2 FreeRTOS V9.0.0 - Copyright (C) 2016 Real Time Engineers Ltd.
\r
5 VISIT http://www.FreeRTOS.org TO ENSURE YOU ARE USING THE LATEST VERSION.
\r
7 This file is part of the FreeRTOS distribution.
\r
9 FreeRTOS is free software; you can redistribute it and/or modify it under
\r
10 the terms of the GNU General Public License (version 2) as published by the
\r
11 Free Software Foundation >>>> AND MODIFIED BY <<<< the FreeRTOS exception.
\r
13 ***************************************************************************
\r
14 >>! NOTE: The modification to the GPL is included to allow you to !<<
\r
15 >>! distribute a combined work that includes FreeRTOS without being !<<
\r
16 >>! obliged to provide the source code for proprietary components !<<
\r
17 >>! outside of the FreeRTOS kernel. !<<
\r
18 ***************************************************************************
\r
20 FreeRTOS is distributed in the hope that it will be useful, but WITHOUT ANY
\r
21 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
\r
22 FOR A PARTICULAR PURPOSE. Full license text is available on the following
\r
23 link: http://www.freertos.org/a00114.html
\r
25 ***************************************************************************
\r
27 * FreeRTOS provides completely free yet professionally developed, *
\r
28 * robust, strictly quality controlled, supported, and cross *
\r
29 * platform software that is more than just the market leader, it *
\r
30 * is the industry's de facto standard. *
\r
32 * Help yourself get started quickly while simultaneously helping *
\r
33 * to support the FreeRTOS project by purchasing a FreeRTOS *
\r
34 * tutorial book, reference manual, or both: *
\r
35 * http://www.FreeRTOS.org/Documentation *
\r
37 ***************************************************************************
\r
39 http://www.FreeRTOS.org/FAQHelp.html - Having a problem? Start by reading
\r
40 the FAQ page "My application does not run, what could be wrong?". Have you
\r
41 defined configASSERT()?
\r
43 http://www.FreeRTOS.org/support - In return for receiving this top quality
\r
44 embedded software for free we request you assist our global community by
\r
45 participating in the support forum.
\r
47 http://www.FreeRTOS.org/training - Investing in training allows your team to
\r
48 be as productive as possible as early as possible. Now you can receive
\r
49 FreeRTOS training directly from Richard Barry, CEO of Real Time Engineers
\r
50 Ltd, and the world's leading authority on the world's leading RTOS.
\r
52 http://www.FreeRTOS.org/plus - A selection of FreeRTOS ecosystem products,
\r
53 including FreeRTOS+Trace - an indispensable productivity tool, a DOS
\r
54 compatible FAT file system, and our tiny thread aware UDP/IP stack.
\r
56 http://www.FreeRTOS.org/labs - Where new FreeRTOS products go to incubate.
\r
57 Come and try FreeRTOS+TCP, our new open source TCP/IP stack for FreeRTOS.
\r
59 http://www.OpenRTOS.com - Real Time Engineers ltd. license FreeRTOS to High
\r
60 Integrity Systems ltd. to sell under the OpenRTOS brand. Low cost OpenRTOS
\r
61 licenses offer ticketed support, indemnification and commercial middleware.
\r
63 http://www.SafeRTOS.com - High Integrity Systems also provide a safety
\r
64 engineered and independently SIL3 certified version for use in safety and
\r
65 mission critical applications that require provable dependability.
\r
70 #pragma comment( lib, "ws2_32.lib" )
\r
72 /* Win32 includes. */
\r
73 #include <WinSock2.h>
\r
75 /* wolfSSL includes. */
\r
76 #include "wolfssl/ssl.h"
\r
78 /* Standard includes. */
\r
82 /* FreeRTOS includes. */
\r
83 #include "FreeRTOS.h"
\r
86 /* This application is using the FreeRTOS Windows simulator, which uses the
\r
87 FreeRTOS scheduler to schedule FreeRTOS task within the Windows environment.
\r
88 The Windows envrionment must not be allowed to block any Windows threads that
\r
89 are running FreeRTOS tasks, unless the FreeRTOS task is running at the FreeRTOS
\r
90 idle priority. For simplicity, this demo uses the Windows TCP/IP stack, the
\r
91 API for which can cause Windows threads to block. Therefore, any FreeRTOS task
\r
92 that makes calls to the Windows TCP/IP stack must be assigned the idle prioity.
\r
93 Note this is only a restriction of the simulated Windows environment - real
\r
94 FreeRTOS ports do not have this restriction. */
\r
95 #define sstSECURE_CLIENT_TASK_PRIORITY ( tskIDLE_PRIORITY )
\r
97 /*-----------------------------------------------------------*/
\r
100 * Open, configures and binds the server's TCP socket.
\r
102 static SOCKET prvOpenServerSocket( void );
\r
105 * Prepare the wolfSSL library for use.
\r
107 static void prvInitialiseWolfSSL( void );
\r
110 * The task that implements the client side of the connection.
