3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
25 #define CYASSL_MDK_ARM
26 #if defined(CYASSL_MDK_ARM)
30 #if defined(CYASSL_MDK5)
38 #include "cyassl_MDK_ARM.h"
41 #include <cyassl/ctaocrypt/settings.h>
43 #if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
44 /* in case memory tracker wants stats */
45 #define CYASSL_TRACK_MEMORY
48 #include <cyassl/ssl.h>
49 #include <cyassl/test.h>
50 #include "examples/client/client.h"
53 #ifdef CYASSL_CALLBACKS
54 int handShakeCB(HandShakeInfo*);
55 int timeoutCB(TimeoutInfo*);
60 static void NonBlockingSSL_Connect(CYASSL* ssl)
62 #ifndef CYASSL_CALLBACKS
63 int ret = CyaSSL_connect(ssl);
65 int ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
67 int error = CyaSSL_get_error(ssl, 0);
68 SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
71 while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
72 error == SSL_ERROR_WANT_WRITE)) {
75 if (error == SSL_ERROR_WANT_READ)
76 printf("... client would read block\n");
78 printf("... client would write block\n");
81 currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
83 select_ret = tcp_select(sockfd, currTimeout);
85 if ((select_ret == TEST_RECV_READY) ||
86 (select_ret == TEST_ERROR_READY)) {
87 #ifndef CYASSL_CALLBACKS
88 ret = CyaSSL_connect(ssl);
90 ret = CyaSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout);
92 error = CyaSSL_get_error(ssl, 0);
94 else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
95 error = SSL_ERROR_WANT_READ;
98 else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
99 CyaSSL_dtls_got_timeout(ssl) >= 0) {
100 error = SSL_ERROR_WANT_READ;
104 error = SSL_FATAL_ERROR;
107 if (ret != SSL_SUCCESS)
108 err_sys("SSL_connect failed");
112 static void Usage(void)
114 printf("client " LIBCYASSL_VERSION_STRING
115 " NOTE: All files relative to CyaSSL home dir\n");
116 printf("-? Help, print this usage\n");
117 printf("-h <host> Host to connect to, default %s\n", yasslIP);
118 printf("-p <num> Port to connect on, not 0, default %d\n", yasslPort);
119 printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
120 CLIENT_DEFAULT_VERSION);
121 printf("-l <str> Cipher list\n");
122 printf("-c <file> Certificate file, default %s\n", cliCert);
123 printf("-k <file> Key file, default %s\n", cliKey);
124 printf("-A <file> Certificate Authority file, default %s\n", caCert);
125 printf("-b <num> Benchmark <num> connections and print stats\n");
126 printf("-s Use pre Shared keys\n");
127 printf("-t Track CyaSSL memory use\n");
128 printf("-d Disable peer checks\n");
129 printf("-g Send server HTTP GET\n");
130 printf("-u Use UDP DTLS,"
131 " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
132 printf("-m Match domain name in cert\n");
133 printf("-N Use Non-blocking sockets\n");
134 printf("-r Resume session\n");
135 printf("-f Fewer packets/group messages\n");
136 printf("-x Disable client cert/key loading\n");
138 printf("-z Print structure sizes\n");
141 printf("-S <str> Use Host Name Indication\n");
143 #ifdef HAVE_MAX_FRAGMENT
144 printf("-L <num> Use Maximum Fragment Length [1-5]\n");
146 #ifdef HAVE_TRUNCATED_HMAC
147 printf("-T Use Truncated HMAC\n");
150 printf("-o Perform OCSP lookup on peer certificate\n");
151 printf("-O <url> Perform OCSP lookup using <url> as responder\n");
154 printf("-U Atomic User Record Layer Callbacks\n");
156 #ifdef HAVE_PK_CALLBACKS
157 printf("-P Public Key Callbacks\n");
162 #ifdef CYASSL_MDK_SHELL
163 #define exit(code) return(code)
167 THREAD_RETURN CYASSL_THREAD client_test(void* args)
171 CYASSL_METHOD* method = 0;
175 CYASSL* sslResume = 0;
176 CYASSL_SESSION* session = 0;
177 char resumeMsg[] = "resuming cyassl!";
178 int resumeSz = sizeof(resumeMsg);
180 char msg[32] = "hello cyassl!"; /* GET may make bigger */
183 int msgSz = (int)strlen(msg);
185 word16 port = yasslPort;
186 char* host = (char*)yasslIP;
187 char* domain = (char*)"www.yassl.com";
190 int version = CLIENT_INVALID_VERSION;
198 int resumeSession = 0;
200 int useClientCert = 1;
201 int fewerPackets = 0;
204 char* cipherList = NULL;
205 char* verifyCert = (char*)caCert;
206 char* ourCert = (char*)cliCert;
207 char* ourKey = (char*)cliKey;
210 char* sniHostName = NULL;
212 #ifdef HAVE_MAX_FRAGMENT
213 byte maxFragment = 0;
215 #ifdef HAVE_TRUNCATED_HMAC
216 byte truncatedHMAC = 0;
222 char* ocspUrl = NULL;
225 int argc = ((func_args*)args)->argc;
