1
0

echoserver.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570
  1. /* echoserver.c
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/ssl.h> /* name change portability layer */
  25. #include <wolfssl/wolfcrypt/settings.h>
  26. #ifdef HAVE_ECC
  27. #include <wolfssl/wolfcrypt/ecc.h> /* ecc_fp_free */
  28. #endif
  29. #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  30. #include <stdio.h>
  31. #include <string.h>
  32. #include "cmsis_os.h"
  33. #include "rl_fs.h"
  34. #include "rl_net.h"
  35. #include "wolfssl_MDK_ARM.h"
  36. #endif
  37. #include <wolfssl/ssl.h>
  38. #include <wolfssl/test.h>
  39. #ifndef NO_MAIN_DRIVER
  40. #define ECHO_OUT
  41. #endif
  42. #include "examples/echoserver/echoserver.h"
  43. #ifndef NO_WOLFSSL_SERVER
  44. #ifdef NO_FILESYSTEM
  45. #ifdef NO_RSA
  46. #error currently the example only tries to load in a RSA buffer
  47. #endif
  48. #undef USE_CERT_BUFFERS_2048
  49. #define USE_CERT_BUFFERS_2048
  50. #include <wolfssl/certs_test.h>
  51. #endif
  52. #ifdef WOLFSSL_ASYNC_CRYPT
  53. static int devId = INVALID_DEVID;
  54. #endif
  55. #define SVR_COMMAND_SIZE 256
  56. static void SignalReady(void* args, word16 port)
  57. {
  58. #if defined(NO_MAIN_DRIVER) && defined(WOLFSSL_COND)
  59. /* signal ready to tcp_accept */
  60. func_args* server_args = (func_args*)args;
  61. tcp_ready* ready = server_args->signal;
  62. THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
  63. ready->ready = 1;
  64. ready->port = port;
  65. THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
  66. THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
  67. #endif /* NO_MAIN_DRIVER && WOLFSSL_COND */
  68. (void)args;
  69. (void)port;
  70. }
  71. THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
  72. {
  73. SOCKET_T sockfd = 0;
  74. WOLFSSL_METHOD* method = 0;
  75. WOLFSSL_CTX* ctx = 0;
  76. int ret = 0;
  77. int doDTLS = 0;
  78. int doPSK;
  79. int outCreated = 0;
  80. int shutDown = 0;
  81. int useAnyAddr = 0;
  82. word16 port;
  83. int argc = ((func_args*)args)->argc;
  84. char** argv = ((func_args*)args)->argv;
  85. char buffer[WOLFSSL_MAX_ERROR_SZ];
  86. #ifdef HAVE_TEST_SESSION_TICKET
  87. MyTicketCtx myTicketCtx;
  88. #endif
  89. #ifdef ECHO_OUT
  90. FILE* fout = stdout;
  91. if (argc >= 2) {
  92. fout = fopen(argv[1], "w");
  93. outCreated = 1;
  94. }
  95. if (!fout) err_sys("can't open output file");
  96. #endif
  97. (void)outCreated;
  98. (void)argc;
  99. (void)argv;
  100. ((func_args*)args)->return_code = -1; /* error state */
  101. #ifdef WOLFSSL_DTLS
  102. doDTLS = 1;
  103. #endif
  104. #if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
  105. !defined(HAVE_ED448)) || defined(WOLFSSL_LEANPSK)
  106. doPSK = 1;
  107. #else
  108. doPSK = 0;
  109. #endif
  110. #if defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  111. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) && \
  112. !defined(USE_WINDOWS_API)
  113. /* Let tcp_listen assign port */
  114. port = 0;
  115. #else
  116. /* Use default port */
  117. port = wolfSSLPort;
  118. #endif
  119. #if defined(USE_ANY_ADDR)
  120. useAnyAddr = 1;
  121. #endif
  122. #ifdef WOLFSSL_TIRTOS
  123. fdOpenSession(Task_self());
  124. #endif
  125. tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
  126. #if defined(WOLFSSL_DTLS)
  127. #ifdef WOLFSSL_DTLS13
  128. method = wolfDTLSv1_3_server_method();
  129. #elif !defined(WOLFSSL_NO_TLS12)
  130. method = wolfDTLSv1_2_server_method();
  131. #endif
  132. #elif !defined(NO_TLS)
  133. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)
  134. method = wolfTLSv1_2_server_method();
  135. #else
  136. method = wolfSSLv23_server_method();
  137. #endif
  138. #elif defined(WOLFSSL_ALLOW_SSLV3)
  139. method = wolfSSLv3_server_method();
  140. #else
  141. #error "no valid server method built in"
  142. #endif
  143. ctx = wolfSSL_CTX_new(method);
  144. /* wolfSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_OFF); */