\r
112 extern void vSecureTCPClientTask( void *pvParameters );
\r
114 /*-----------------------------------------------------------*/
\r
116 /* The wolfSSL context for the server. */
\r
117 static WOLFSSL_CTX* xWolfSSL_ServerContext = NULL;
\r
119 /*-----------------------------------------------------------*/
\r
121 /* See the comments at the top of main.c. */
\r
122 void vSecureTCPServerTask( void *pvParameters )
\r
124 BaseType_t xReturned;
\r
126 uint8_t cReceivedString[ 60 ];
\r
127 struct sockaddr_in xClient;
\r
128 int xClientAddressLength = sizeof( struct sockaddr_in );
\r
129 SOCKET xListeningSocket, xConnectedSocket;
\r
130 WOLFSSL* xWolfSSL_Object; /* Only one connection is accepted at a time, so only one object is needed at a time. */
\r
132 /* Just to prevent compiler warnings. */
\r
133 ( void ) pvParameters;
\r
135 /* Perform the initialisation necessary before wolfSSL can be used. */
\r
136 prvInitialiseWolfSSL();
\r
137 configASSERT( xWolfSSL_ServerContext );
\r
139 /* Attempt to open the socket. */
\r
140 xListeningSocket = prvOpenServerSocket();
\r
142 /* Now the server socket has been created and the wolfSSL library has been
\r
143 initialised, the task that implements the client side can be created. */
\r
144 xTaskCreate( vSecureTCPClientTask, "Client", configMINIMAL_STACK_SIZE, NULL, sstSECURE_CLIENT_TASK_PRIORITY, NULL );
\r
146 if( xListeningSocket != INVALID_SOCKET )
\r
150 /* Wait until the client connects. */
\r
151 printf( "Waiting for new connection\r\n" );
\r
152 xConnectedSocket = accept( xListeningSocket, ( struct sockaddr * ) &xClient, &xClientAddressLength );
\r
154 if( xConnectedSocket != INVALID_SOCKET )
\r
156 printf( "Connection established\r\n" );
\r
158 /* A connection has been accepted by the server. Create a
\r
159 wolfSSL object for use with the newly connected socket. */
\r
160 xWolfSSL_Object = NULL;
\r
161 xWolfSSL_Object = wolfSSL_new( xWolfSSL_ServerContext );
\r
163 if( xWolfSSL_Object != NULL )
\r
165 /* Associate the created wolfSSL object with the connected
\r
167 xReturned = wolfSSL_set_fd( xWolfSSL_Object, xConnectedSocket );
\r
168 configASSERT( xReturned == SSL_SUCCESS );
\r
172 /* The next line is the secure equivalent to the
\r
173 standard sockets call:
\r
174 lBytes = recv( xConnectedSocket, cReceivedString, 50, 0 ); */
\r
175 lBytes = wolfSSL_read( xWolfSSL_Object, cReceivedString, sizeof( cReceivedString ) );
\r
177 /* Print the received characters. */
\r
180 printf( "Received by the secure server: %s\r\n", cReceivedString );
\r
183 } while ( lBytes > 0 );
\r
185 /* The connection was closed, close the socket and free the
\r
187 closesocket( xConnectedSocket );
\r
188 wolfSSL_free( xWolfSSL_Object );
\r
189 printf( "Connection closed, back to start\r\n\r\n" );
\r
196 /* The socket could not be opened. */
\r
197 vTaskDelete( NULL );
\r
200 /*-----------------------------------------------------------*/
\r
202 static SOCKET prvOpenServerSocket( void )
\r
205 WORD wVersionRequested;
\r
206 struct sockaddr_in xConnection;
\r
207 SOCKET xSocket = INVALID_SOCKET;
\r
209 wVersionRequested = MAKEWORD( 2, 2 );
\r
211 /* Prepare to use WinSock. */
\r
212 if( WSAStartup( wVersionRequested, &xWSAData ) != 0 )
\r
214 fprintf( stderr, "Could not open Windows connection.\n" );
\r
218 xSocket = socket( AF_INET, SOCK_STREAM, 0 );
\r
219 if( xSocket == INVALID_SOCKET)
\r
221 fprintf( stderr, "Could not create socket.\n" );
\r
226 /* Zero out the server structure. */
\r
227 memset( ( void * ) &xConnection, 0x00, sizeof( struct sockaddr_in ) );
\r
229 xConnection.sin_family = AF_INET;
\r
230 xConnection.sin_addr.s_addr = inet_addr("127.0.0.1");
\r
231 xConnection.sin_port = htons( configTCP_PORT_NUMBER );
\r
233 /* Bind the address to the socket. */
\r
234 if( bind( xSocket, ( struct sockaddr * ) &xConnection, sizeof( struct sockaddr_in ) ) == -1 )
\r
236 fprintf( stderr, "Could not socket to port %d.\n", configTCP_PORT_NUMBER );
\r
237 closesocket( xSocket );
\r
238 xSocket = INVALID_SOCKET;
\r
242 if( listen( xSocket, 20 ) != 0 )
\r
244 closesocket( xSocket );
\r
245 xSocket = INVALID_SOCKET;
\r
253 /*-----------------------------------------------------------*/
\r
255 static void prvInitialiseWolfSSL( void )
\r
259 #ifdef DEBUG_WOLFSSL
\r
261 wolfSSL_Debugging_ON();
\r
265 /* Initialise wolfSSL. This must be done before any other wolfSSL functions
\r
269 /* Attempt to create a context that uses the TLS 1.2 server protocol. */
\r
270 xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
\r
272 if( xWolfSSL_ServerContext != NULL )
\r
274 /* Load the CA certificate. Real applications should ensure that
\r
275 wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before
\r
277 iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 );
\r
278 configASSERT( iReturn == SSL_SUCCESS );
\r
280 iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM );
\r
281 configASSERT( iReturn == SSL_SUCCESS );
\r
283 iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM );
\r
284 configASSERT( iReturn == SSL_SUCCESS );
\r