226 char** argv = ((func_args*)args)->argv;
228 ((func_args*)args)->return_code = -1; /* error state */
231 verifyCert = (char*)eccCert;
232 ourCert = (char*)cliEccCert;
233 ourKey = (char*)cliEccKey;
244 while ((ch = mygetopt(argc, argv,
245 "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
268 #ifdef USE_CYASSL_MEMORY
292 #ifdef HAVE_PK_CALLBACKS
303 port = (word16)atoi(myoptarg);
304 #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
306 err_sys("port number cannot be 0");
311 version = atoi(myoptarg);
312 if (version < 0 || version > 3) {
319 cipherList = myoptarg;
323 verifyCert = myoptarg;
335 benchmark = atoi(myoptarg);
336 if (benchmark < 0 || benchmark > 1000000) {
351 #ifndef CYASSL_LEANPSK
352 CyaSSL_GetObjectSize();
358 sniHostName = myoptarg;
363 #ifdef HAVE_MAX_FRAGMENT
364 maxFragment = atoi(myoptarg);
365 if (maxFragment < CYASSL_MFL_2_9 ||
366 maxFragment > CYASSL_MFL_2_13) {
374 #ifdef HAVE_TRUNCATED_HMAC
398 myoptind = 0; /* reset for test cases */
400 /* sort out DTLS versus TLS versions */
401 if (version == CLIENT_INVALID_VERSION) {
403 version = CLIENT_DTLS_DEFAULT_VERSION;
405 version = CLIENT_DEFAULT_VERSION;
416 #ifdef USE_CYASSL_MEMORY
424 method = CyaSSLv3_client_method();
430 method = CyaTLSv1_client_method();
434 method = CyaTLSv1_1_client_method();
438 #endif /* NO_OLD_TLS */
442 method = CyaTLSv1_2_client_method();
448 method = CyaDTLSv1_client_method();
452 method = CyaDTLSv1_2_client_method();
457 err_sys("Bad SSL version");
462 err_sys("unable to get method");
464 ctx = CyaSSL_CTX_new(method);
466 err_sys("unable to get ctx");
469 if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
470 err_sys("client can't set cipher list 1");
472 #ifdef CYASSL_LEANPSK
476 #if defined(NO_RSA) && !defined(HAVE_ECC)
481 CyaSSL_CTX_set_group_messages(ctx);
485 CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
486 if (cipherList == NULL) {
487 const char *defaultCipherList;
488 #ifdef HAVE_NULL_CIPHER
489 defaultCipherList = "PSK-NULL-SHA256";
491 defaultCipherList = "PSK-AES128-CBC-SHA256";
493 if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
494 err_sys("client can't set cipher list 2");
500 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
501 CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
504 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
505 if (cipherList == NULL) {
506 /* don't use EDH, can't sniff tmp keys */
507 if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
508 err_sys("client can't set cipher list 3");
515 if (ocspUrl != NULL) {
516 CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
517 CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
518 | CYASSL_OCSP_URL_OVERRIDE);
521 CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
526 CyaSSL_CTX_SetCACb(ctx, CaCb);
529 #ifdef VERIFY_CALLBACK
530 CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
532 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
534 if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
535 err_sys("can't load client cert file, check file and run from"
538 if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
540 err_sys("can't load client private key file, check file and run "
541 "from CyaSSL home dir");
545 if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
546 err_sys("can't load ca file, Please run from CyaSSL home dir");
549 #if !defined(NO_CERTS)
550 if (!usePsk && doPeerCheck == 0)
551 CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
555 CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
560 if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
562 err_sys("UseSNI failed");
564 #ifdef HAVE_MAX_FRAGMENT
566 if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
567 err_sys("UseMaxFragment failed");
569 #ifdef HAVE_TRUNCATED_HMAC
571 if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
572 err_sys("UseTruncatedHMAC failed");
576 /* time passed in number of connects give average */
577 int times = benchmark;
580 double start = current_time(), avg;
582 for (i = 0; i < times; i++) {
583 tcp_connect(&sockfd, host, port, doDTLS);
585 ssl = CyaSSL_new(ctx);
586 CyaSSL_set_fd(ssl, sockfd);
587 if (CyaSSL_connect(ssl) != SSL_SUCCESS)
588 err_sys("SSL_connect failed");
590 CyaSSL_shutdown(ssl);
594 avg = current_time() - start;
596 avg *= 1000; /* milliseconds */
597 printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
599 CyaSSL_CTX_free(ctx);