  145. #ifdef WOLFSSL_ENCRYPTED_KEYS
  146. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  147. #endif
  148. #ifdef HAVE_TEST_SESSION_TICKET
  149. if (TicketInit() != 0)
  150. err_sys("unable to setup Session Ticket Key context");
  151. wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
  152. XMEMSET(&myTicketCtx, 0, sizeof(myTicketCtx));
  153. wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx);
  154. #endif
  155. #ifndef NO_FILESYSTEM
  156. if (doPSK == 0) {
  157. #if defined(HAVE_ECC) && !defined(WOLFSSL_SNIFFER)
  158. /* ecc */
  159. if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
  160. != WOLFSSL_SUCCESS)
  161. err_sys("can't load server cert file, "
  162. "Please run from wolfSSL home dir");
  163. if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
  164. != WOLFSSL_SUCCESS)
  165. err_sys("can't load server key file, "
  166. "Please run from wolfSSL home dir");
  167. #elif defined(HAVE_ED25519) && !defined(WOLFSSL_SNIFFER)
  168. /* ed25519 */
  169. if (wolfSSL_CTX_use_certificate_chain_file(ctx, edCertFile)
  170. != WOLFSSL_SUCCESS)
  171. err_sys("can't load server cert file, "
  172. "Please run from wolfSSL home dir");
  173. if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
  174. != WOLFSSL_SUCCESS)
  175. err_sys("can't load server key file, "
  176. "Please run from wolfSSL home dir");
  177. #elif defined(HAVE_ED448) && !defined(WOLFSSL_SNIFFER)
  178. /* ed448 */
  179. if (wolfSSL_CTX_use_certificate_chain_file(ctx, ed448CertFile)
  180. != WOLFSSL_SUCCESS)
  181. err_sys("can't load server cert file, "
  182. "Please run from wolfSSL home dir");
  183. if (wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  184. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  185. err_sys("can't load server key file, "
  186. "Please run from wolfSSL home dir");
  187. #elif defined(NO_CERTS)
  188. /* do nothing, just don't load cert files */
  189. #else
  190. /* normal */
  191. if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
  192. != WOLFSSL_SUCCESS)
  193. err_sys("can't load server cert file, "
  194. "Please run from wolfSSL home dir");
  195. if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
  196. != WOLFSSL_SUCCESS)
  197. err_sys("can't load server key file, "
  198. "Please run from wolfSSL home dir");
  199. #endif
  200. } /* doPSK */
  201. #elif !defined(NO_CERTS)
  202. if (!doPSK) {
  203. if (wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  204. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)
  205. != WOLFSSL_SUCCESS)
  206. err_sys("can't load server cert buffer");
  207. if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
  208. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)
  209. != WOLFSSL_SUCCESS)
  210. err_sys("can't load server key buffer");
  211. }
  212. #endif
  213. #if defined(WOLFSSL_SNIFFER)
  214. /* Only set if not running testsuite */
  215. if (XSTRSTR(argv[0], "testsuite") == NULL) {
  216. /* don't use EDH, can't sniff tmp keys */
  217. wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
  218. }
  219. #endif
  220. if (doPSK) {
  221. #ifndef NO_PSK
  222. const char *defaultCipherList;
  223. wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
  224. wolfSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
  225. #ifdef HAVE_NULL_CIPHER
  226. defaultCipherList = "PSK-NULL-SHA256";
  227. #elif defined(HAVE_AESGCM) && !defined(NO_DH)
  228. #ifdef WOLFSSL_TLS13
  229. defaultCipherList = "TLS13-AES128-GCM-SHA256"
  230. #ifndef WOLFSSL_NO_TLS12
  231. ":DHE-PSK-AES128-GCM-SHA256"
  232. #endif
  233. ;
  234. #else
  235. defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
  236. #endif
  237. #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
  238. defaultCipherList = "TLS13-AES128-GCM-SHA256"
  239. #ifndef WOLFSSL_NO_TLS12
  240. ":PSK-AES128-GCM-SHA256"
  241. #endif
  242. ;
  243. #else
  244. defaultCipherList = "PSK-AES128-CBC-SHA256";
  245. #endif
