2 * FreeRTOS Kernel V10.0.0
\r
3 * Copyright (C) 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
\r
5 * Permission is hereby granted, free of charge, to any person obtaining a copy of
\r
6 * this software and associated documentation files (the "Software"), to deal in
\r
7 * the Software without restriction, including without limitation the rights to
\r
8 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
\r
9 * the Software, and to permit persons to whom the Software is furnished to do so,
\r
10 * subject to the following conditions:
\r
12 * The above copyright notice and this permission notice shall be included in all
\r
13 * copies or substantial portions of the Software. If you wish to use our Amazon
\r
14 * FreeRTOS name, please do so in a fair use way that does not cause confusion.
\r
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
\r
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
\r
18 * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
\r
19 * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
\r
20 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
\r
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\r
23 * http://www.FreeRTOS.org
\r
24 * http://aws.amazon.com/freertos
\r
26 * 1 tab == 4 spaces!
\r
29 #pragma comment( lib, "ws2_32.lib" )
\r
31 /* Win32 includes. */
\r
32 #include <WinSock2.h>
\r
34 /* wolfSSL includes. */
\r
35 #include "wolfssl/ssl.h"
\r
37 /* Standard includes. */
\r
41 /* FreeRTOS includes. */
\r
42 #include "FreeRTOS.h"
\r
45 /* This application is using the FreeRTOS Windows simulator, which uses the
\r
46 FreeRTOS scheduler to schedule FreeRTOS task within the Windows environment.
\r
47 The Windows envrionment must not be allowed to block any Windows threads that
\r
48 are running FreeRTOS tasks, unless the FreeRTOS task is running at the FreeRTOS
\r
49 idle priority. For simplicity, this demo uses the Windows TCP/IP stack, the
\r
50 API for which can cause Windows threads to block. Therefore, any FreeRTOS task
\r
51 that makes calls to the Windows TCP/IP stack must be assigned the idle prioity.
\r
52 Note this is only a restriction of the simulated Windows environment - real
\r
53 FreeRTOS ports do not have this restriction. */
\r
54 #define sstSECURE_CLIENT_TASK_PRIORITY ( tskIDLE_PRIORITY )
\r
56 /*-----------------------------------------------------------*/
\r
59 * Open, configures and binds the server's TCP socket.
\r
61 static SOCKET prvOpenServerSocket( void );
\r
64 * Prepare the wolfSSL library for use.
\r
66 static void prvInitialiseWolfSSL( void );
\r
69 * The task that implements the client side of the connection.
\r
71 extern void vSecureTCPClientTask( void *pvParameters );
\r
73 /*-----------------------------------------------------------*/
\r
75 /* The wolfSSL context for the server. */
\r
76 static WOLFSSL_CTX* xWolfSSL_ServerContext = NULL;
\r
78 /*-----------------------------------------------------------*/
\r
80 /* See the comments at the top of main.c. */
\r
81 void vSecureTCPServerTask( void *pvParameters )
\r
83 BaseType_t xReturned;
\r
85 uint8_t cReceivedString[ 60 ];
\r
86 struct sockaddr_in xClient;
\r
87 int xClientAddressLength = sizeof( struct sockaddr_in );
\r
88 SOCKET xListeningSocket, xConnectedSocket;
\r
89 WOLFSSL* xWolfSSL_Object; /* Only one connection is accepted at a time, so only one object is needed at a time. */
\r
91 /* Just to prevent compiler warnings. */
\r
92 ( void ) pvParameters;
\r
94 /* Perform the initialisation necessary before wolfSSL can be used. */
\r
95 prvInitialiseWolfSSL();
\r
96 configASSERT( xWolfSSL_ServerContext );
\r
98 /* Attempt to open the socket. */
\r
99 xListeningSocket = prvOpenServerSocket();
\r
101 /* Now the server socket has been created and the wolfSSL library has been
\r
102 initialised, the task that implements the client side can be created. */
