != 0) {
  165. fprintf(stderr, "wc_CryptoCb_RegisterDevice: error %d", ret);
  166. goto exit;
  167. }
  168. #endif
  169. /* register a devID for crypto callbacks */
  170. wolfSSL_CTX_SetDevId(ctx, devId);
  171. /* Require mutual authentication */
  172. wolfSSL_CTX_set_verify(ctx,
  173. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
  174. /* Load server certificates into WOLFSSL_CTX */
  175. if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE,
  176. WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
  177. fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
  178. CERT_FILE);
  179. goto exit;
  180. }
  181. /* Load server key into WOLFSSL_CTX */
  182. if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE,
  183. WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
  184. fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
  185. KEY_FILE);
  186. goto exit;
  187. }
  188. /* Load client certificate as "trusted" into WOLFSSL_CTX */
  189. if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL))
  190. != WOLFSSL_SUCCESS) {
  191. fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
  192. CA_FILE);
  193. goto exit;
  194. }
  195. /* Continue to accept clients until mShutdown is issued */
  196. while (!mShutdown) {
  197. printf("Waiting for a connection...\n");
  198. /* Accept client connections */
  199. if ((mConnd = accept(mSockfd, (struct sockaddr*)&clientAddr, &size))
  200. == -1) {
  201. fprintf(stderr, "ERROR: failed to accept the connection\n\n");
  202. ret = -1; goto exit;
  203. }
  204. /* Create a WOLFSSL object */
  205. if ((ssl = wolfSSL_new(ctx)) == NULL) {
  206. fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
  207. ret = -1; goto exit;
  208. }
  209. /* Attach wolfSSL to the socket */
  210. wolfSSL_set_fd(ssl, mConnd);
  211. /* Establish TLS connection */
  212. #ifdef WOLFSSL_ASYNC_CRYPT
  213. err = 0; /* Reset error */
  214. #endif
  215. do {
  216. #ifdef WOLFSSL_ASYNC_CRYPT
  217. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  218. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  219. if (ret < 0)
  220. break;
  221. }
  222. #endif
  223. ret = wolfSSL_accept(ssl);
  224. err = wolfSSL_get_error(ssl, 0);
  225. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  226. if (ret != WOLFSSL_SUCCESS) {
  227. fprintf(stderr, "wolfSSL_accept error %d: %s\n",
  228. err, wolfSSL_ERR_error_string(err, errBuff));
  229. goto exit;
  230. }
  231. printf("Client connected successfully\n");
  232. /* Read the client data into our buff array */
  233. memset(buff, 0, sizeof(buff));
  234. #ifdef WOLFSSL_ASYNC_CRYPT
  235. err = 0; /* Reset error */
  236. #endif
  237. do {
  238. #ifdef WOLFSSL_ASYNC_CRYPT
  239. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  240. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  241. if (ret < 0)
  242. break;
  243. }
  244. #endif
  245. ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
  246. err = wolfSSL_get_error(ssl, 0);
  247. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  248. if (ret < 0) {
  249. fprintf(stderr, "wolfSSL_read error %d: %s\n",
  250. err, wolfSSL_ERR_error_string(err, errBuff));
  251. goto exit;
  252. }
  253. /* Print to stdout any data the client sends */
  254. printf("Client: %s\n", buff);
  255. /* Check for server shutdown command */
  256. if (strncmp(buff, "shutdown", 8) == 0) {
  257. printf("Shutdown command issued!\n");
  258. mShutdown = 1;
  259. }
  260. /* Write our reply into buff */
  261. memset(buff, 0, sizeof(buff));
  262. memcpy(buff, reply, strlen(reply));
  263. len = strnlen(buff, sizeof(buff));
  264. /* Reply back to the client */
  265. #ifdef WOLFSSL_ASYNC_CRYPT
  266. err = 0; /* Reset error */
  267. #endif
  268. do {
  269. #ifdef WOLFSSL_ASYNC_CRYPT
  270. if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
  271. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  272. if (ret < 0)
  273. break;
  274. }
  275. #endif
  276. ret = wolfSSL_write(ssl, buff, (int)len);
  277. err = wolfSSL_get_error(ssl, 0);
  278. } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
  279. if (ret != (int)len) {
  280. fprintf(stderr, "wolfSSL_write error %d: %s\n",
  281. err, wolfSSL_ERR_error_string(err, errBuff));
  282. goto exit;
  283. }
  284. /* Cleanup after this connection */
  285. wolfSSL_shutdown(ssl);
  286. if (ssl) {
  287. wolfSSL_free(ssl); /* Free the wolfSSL object */
  288. ssl = NULL;
  289. }
  290. if (mConnd != SOCKET_INVALID) {
  291. close(mConnd); /* Close the connection to the client */
  292. mConnd = SOCKET_INVALID;
  293. }
  294. }
  295. printf("Shutdown complete\n");
  296. exit:
  297. /* Cleanup and return */
  298. if (ssl)
  299. wolfSSL_free(ssl); /* Free the wolfSSL object */
  300. if (mConnd != SOCKET_INVALID) {
  301. close(mConnd); /* Close the connection to the client */
  302. mConnd = SOCKET_INVALID;
  303. }
  304. if (mSockfd != SOCKET_INVALID) {
  305. close(mSockfd); /* Close the socket listening for clients */
  306. mSockfd = SOCKET_INVALID;
  307. }
  308. if (ctx)
  309. wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
  310. wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
  311. (void)argc;
  312. (void)argv;
  313. return ret;
  314. }
  315. #ifndef NO_MAIN_DRIVER
  316. int main(int argc, char** argv)
  317. {
  318. return server_async_test(argc, argv);
  319. }
  320. #endif /* !NO_MAIN_DRIVER */