  246. if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS)
  247. err_sys("server can't set cipher list 2");
  248. wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
  249. #endif
  250. }
  251. #ifdef WOLFSSL_ASYNC_CRYPT
  252. ret = wolfAsync_DevOpen(&devId);
  253. if (ret < 0) {
  254. fprintf(stderr, "Async device open failed\nRunning without async\n");
  255. }
  256. wolfSSL_CTX_SetDevId(ctx, devId);
  257. #endif /* WOLFSSL_ASYNC_CRYPT */
  258. SignalReady(args, port);
  259. while (!shutDown) {
  260. WOLFSSL* ssl = NULL;
  261. WOLFSSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */
  262. char command[SVR_COMMAND_SIZE+1];
  263. int clientfd;
  264. int firstRead = 1;
  265. int gotFirstG = 0;
  266. int err = 0;
  267. SOCKADDR_IN_T client;
  268. socklen_t client_len = sizeof(client);
  269. #ifndef WOLFSSL_DTLS
  270. clientfd = accept(sockfd, (struct sockaddr*)&client,
  271. (ACCEPT_THIRD_T)&client_len);
  272. #else
  273. clientfd = sockfd;
  274. {
  275. /* For DTLS, peek at the next datagram so we can get the client's
  276. * address and set it into the ssl object later to generate the
  277. * cookie. */
  278. int n;
  279. byte b[1500];
  280. n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
  281. (struct sockaddr*)&client, &client_len);
  282. if (n <= 0)
  283. err_sys("recvfrom failed");
  284. }
  285. #endif
  286. if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed");
  287. ssl = wolfSSL_new(ctx);
  288. if (ssl == NULL) err_sys("SSL_new failed");
  289. wolfSSL_set_fd(ssl, clientfd);
  290. #ifdef WOLFSSL_DTLS
  291. wolfSSL_dtls_set_peer(ssl, &client, client_len);
  292. #endif
  293. #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
  294. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  295. #elif !defined(NO_DH)
  296. SetDH(ssl); /* will repick suites with DHE, higher than PSK */
  297. #endif
  298. do {
  299. err = 0; /* Reset error */
  300. ret = wolfSSL_accept(ssl);
  301. if (ret != WOLFSSL_SUCCESS) {
  302. err = wolfSSL_get_error(ssl, 0);
  303. #ifdef WOLFSSL_ASYNC_CRYPT
  304. if (err == WC_PENDING_E) {
  305. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  306. if (ret < 0) break;
  307. }
  308. #endif
  309. }
  310. } while (err == WC_PENDING_E);
  311. if (ret != WOLFSSL_SUCCESS) {
  312. fprintf(stderr, "SSL_accept error = %d, %s\n", err,
  313. wolfSSL_ERR_error_string(err, buffer));
  314. fprintf(stderr, "SSL_accept failed\n");
  315. wolfSSL_free(ssl);
  316. CloseSocket(clientfd);
  317. continue;
  318. }
  319. #if defined(PEER_INFO)
  320. showPeer(ssl);
  321. #endif
  322. #ifdef HAVE_WRITE_DUP
  323. write_ssl = wolfSSL_write_dup(ssl);
  324. if (write_ssl == NULL) {
  325. fprintf(stderr, "wolfSSL_write_dup failed\n");
  326. wolfSSL_free(ssl);
  327. CloseSocket(clientfd);
  328. continue;
  329. }
  330. #else
  331. write_ssl = ssl;
  332. #endif
  333. while (1) {
  334. int echoSz;
  335. do {
  336. err = 0; /* reset error */
  337. ret = wolfSSL_read(ssl, command, sizeof(command)-1);
  338. if (ret <= 0) {
  339. err = wolfSSL_get_error(ssl, 0);
  340. #ifdef WOLFSSL_ASYNC_CRYPT
  341. if (err == WC_PENDING_E) {
  342. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  343. if (ret < 0) break;
  344. }
  345. #endif
  346. }
  347. } while (err == WC_PENDING_E);
  348. if (ret <= 0) {
  349. if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
  350. fprintf(stderr, "SSL_read echo error %d, %s!\n", err,
  351. wolfSSL_ERR_error_string(err, buffer));
  352. }
  353. break;
  354. }
  355. echoSz = ret;
  356. if (firstRead == 1) {
  357. firstRead = 0; /* browser may send 1 byte 'G' to start */
  358. if (echoSz == 1 && command[0] == 'G') {
  359. gotFirstG = 1;
  360. continue;
  361. }
  362. }
  363. else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
  364. strncpy(command, "GET", 4);
  365. /* fall through to normal GET */
  366. }
  367. if ( strncmp(command, "quit", 4) == 0) {
  368. printf("client sent quit command: shutting down!\n");
