2
0

echoserver.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551
  1. /* echoserver.c
  2. *
  3. * Copyright (C) 2006-2020 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <cyassl/ssl.h> /* name change portability layer */
  25. #include <cyassl/ctaocrypt/settings.h>
  26. #ifdef HAVE_ECC
  27. #include <cyassl/ctaocrypt/ecc.h> /* ecc_fp_free */
  28. #endif
  29. #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  30. #include <stdio.h>
  31. #include <string.h>
  32. #include "cmsis_os.h"
  33. #include "rl_fs.h"
  34. #include "rl_net.h"
  35. #include "wolfssl_MDK_ARM.h"
  36. #endif
  37. #include <cyassl/ssl.h>
  38. #include <cyassl/test.h>
  39. #ifndef NO_MAIN_DRIVER
  40. #define ECHO_OUT
  41. #endif
  42. #include "examples/echoserver/echoserver.h"
  43. #ifndef NO_WOLFSSL_SERVER
  44. #ifdef WOLFSSL_ASYNC_CRYPT
  45. static int devId = INVALID_DEVID;
  46. #endif
  47. #define SVR_COMMAND_SIZE 256
  48. static void SignalReady(void* args, word16 port)
  49. {
  50. #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
  51. /* signal ready to tcp_accept */
  52. func_args* server_args = (func_args*)args;
  53. tcp_ready* ready = server_args->signal;
  54. pthread_mutex_lock(&ready->mutex);
  55. ready->ready = 1;
  56. ready->port = port;
  57. pthread_cond_signal(&ready->cond);
  58. pthread_mutex_unlock(&ready->mutex);
  59. #endif
  60. (void)args;
  61. (void)port;
  62. }
  63. THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
  64. {
  65. SOCKET_T sockfd = 0;
  66. CYASSL_METHOD* method = 0;
  67. CYASSL_CTX* ctx = 0;
  68. int ret = 0;
  69. int doDTLS = 0;
  70. int doPSK;
  71. int outCreated = 0;
  72. int shutDown = 0;
  73. int useAnyAddr = 0;
  74. word16 port;
  75. int argc = ((func_args*)args)->argc;
  76. char** argv = ((func_args*)args)->argv;
  77. char buffer[CYASSL_MAX_ERROR_SZ];
  78. #ifdef ECHO_OUT
  79. FILE* fout = stdout;
  80. if (argc >= 2) {
  81. fout = fopen(argv[1], "w");
  82. outCreated = 1;
  83. }
  84. if (!fout) err_sys("can't open output file");
  85. #endif
  86. (void)outCreated;
  87. (void)argc;
  88. (void)argv;
  89. ((func_args*)args)->return_code = -1; /* error state */
  90. #ifdef CYASSL_DTLS
  91. doDTLS = 1;
  92. #endif
  93. #if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
  94. !defined(HAVE_ED448)) || defined(CYASSL_LEANPSK)
  95. doPSK = 1;
  96. #else
  97. doPSK = 0;
  98. #endif
  99. #if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \
  100. !defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) && \
  101. !defined(USE_WINDOWS_API)
  102. /* Let tcp_listen assign port */
  103. port = 0;
  104. #else
  105. /* Use default port */
  106. port = wolfSSLPort;
  107. #endif
  108. #if defined(USE_ANY_ADDR)
  109. useAnyAddr = 1;
  110. #endif
  111. #ifdef CYASSL_TIRTOS
  112. fdOpenSession(Task_self());
  113. #endif
  114. tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
  115. #if defined(CYASSL_DTLS)
  116. method = CyaDTLSv1_2_server_method();
  117. #elif !defined(NO_TLS)
  118. #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)) || \
  119. defined(HAVE_NTRU)
  120. method = CyaTLSv1_2_server_method();
  121. #else
  122. method = CyaSSLv23_server_method();
  123. #endif
  124. #elif defined(WOLFSSL_ALLOW_SSLV3)
  125. method = CyaSSLv3_server_method();
  126. #else
  127. #error "no valid server method built in"
  128. #endif
  129. ctx = CyaSSL_CTX_new(method);
  130. /* CyaSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_OFF); */
  131. #ifdef WOLFSSL_ENCRYPTED_KEYS
  132. CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  133. #endif
  134. #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
  135. defined(HAVE_POLY1305)
  136. if (TicketInit() != 0)
  137. err_sys("unable to setup Session Ticket Key context");
