1 /* server_wolfssl.c
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22 #include <Source/net_sock.h>
23 #include <Source/net_app.h>
24 #include <Source/net_util.h>
25 #include <Source/net_ascii.h>
26 #include <app_cfg.h>
27
28 #include "wolfssl/ssl.h"
29 #include "server_wolfssl.h"
30
31 #define TLS_SERVER_PORT 11111
32 #define TX_BUF_SIZE 64
33 #define RX_BUF_SIZE 1024
34 #define TCP_SERVER_CONN_Q_SIZE 1
35
36 /* derived from wolfSSL/certs/server-ecc.der */
37
38 static const CPU_INT08U server_ecc_der_256[] = { 0x30, 0x82, 0x03, 0x10,
39 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
40 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08,
41 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31,
42 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
43 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
44 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30,
45 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
46 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
47 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
48 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31,
49 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
50 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
51 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
52 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
53 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
54 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37,
55 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32,
56 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
57 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
58 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
59 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
60 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
61 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
62 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06,
63 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
64 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
65 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
66 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
67 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
68 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
69 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
70 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB,
71 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
72 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB,
73 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3,
74 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18,
75 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80,
76 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06,
77 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
78 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
79 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23,
80 0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
81 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
82 0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, 0x30, 0x81,
83 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
84 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
85 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
86 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65,
87 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
88 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
89 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
90 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
91 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
92 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
93 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
94 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
95 0x82, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30,
96 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
97 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