  369. shutDown = 1;
  370. break;
  371. }
  372. if ( strncmp(command, "break", 5) == 0) {
  373. printf("client sent break command: closing session!\n");
  374. break;
  375. }
  376. #ifdef PRINT_SESSION_STATS
  377. if ( strncmp(command, "printstats", 10) == 0) {
  378. wolfSSL_PrintSessionStats();
  379. break;
  380. }
  381. #endif
  382. if (strncmp(command, "GET", 3) == 0) {
  383. const char resp[] =
  384. "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"
  385. "<html><body BGCOLOR=\"#ffffff\"><pre>\r\n"
  386. "greetings from wolfSSL\r\n</pre></body></html>\r\n\r\n";
  387. echoSz = (int)strlen(resp) + 1;
  388. if (echoSz > (int)sizeof(command)) {
  389. /* Internal error. */
  390. err_sys("HTTP response greater than buffer.");
  391. }
  392. strncpy(command, resp, sizeof(command));
  393. do {
  394. err = 0; /* reset error */
  395. ret = wolfSSL_write(write_ssl, command, echoSz);
  396. if (ret <= 0) {
  397. err = wolfSSL_get_error(write_ssl, 0);
  398. #ifdef WOLFSSL_ASYNC_CRYPT
  399. if (err == WC_PENDING_E) {
  400. ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
  401. if (ret < 0) break;
  402. }
  403. #endif
  404. }
  405. } while (err == WC_PENDING_E);
  406. if (ret != echoSz) {
  407. fprintf(stderr, "SSL_write get error = %d, %s\n", err,
  408. wolfSSL_ERR_error_string(err, buffer));
  409. err_sys("SSL_write get failed");
  410. }
  411. break;
  412. }
  413. command[echoSz] = 0;
  414. #ifdef ECHO_OUT
  415. LIBCALL_CHECK_RET(fputs(command, fout));
  416. #endif
  417. do {
  418. err = 0; /* reset error */
  419. ret = wolfSSL_write(write_ssl, command, echoSz);
  420. if (ret <= 0) {
  421. err = wolfSSL_get_error(write_ssl, 0);
  422. #ifdef WOLFSSL_ASYNC_CRYPT
  423. if (err == WC_PENDING_E) {
  424. ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
  425. if (ret < 0) break;
  426. }
  427. #endif
  428. }
  429. } while (err == WC_PENDING_E);
  430. if (ret != echoSz) {
  431. fprintf(stderr, "SSL_write echo error = %d, %s\n", err,
  432. wolfSSL_ERR_error_string(err, buffer));
  433. err_sys("SSL_write echo failed");
  434. }
  435. }
  436. #ifndef WOLFSSL_DTLS
  437. wolfSSL_shutdown(ssl);
  438. #endif
  439. #ifdef HAVE_WRITE_DUP
  440. wolfSSL_free(write_ssl);
  441. #endif
  442. wolfSSL_free(ssl);
  443. CloseSocket(clientfd);
  444. #ifdef WOLFSSL_DTLS
  445. tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
  446. SignalReady(args, port);
  447. #endif
  448. }
  449. CloseSocket(sockfd);
  450. wolfSSL_CTX_free(ctx);
  451. #ifdef ECHO_OUT
  452. if (outCreated)
  453. fclose(fout);
  454. #endif
  455. ((func_args*)args)->return_code = 0;
  456. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  457. && defined(HAVE_THREAD_LS)
  458. wc_ecc_fp_free(); /* free per thread cache */
  459. #endif
  460. #ifdef WOLFSSL_TIRTOS
  461. fdCloseSession(Task_self());
  462. #endif
  463. #ifdef HAVE_TEST_SESSION_TICKET
  464. TicketCleanup();
  465. #endif
  466. #ifdef WOLFSSL_ASYNC_CRYPT
  467. wolfAsync_DevClose(&devId);
  468. #endif
  469. WOLFSSL_RETURN_FROM_THREAD(0);
  470. }
  471. #endif /* !NO_WOLFSSL_SERVER */
  472. /* so overall tests can pull in test function */
  473. #ifndef NO_MAIN_DRIVER
  474. int main(int argc, char** argv)
  475. {
  476. func_args args;
  477. #ifdef HAVE_WNR
  478. if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
  479. err_sys("Whitewood netRandom global config failed");
  480. #endif
  481. StartTCP();
  482. args.argc = argc;
  483. args.argv = argv;
  484. args.return_code = 0;
  485. wolfSSL_Init();
  486. #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL)
  487. wolfSSL_Debugging_ON();
  488. #endif
  489. ChangeToWolfRoot();
  490. #ifndef NO_WOLFSSL_SERVER
  491. echoserver_test(&args);
  492. #endif
  493. wolfSSL_Cleanup();
  494. #ifdef HAVE_WNR
  495. if (wc_FreeNetRandom() < 0)
  496. err_sys("Failed to free netRandom context");
  497. #endif /* HAVE_WNR */
  498. return args.return_code;
  499. }
  500. #endif /* NO_MAIN_DRIVER */