  138. wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
  139. #endif
  140. #ifndef NO_FILESYSTEM
  141. if (doPSK == 0) {
  142. #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
  143. /* ntru */
  144. if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, WOLFSSL_FILETYPE_PEM)
  145. != WOLFSSL_SUCCESS)
  146. err_sys("can't load ntru cert file, "
  147. "Please run from wolfSSL home dir");
  148. if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile)
  149. != WOLFSSL_SUCCESS)
  150. err_sys("can't load ntru key file, "
  151. "Please run from wolfSSL home dir");
  152. #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
  153. /* ecc */
  154. if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
  155. != WOLFSSL_SUCCESS)
  156. err_sys("can't load server cert file, "
  157. "Please run from wolfSSL home dir");
  158. if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
  159. != WOLFSSL_SUCCESS)
  160. err_sys("can't load server key file, "
  161. "Please run from wolfSSL home dir");
  162. #elif defined(HAVE_ED25519) && !defined(CYASSL_SNIFFER)
  163. /* ed25519 */
  164. if (CyaSSL_CTX_use_certificate_chain_file(ctx, edCertFile)
  165. != WOLFSSL_SUCCESS)
  166. err_sys("can't load server cert file, "
  167. "Please run from wolfSSL home dir");
  168. if (CyaSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
  169. != WOLFSSL_SUCCESS)
  170. err_sys("can't load server key file, "
  171. "Please run from wolfSSL home dir");
  172. #elif defined(HAVE_ED448) && !defined(CYASSL_SNIFFER)
  173. /* ed448 */
  174. if (CyaSSL_CTX_use_certificate_chain_file(ctx, ed448CertFile)
  175. != WOLFSSL_SUCCESS)
  176. err_sys("can't load server cert file, "
  177. "Please run from wolfSSL home dir");
  178. if (CyaSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  179. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  180. err_sys("can't load server key file, "
  181. "Please run from wolfSSL home dir");
  182. #elif defined(NO_CERTS)
  183. /* do nothing, just don't load cert files */
  184. #else
  185. /* normal */
  186. if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
  187. != WOLFSSL_SUCCESS)
  188. err_sys("can't load server cert file, "
  189. "Please run from wolfSSL home dir");
  190. if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
  191. != WOLFSSL_SUCCESS)
  192. err_sys("can't load server key file, "
  193. "Please run from wolfSSL home dir");
  194. #endif
  195. } /* doPSK */
  196. #elif !defined(NO_CERTS)
  197. if (!doPSK) {
  198. load_buffer(ctx, svrCertFile, WOLFSSL_CERT);
  199. load_buffer(ctx, svrKeyFile, WOLFSSL_KEY);
  200. }
  201. #endif
  202. #if defined(CYASSL_SNIFFER)
  203. /* Only set if not running testsuite */
  204. if (XSTRSTR(argv[0], "testsuite") != 0) {
  205. /* don't use EDH, can't sniff tmp keys */
  206. CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
  207. }
  208. #endif
  209. if (doPSK) {
  210. #ifndef NO_PSK
  211. const char *defaultCipherList;
  212. CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
  213. CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
  214. #ifdef HAVE_NULL_CIPHER
  215. defaultCipherList = "PSK-NULL-SHA256";
  216. #elif defined(HAVE_AESGCM) && !defined(NO_DH)
  217. #ifdef WOLFSSL_TLS13
  218. defaultCipherList = "TLS13-AES128-GCM-SHA256:"
  219. "DHE-PSK-AES128-GCM-SHA256";
  220. #else
  221. defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
  222. #endif
  223. #else
  224. defaultCipherList = "PSK-AES128-CBC-SHA256";
  225. #endif
  226. if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS)
  227. err_sys("server can't set cipher list 2");
  228. wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
  229. #endif
  230. }
  231. #ifdef WOLFSSL_ASYNC_CRYPT
  232. ret = wolfAsync_DevOpen(&devId);
  233. if (ret < 0) {
  234. printf("Async device open failed\nRunning without async\n");