98 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF1, 0xD0, 0xA6,
99 0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D,
100 0x6B, 0x33, 0xE9, 0xF2, 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87,
101 0x31, 0xB3, 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE,
102 0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, 0xB0, 0xC9,
103 0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, 0xF6, 0x7D, 0x04, 0xC7,
104 0xBD, 0x62, 0xC9, 0x20 };
105
106 /* derived from wolfSSL/certs/ecc-key.der */
107
108 static const CPU_INT08U ecc_key_der_256[] = { 0x30, 0x77, 0x02, 0x01, 0x01,
109 0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38,
110 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04,
111 0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A,
112 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44,
113 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6,
114 0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE,
115 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61,
116 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92,
117 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8,
118 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8 };
119
120
wolfssl_server_test(void)121 int wolfssl_server_test(void)
122 {
123 NET_ERR err;
124 NET_SOCK_ID sock_listen;
125 NET_SOCK_ID sock_req;
126 NET_SOCK_ADDR_IPv4 server_addr;
127 NET_SOCK_ADDR_LEN server_addr_len;
128 NET_SOCK_ADDR_IPv4 client_sock_addr_ip;
129 NET_SOCK_ADDR_LEN client_sock_addr_ip_size;
130 CPU_CHAR rx_buf[RX_BUF_SIZE];
131 CPU_CHAR tx_buf[TX_BUF_SIZE];
132 CPU_BOOLEAN attempt_conn;
133 OS_ERR os_err;
134 WOLFSSL * ssl;
135 WOLFSSL_CTX * ctx;
136 int tx_buf_sz = 0, ret = 0, error = 0;
137
138 #ifdef DEBUG_WOLFSSL
139 wolfSSL_Debugging_ON();
140 #endif
141
142 /* wolfSSL INIT and CTX SETUP */
143
144 wolfSSL_Init();
145
146 /* SET UP NETWORK SOCKET */
147
148 APP_TRACE_INFO(("Opening network socket...\r\n"));
149 sock_listen = NetSock_Open(NET_SOCK_ADDR_FAMILY_IP_V4,
150 NET_SOCK_TYPE_STREAM,
151 NET_SOCK_PROTOCOL_TCP,
152 &err);
153 if (err != NET_SOCK_ERR_NONE) {
154 APP_TRACE_INFO(("ERROR: NetSock_Open, err = %d\r\n", (int) err));
155 return -1;
156 }
157
158 APP_TRACE_INFO(("Clearing memory for server_addr struct\r\n"));
159 server_addr_len = sizeof(server_addr);
160 Mem_Clr((void *) &server_addr, (CPU_SIZE_T) server_addr_len);
161
162 APP_TRACE_INFO(("Setting up server_addr struct\r\n"));
163 server_addr.AddrFamily = NET_SOCK_ADDR_FAMILY_IP_V4;
164 server_addr.Addr = NET_UTIL_HOST_TO_NET_32(NET_SOCK_ADDR_IP_V4_WILDCARD);
165 server_addr.Port = NET_UTIL_HOST_TO_NET_16(TLS_SERVER_PORT);
166
167 NetSock_Bind((NET_SOCK_ID) sock_listen,
168 (NET_SOCK_ADDR*) &server_addr,
169 (NET_SOCK_ADDR_LEN) NET_SOCK_ADDR_SIZE,
170 (NET_ERR*) &err);
171 if (err != NET_SOCK_ERR_NONE) {
172 APP_TRACE_INFO(("ERROR: NetSock_Bind, err = %d\r\n", (int) err));
173 NetSock_Close(sock_listen, &err);
174 return -1;
175 }
176
177 ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
178 if (ctx == 0) {
179 APP_TRACE_INFO(("ERROR: wolfSSL_CTX_new failed\r\n"));
180 NetSock_Close(sock_listen, &err);
181 return -1;
182 }
183 APP_TRACE_INFO(("wolfSSL_CTX_new done\r\n"));
184
185 ret = wolfSSL_CTX_use_certificate_buffer(ctx,
186 server_ecc_der_256,
187 sizeof(server_ecc_der_256),
188 SSL_FILETYPE_ASN1);
189 if (ret != SSL_SUCCESS) {
190 APP_TRACE_INFO(
191 ("ERROR: wolfSSL_CTX_use_certificate_buffer() failed\r\n"));
192 NetSock_Close(sock_listen, &err);
193 wolfSSL_CTX_free(ctx);
194 return -1;
195 }
196 ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
197 ecc_key_der_256,
198 sizeof(ecc_key_der_256),
199 SSL_FILETYPE_ASN1);
200 if (ret != SSL_SUCCESS) {
201 APP_TRACE_INFO(
202 ("ERROR: wolfSSL_CTX_use_PrivateKey_buffer() failed\r\n"));
203 NetSock_Close(sock_listen, &err);
204 wolfSSL_CTX_free(ctx);
205 return -1;
206 }
207 /* accept client socket connections */
