1 /* wolf_server.c
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21 #include <stdio.h>
22 #include <string.h>
23 #include "r_t4_itcpip.h"
24
25 #include "wolfssl/wolfcrypt/settings.h"
26 #include "wolfssl/ssl.h"
27 #include "wolfssl/certs_test.h"
28 #include "wolfssl_demo.h"
29
30 static WOLFSSL_CTX *server_ctx;
31 static byte doCliCertCheck;
32
my_IORecv(WOLFSSL * ssl,char * buff,int sz,void * ctx)33 static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
34 {
35 int ret;
36 ID cepid;
37
38 if(ctx != NULL)
39 cepid = *(ID *)ctx;
40 else
41 return WOLFSSL_CBIO_ERR_GENERAL;
42
43 ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
44 if(ret == sz)
45 return ret;
46 else
47 return WOLFSSL_CBIO_ERR_GENERAL;
48 }
49
my_IOSend(WOLFSSL * ssl,char * buff,int sz,void * ctx)50 static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
51 {
52 int ret;
53 ID cepid;
54
55 if(ctx != NULL)
56 cepid = *(ID *)ctx;
57 else
58 return WOLFSSL_CBIO_ERR_GENERAL;
59
60 ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
61 if(ret == sz)
62 return ret;
63 else
64 return WOLFSSL_CBIO_ERR_GENERAL;
65 }
66
67
wolfSSL_TLS_server_init(byte doClientCheck)68 void wolfSSL_TLS_server_init(byte doClientCheck)
69 {
70
71 int ret;
72
73
74 #ifndef NO_FILESYSTEM
75 #ifdef USE_ECC_CERT
76 char *cert = "./certs/server-ecc-cert.pem";
77 char *key = "./certs/server-ecc-key.pem";
78 #else
79 char *cert = "./certs/server-cert.pem";
80 char *key = "./certs/server-key.pem";
81 #endif
82 char *clientCert = "./certs/client-cert.pem";
83 #else
84 #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
85 const unsigned char *cert = serv_ecc_der_256;
86 #define sizeof_cert sizeof_serv_ecc_der_256
87 const unsigned char *key = NULL;
88 #define sizeof_key NULL
89 const unsigned char *clientCert = NULL;
90 #define sizeof_clicert NULL
91 #else
92 const unsigned char *cert = server_cert_der_2048;
93 #define sizeof_cert sizeof_server_cert_der_2048
94 const unsigned char *key = server_key_der_2048;
95 #define sizeof_key sizeof_server_key_der_2048
96 const unsigned char *clientCert = client_cert_der_2048;
97 #define sizeof_clicert sizeof_client_cert_der_2048
98 #endif
99 #endif
100
101
102 wolfSSL_Init();
103 #ifdef DEBUG_WOLFSSL
104 wolfSSL_Debugging_ON();
105 #endif
106
107 /* Create and initialize WOLFSSL_CTX */
108 if ((server_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL)))
109 == NULL) {
110 printf("ERROR: failed to create WOLFSSL_CTX\n");
111 return;
112 }
113
114 #if !defined(NO_FILESYSTEM)
115 ret = wolfSSL_CTX_use_certificate_file(server_ctx, cert, 0);
116 #else
117 ret = wolfSSL_CTX_use_certificate_buffer(server_ctx, cert,
118 sizeof_cert, SSL_FILETYPE_ASN1);
119 #endif
120 if (ret != SSL_SUCCESS) {
121 printf("Error %d loading server-cert!\n", ret);
122 return;
123 }
124
125 /* Load server key into WOLFSSL_CTX */
126 #if !defined(NO_FILESYSTEM)
127 ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
128 #else
129 ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
130 SSL_FILETYPE_ASN1);
131 #endif
132 if (ret != SSL_SUCCESS) {
133 printf("Error %d loading server-key!\n", ret);
134 return;
135 }
136 #if defined(WOLFSSL_RENESAS_TSIP)
137 doCliCertCheck = 1;
138 #endif
139 if (doCliCertCheck) {
140 wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
141 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
142 #if !defined(NO_FILESYSTEM)
143 if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
144 != WOLFSSL_SUCCESS)
145 #else
146 if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
147 sizeof_clicert,
148 SSL_FILETYPE_ASN1) != SSL_SUCCESS)
149 #endif
150 printf("can't load ca file, Please run from wolfSSL home dir\n");
151 }
152
153 /* Register callbacks */
154 wolfSSL_SetIORecv(server_ctx, my_IORecv);
155 wolfSSL_SetIOSend(server_ctx, my_IOSend);
156
157 }
158
wolfSSL_TLS_server()159 void wolfSSL_TLS_server( )
160 {
161 ID cepid = 1;
162 ID repid = 1;
163 ER ercd;
164 WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)server_ctx;
165
166 WOLFSSL *ssl;
167 int len;
168 #define BUFF_SIZE 256
169 char buff[BUFF_SIZE];
170 T_IPV4EP dst_addr = {0, 0};
171
172 if((ercd = tcp_acp_cep(cepid, repid, &dst_addr, TMO_FEVR)) != E_OK) {
173 printf("ERROR TCP Accept: %d\n", ercd);
174 return;
175 }
176
177 if((ssl = wolfSSL_new(ctx)) == NULL) {
178 printf("ERROR: failed wolfSSL_new\n");
179 return;
180 }
181
182 wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
183 wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
184
185 if (wolfSSL_accept(ssl) < 0) {
186 printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0));
187 return;
188 }
189
190 if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) {
191 printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0));
192 return;
193 }
194
195 buff[len] = '\0';
196 printf("Received: %s\n", buff);
197
198 if (wolfSSL_write(ssl, buff, len) != len) {
199 printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0));
200 return;
201 }
202
203 wolfSSL_free(ssl);
204 wolfSSL_CTX_free(ctx);
205 wolfSSL_Cleanup();
206 tcp_sht_cep(cepid);
207 }
208