  235. }
  236. wolfSSL_CTX_UseAsync(ctx, devId);
  237. #endif /* WOLFSSL_ASYNC_CRYPT */
  238. SignalReady(args, port);
  239. while (!shutDown) {
  240. CYASSL* ssl = NULL;
  241. CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */
  242. char command[SVR_COMMAND_SIZE+1];
  243. int echoSz = 0;
  244. int clientfd;
  245. int firstRead = 1;
  246. int gotFirstG = 0;
  247. int err = 0;
  248. SOCKADDR_IN_T client;
  249. socklen_t client_len = sizeof(client);
  250. #ifndef CYASSL_DTLS
  251. clientfd = accept(sockfd, (struct sockaddr*)&client,
  252. (ACCEPT_THIRD_T)&client_len);
  253. #else
  254. clientfd = sockfd;
  255. {
  256. /* For DTLS, peek at the next datagram so we can get the client's
  257. * address and set it into the ssl object later to generate the
  258. * cookie. */
  259. int n;
  260. byte b[1500];
  261. n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
  262. (struct sockaddr*)&client, &client_len);
  263. if (n <= 0)
  264. err_sys("recvfrom failed");
  265. }
  266. #endif
  267. if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed");
  268. ssl = CyaSSL_new(ctx);
  269. if (ssl == NULL) err_sys("SSL_new failed");
  270. CyaSSL_set_fd(ssl, clientfd);
  271. #ifdef CYASSL_DTLS
  272. wolfSSL_dtls_set_peer(ssl, &client, client_len);
  273. #endif
  274. #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
  275. CyaSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  276. #elif !defined(NO_DH)
  277. SetDH(ssl); /* will repick suites with DHE, higher than PSK */
  278. #endif
  279. do {
  280. err = 0; /* Reset error */
  281. ret = CyaSSL_accept(ssl);
  282. if (ret != WOLFSSL_SUCCESS) {
  283. err = CyaSSL_get_error(ssl, 0);
  284. #ifdef WOLFSSL_ASYNC_CRYPT
  285. if (err == WC_PENDING_E) {
  286. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  287. if (ret < 0) break;
  288. }
  289. #endif
  290. }
  291. } while (err == WC_PENDING_E);
  292. if (ret != WOLFSSL_SUCCESS) {
  293. printf("SSL_accept error = %d, %s\n", err,
  294. CyaSSL_ERR_error_string(err, buffer));
  295. printf("SSL_accept failed\n");
  296. CyaSSL_free(ssl);
  297. CloseSocket(clientfd);
  298. continue;
  299. }
  300. #if defined(PEER_INFO)
  301. showPeer(ssl);
  302. #endif
  303. #ifdef HAVE_WRITE_DUP
  304. write_ssl = wolfSSL_write_dup(ssl);
  305. if (write_ssl == NULL) {
  306. printf("wolfSSL_write_dup failed\n");
  307. CyaSSL_free(ssl);
  308. CloseSocket(clientfd);
  309. continue;
  310. }
  311. #else
  312. write_ssl = ssl;
  313. #endif
  314. while (1) {
  315. do {
  316. err = 0; /* reset error */
  317. ret = CyaSSL_read(ssl, command, sizeof(command)-1);
  318. if (ret <= 0) {
  319. err = CyaSSL_get_error(ssl, 0);
  320. #ifdef WOLFSSL_ASYNC_CRYPT
  321. if (err == WC_PENDING_E) {
  322. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  323. if (ret < 0) break;
  324. }
  325. #endif
  326. }
  327. } while (err == WC_PENDING_E);
  328. if (ret <= 0) {
  329. if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
  330. printf("SSL_read echo error %d, %s!\n", err,
  331. CyaSSL_ERR_error_string(err, buffer));
  332. }
  333. break;
  334. }
  335. echoSz = ret;
  336. if (firstRead == 1) {
  337. firstRead = 0; /* browser may send 1 byte 'G' to start */
  338. if (echoSz == 1 && command[0] == 'G') {
  339. gotFirstG = 1;
  340. continue;
  341. }
  342. }
  343. else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
  344. strncpy(command, "GET", 4);
  345. /* fall through to normal GET */
  346. }
  347. if ( strncmp(command, "quit", 4) == 0) {
  348. printf("client sent quit command: shutting down!\n");
  349. shutDown = 1;
  350. break;
  351. }
  352. if ( strncmp(command, "break", 5) == 0) {
  353. printf("client sent break command: closing session!\n");
  354. break;
  355. }