208
209 APP_TRACE_INFO(("Listening for client connection\r\n"));
210
211 NetSock_Listen(sock_listen, TCP_SERVER_CONN_Q_SIZE, &err);
212 if (err != NET_SOCK_ERR_NONE) {
213 APP_TRACE_INFO(("ERROR: NetSock_Listen, err = %d\r\n", (int) err));
214 NetSock_Close(sock_listen, &err);
215 wolfSSL_CTX_free(ctx);
216 return -1;
217 }
218 do {
219 client_sock_addr_ip_size = sizeof(client_sock_addr_ip);
220 sock_req = NetSock_Accept((NET_SOCK_ID) sock_listen,
221 (NET_SOCK_ADDR*) &client_sock_addr_ip,
222 (NET_SOCK_ADDR_LEN*) &client_sock_addr_ip_size,
223 (NET_ERR*) &err);
224 switch (err) {
225 case NET_SOCK_ERR_NONE:
226 attempt_conn = DEF_NO;
227 break;
228 case NET_ERR_INIT_INCOMPLETE:
229 case NET_SOCK_ERR_NULL_PTR:
230 case NET_SOCK_ERR_NONE_AVAIL:
231 case NET_SOCK_ERR_CONN_ACCEPT_Q_NONE_AVAIL:
232 attempt_conn = DEF_YES;
233 break;
234 case NET_SOCK_ERR_CONN_SIGNAL_TIMEOUT:
235 APP_TRACE_INFO(
236 ("NetSockAccept err = NET_SOCK_ERR_CONN_SIGNAL_TIMEOUT\r\n"));
237 attempt_conn = DEF_YES;
238 break;
239 default:
240 attempt_conn = DEF_NO;
241 break;
242 }
243 } while (attempt_conn == DEF_YES);
244 if (err != NET_SOCK_ERR_NONE) {
245 APP_TRACE_INFO(("ERROR: NetSock_Accept, err = %d\r\n", (int) err));
246 NetSock_Close(sock_listen, &err);
247 return -1;
248 }
249
250 APP_TRACE_INFO(("Got client connection! Starting TLS negotiation\r\n"));
251 /* set up wolfSSL session */
252 if ((ssl = wolfSSL_new(ctx)) == NULL) {
253 APP_TRACE_INFO(("ERROR: wolfSSL_new() failed\r\n"));
254 NetSock_Close(sock_req, &err);
255 NetSock_Close(sock_listen, &err);
256 wolfSSL_CTX_free(ctx);
257 return -1;
258 }
259
260 APP_TRACE_INFO(("wolfSSL_new done\r\n"));
261 ret = wolfSSL_set_fd(ssl, sock_req);
262 if (ret != SSL_SUCCESS) {
263 APP_TRACE_INFO(("ERROR: wolfSSL_set_fd() failed\r\n"));
264 NetSock_Close(sock_req, &err);
265 NetSock_Close(sock_listen, &err);
266 wolfSSL_free(ssl);
267 wolfSSL_CTX_free(ctx);
268 return -1;
269 }
270
271 APP_TRACE_INFO(("wolfSSL_set_fd done\r\n"));
272 do {
273 error = 0; /* reset error */
274 if (ret != SSL_SUCCESS) {
275 error = wolfSSL_get_error(ssl, 0);
276 APP_TRACE_INFO(
277 ("ERROR: wolfSSL_accept() failed, err = %d\r\n", error));
278 if (error != SSL_ERROR_WANT_READ) {
279 NetSock_Close(sock_req, &err);
280 NetSock_Close(sock_listen, &err);
281 wolfSSL_free(ssl);
282 wolfSSL_CTX_free(ctx);
283 return -1;
284 }
285 OSTimeDlyHMSM(0u, 0u, 0u, 500u, OS_OPT_TIME_HMSM_STRICT, &os_err);
286 }
287 } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
288
289 APP_TRACE_INFO(("wolfSSL_accept() ok...\r\n"));
290
291 /* read client data */
292
293 error = 0;
294 Mem_Set(rx_buf, 0, RX_BUF_SIZE);
295 ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
296 if (ret < 0) {
297 error = wolfSSL_get_error(ssl, 0);
298 if (error != SSL_ERROR_WANT_READ) {
299 APP_TRACE_INFO(("wolfSSL_read failed, error = %d\r\n", error));
300 NetSock_Close(sock_req, &err);
301 NetSock_Close(sock_listen, &err);
302 wolfSSL_free(ssl);
303 wolfSSL_CTX_free(ctx);
304 return -1;
305 }
306 }
307
308 APP_TRACE_INFO(("AFTER wolfSSL_read() call, ret = %d\r\n", ret));
309 if (ret > 0) {
310 rx_buf[ret] = 0;
311 APP_TRACE_INFO(("Client sent: %s\r\n", rx_buf));
312 }
313 /* write response to client */
314 Mem_Set(tx_buf, 0, TX_BUF_SIZE);
315 tx_buf_sz = 22;
316 Str_Copy_N(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz);
317 if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) {
318 error = wolfSSL_get_error(ssl, 0);
319 APP_TRACE_INFO(("ERROR: wolfSSL_write() failed, err = %d\r\n", error));
320 NetSock_Close(sock_req, &err);
321 NetSock_Close(sock_listen, &err);
322 wolfSSL_free(ssl);
323 wolfSSL_CTX_free(ctx);
324 return -1;
325 }
326 ret = wolfSSL_shutdown(ssl);
327 if (ret == SSL_SHUTDOWN_NOT_DONE)
328 wolfSSL_shutdown(ssl);
329 wolfSSL_free(ssl);
330 wolfSSL_CTX_free(ctx);
331 wolfSSL_Cleanup();
332 NetSock_Close(sock_req, &err);
333 NetSock_Close(sock_listen, &err);
334 return 0;
335 }
336