\r
103 xTaskCreate( vSecureTCPClientTask, "Client", configMINIMAL_STACK_SIZE, NULL, sstSECURE_CLIENT_TASK_PRIORITY, NULL );
\r
105 if( xListeningSocket != INVALID_SOCKET )
\r
109 /* Wait until the client connects. */
\r
110 printf( "Waiting for new connection\r\n" );
\r
111 xConnectedSocket = accept( xListeningSocket, ( struct sockaddr * ) &xClient, &xClientAddressLength );
\r
113 if( xConnectedSocket != INVALID_SOCKET )
\r
115 printf( "Connection established\r\n" );
\r
117 /* A connection has been accepted by the server. Create a
\r
118 wolfSSL object for use with the newly connected socket. */
\r
119 xWolfSSL_Object = NULL;
\r
120 xWolfSSL_Object = wolfSSL_new( xWolfSSL_ServerContext );
\r
122 if( xWolfSSL_Object != NULL )
\r
124 /* Associate the created wolfSSL object with the connected
\r
126 xReturned = wolfSSL_set_fd( xWolfSSL_Object, xConnectedSocket );
\r
127 configASSERT( xReturned == SSL_SUCCESS );
\r
131 /* The next line is the secure equivalent to the
\r
132 standard sockets call:
\r
133 lBytes = recv( xConnectedSocket, cReceivedString, 50, 0 ); */
\r
134 lBytes = wolfSSL_read( xWolfSSL_Object, cReceivedString, sizeof( cReceivedString ) );
\r
136 /* Print the received characters. */
\r
139 printf( "Received by the secure server: %s\r\n", cReceivedString );
\r
142 } while ( lBytes > 0 );
\r
144 /* The connection was closed, close the socket and free the
\r
146 closesocket( xConnectedSocket );
\r
147 wolfSSL_free( xWolfSSL_Object );
\r
148 printf( "Connection closed, back to start\r\n\r\n" );
\r
155 /* The socket could not be opened. */
\r
156 vTaskDelete( NULL );
\r
159 /*-----------------------------------------------------------*/
\r
161 static SOCKET prvOpenServerSocket( void )
\r
164 WORD wVersionRequested;
\r
165 struct sockaddr_in xConnection;
\r
166 SOCKET xSocket = INVALID_SOCKET;
\r
168 wVersionRequested = MAKEWORD( 2, 2 );
\r
170 /* Prepare to use WinSock. */
\r
171 if( WSAStartup( wVersionRequested, &xWSAData ) != 0 )
\r
173 fprintf( stderr, "Could not open Windows connection.\n" );
\r
177 xSocket = socket( AF_INET, SOCK_STREAM, 0 );
\r
178 if( xSocket == INVALID_SOCKET)
\r
180 fprintf( stderr, "Could not create socket.\n" );
\r
185 /* Zero out the server structure. */
\r
186 memset( ( void * ) &xConnection, 0x00, sizeof( struct sockaddr_in ) );
\r
188 xConnection.sin_family = AF_INET;
\r
189 xConnection.sin_addr.s_addr = inet_addr("127.0.0.1");
\r
190 xConnection.sin_port = htons( configTCP_PORT_NUMBER );
\r
192 /* Bind the address to the socket. */
\r
193 if( bind( xSocket, ( struct sockaddr * ) &xConnection, sizeof( struct sockaddr_in ) ) == -1 )
\r
195 fprintf( stderr, "Could not socket to port %d.\n", configTCP_PORT_NUMBER );
\r
196 closesocket( xSocket );
\r
197 xSocket = INVALID_SOCKET;
\r
201 if( listen( xSocket, 20 ) != 0 )
\r
203 closesocket( xSocket );
\r
204 xSocket = INVALID_SOCKET;
\r
212 /*-----------------------------------------------------------*/
\r
214 static void prvInitialiseWolfSSL( void )
\r
218 #ifdef DEBUG_WOLFSSL
\r
220 wolfSSL_Debugging_ON();
\r
224 /* Initialise wolfSSL. This must be done before any other wolfSSL functions
\r
228 /* Attempt to create a context that uses the TLS 1.2 server protocol. */
\r
229 xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
\r
231 if( xWolfSSL_ServerContext != NULL )
\r
233 /* Load the CA certificate. Real applications should ensure that
\r
234 wolfSSL_CTX_load_verify_locations() returns SSL_SUCCESS before
\r
236 iReturn = wolfSSL_CTX_load_verify_locations( xWolfSSL_ServerContext, "ca-cert.pem", 0 );
\r
237 configASSERT( iReturn == SSL_SUCCESS );
\r
239 iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM );
\r
240 configASSERT( iReturn == SSL_SUCCESS );
\r
242 iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM );
\r
243 configASSERT( iReturn == SSL_SUCCESS );
\r