  356. #ifdef PRINT_SESSION_STATS
  357. if ( strncmp(command, "printstats", 10) == 0) {
  358. CyaSSL_PrintSessionStats();
  359. break;
  360. }
  361. #endif
  362. if (strncmp(command, "GET", 3) == 0) {
  363. const char resp[] =
  364. "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"
  365. "<html><body BGCOLOR=\"#ffffff\"><pre>\r\n"
  366. "greetings from wolfSSL\r\n</pre></body></html>\r\n\r\n";
  367. echoSz = (int)strlen(resp) + 1;
  368. if (echoSz > (int)sizeof(command)) {
  369. /* Internal error. */
  370. err_sys("HTTP response greater than buffer.");
  371. }
  372. strncpy(command, resp, sizeof(command));
  373. do {
  374. err = 0; /* reset error */
  375. ret = CyaSSL_write(write_ssl, command, echoSz);
  376. if (ret <= 0) {
  377. err = CyaSSL_get_error(write_ssl, 0);
  378. #ifdef WOLFSSL_ASYNC_CRYPT
  379. if (err == WC_PENDING_E) {
  380. ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
  381. if (ret < 0) break;
  382. }
  383. #endif
  384. }
  385. } while (err == WC_PENDING_E);
  386. if (ret != echoSz) {
  387. printf("SSL_write get error = %d, %s\n", err,
  388. CyaSSL_ERR_error_string(err, buffer));
  389. err_sys("SSL_write get failed");
  390. }
  391. break;
  392. }
  393. command[echoSz] = 0;
  394. #ifdef ECHO_OUT
  395. fputs(command, fout);
  396. #endif
  397. do {
  398. err = 0; /* reset error */
  399. ret = CyaSSL_write(write_ssl, command, echoSz);
  400. if (ret <= 0) {
  401. err = CyaSSL_get_error(write_ssl, 0);
  402. #ifdef WOLFSSL_ASYNC_CRYPT
  403. if (err == WC_PENDING_E) {
  404. ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
  405. if (ret < 0) break;
  406. }
  407. #endif
  408. }
  409. } while (err == WC_PENDING_E);
  410. if (ret != echoSz) {
  411. printf("SSL_write echo error = %d, %s\n", err,
  412. CyaSSL_ERR_error_string(err, buffer));
  413. err_sys("SSL_write echo failed");
  414. }
  415. }
  416. #ifndef CYASSL_DTLS
  417. CyaSSL_shutdown(ssl);
  418. #endif
  419. #ifdef HAVE_WRITE_DUP
  420. CyaSSL_free(write_ssl);
  421. #endif
  422. CyaSSL_free(ssl);
  423. CloseSocket(clientfd);
  424. #ifdef CYASSL_DTLS
  425. tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
  426. SignalReady(args, port);
  427. #endif
  428. }
  429. CloseSocket(sockfd);
  430. CyaSSL_CTX_free(ctx);
  431. #ifdef ECHO_OUT
  432. if (outCreated)
  433. fclose(fout);
  434. #endif
  435. ((func_args*)args)->return_code = 0;
  436. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  437. && defined(HAVE_THREAD_LS)
  438. ecc_fp_free(); /* free per thread cache */
  439. #endif
  440. #ifdef CYASSL_TIRTOS
  441. fdCloseSession(Task_self());
  442. #endif
  443. #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
  444. defined(HAVE_POLY1305)
  445. TicketCleanup();
  446. #endif
  447. #ifdef WOLFSSL_ASYNC_CRYPT
  448. wolfAsync_DevClose(&devId);
  449. #endif
  450. #ifndef CYASSL_TIRTOS
  451. return 0;
  452. #endif
  453. }
  454. #endif /* !NO_WOLFSSL_SERVER */
  455. /* so overall tests can pull in test function */
  456. #ifndef NO_MAIN_DRIVER
  457. int main(int argc, char** argv)
  458. {
  459. func_args args;
  460. #ifdef HAVE_WNR
  461. if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
  462. err_sys("Whitewood netRandom global config failed");
  463. #endif
  464. StartTCP();
  465. args.argc = argc;
  466. args.argv = argv;
  467. args.return_code = 0;
  468. CyaSSL_Init();
  469. #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
  470. CyaSSL_Debugging_ON();
  471. #endif
  472. ChangeToWolfRoot();
  473. #ifndef NO_WOLFSSL_SERVER
  474. echoserver_test(&args);
  475. #endif
  476. CyaSSL_Cleanup();
  477. #ifdef HAVE_WNR
  478. if (wc_FreeNetRandom() < 0)
  479. err_sys("Failed to free netRandom context");
  480. #endif /* HAVE_WNR */
  481. return args.return_code;
  482. }
  483. #endif /* NO_MAIN_DRIVER */