600 ((func_args*)args)->return_code = 0;
605 #if defined(CYASSL_MDK_ARM)
606 CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
609 ssl = CyaSSL_new(ctx);
611 err_sys("unable to get SSL object");
614 build_addr(&addr, host, port, 1);
615 CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
616 tcp_socket(&sockfd, 1);
619 tcp_connect(&sockfd, host, port, 0);
621 CyaSSL_set_fd(ssl, sockfd);
623 if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
624 err_sys("can't enable crl check");
625 if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
626 err_sys("can't load crl, check crlfile and date validity");
627 if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
628 err_sys("can't set crl callback");
632 SetupAtomicUser(ctx, ssl);
634 #ifdef HAVE_PK_CALLBACKS
636 SetupPkCallbacks(ctx, ssl);
638 if (matchName && doPeerCheck)
639 CyaSSL_check_domain_name(ssl, domain);
640 #ifndef CYASSL_CALLBACKS
642 CyaSSL_set_using_nonblock(ssl, 1);
643 tcp_set_nonblocking(&sockfd);
644 NonBlockingSSL_Connect(ssl);
646 else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
647 /* see note at top of README */
648 int err = CyaSSL_get_error(ssl, 0);
649 char buffer[CYASSL_MAX_ERROR_SZ];
650 printf("err = %d, %s\n", err,
651 CyaSSL_ERR_error_string(err, buffer));
652 err_sys("SSL_connect failed");
653 /* if you're getting an error here */
658 NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
663 printf("SSL connect ok, sending GET...\n");
665 strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
668 if (CyaSSL_write(ssl, msg, msgSz) != msgSz)
669 err_sys("SSL_write failed");
671 input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
674 printf("Server response: %s\n", reply);
676 if (sendGET) { /* get html */
678 input = CyaSSL_read(ssl, reply, sizeof(reply)-1);
681 printf("%s\n", reply);
688 else if (input < 0) {
689 int readErr = CyaSSL_get_error(ssl, 0);
690 if (readErr != SSL_ERROR_WANT_READ)
691 err_sys("CyaSSL_read failed");
694 #ifndef NO_SESSION_CACHE
697 strncpy(msg, "break", 6);
698 msgSz = (int)strlen(msg);
699 /* try to send session close */
700 CyaSSL_write(ssl, msg, msgSz);
702 session = CyaSSL_get_session(ssl);
703 sslResume = CyaSSL_new(ctx);
707 if (doDTLS == 0) /* don't send alert after "break" command */
708 CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
716 #ifndef NO_SESSION_CACHE
720 #ifdef USE_WINDOWS_API
725 build_addr(&addr, host, port, 1);
726 CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
727 tcp_socket(&sockfd, 1);
730 tcp_connect(&sockfd, host, port, 0);
732 CyaSSL_set_fd(sslResume, sockfd);
733 CyaSSL_set_session(sslResume, session);
736 #ifndef CYASSL_CALLBACKS
738 CyaSSL_set_using_nonblock(sslResume, 1);
739 tcp_set_nonblocking(&sockfd);
740 NonBlockingSSL_Connect(sslResume);
742 else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
743 err_sys("SSL resume failed");
747 NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
750 if (CyaSSL_session_reused(sslResume))
751 printf("reused session id\n");
753 printf("didn't reuse session id!!!\n");
755 if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
756 err_sys("SSL_write failed");
759 /* give server a chance to bounce a message back to client */
760 #ifdef USE_WINDOWS_API
767 input = CyaSSL_read(sslResume, reply, sizeof(reply)-1);
770 printf("Server resume response: %s\n", reply);
773 /* try to send session break */
774 CyaSSL_write(sslResume, msg, msgSz);
776 CyaSSL_shutdown(sslResume);
777 CyaSSL_free(sslResume);
780 #endif /* NO_SESSION_CACHE */
782 CyaSSL_CTX_free(ctx);
784 ((func_args*)args)->return_code = 0;
786 #ifdef USE_CYASSL_MEMORY
789 #endif /* USE_CYASSL_MEMORY */
795 /* so overall tests can pull in test function */
796 #ifndef NO_MAIN_DRIVER
798 int main(int argc, char** argv)
803 int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
805 err_sys("Cavium OpenNitroxDevice failed");
806 #endif /* HAVE_CAVIUM */
814 #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) && !defined(STACK_TRAP)
815 CyaSSL_Debugging_ON();
817 if (CurrentDir("client"))
819 else if (CurrentDir("Debug") || CurrentDir("Release"))
822 #ifdef HAVE_STACK_SIZE
823 StackSizeCheck(&args, client_test);
830 CspShutdown(CAVIUM_DEV_ID);
832 return args.return_code;
836 char* myoptarg = NULL;
838 #endif /* NO_MAIN_DRIVER */
842 #ifdef CYASSL_CALLBACKS
844 int handShakeCB(HandShakeInfo* info)
851 int timeoutCB(TimeoutInfo* info)