3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <cyassl/ctaocrypt/settings.h>
28 #if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
29 /* in case memory tracker wants stats */
30 #define CYASSL_TRACK_MEMORY
33 #if defined(CYASSL_MDK_ARM)
37 #if defined(CYASSL_MDK5)
45 #include "cyassl_MDK_ARM.h"
47 #include <cyassl/openssl/ssl.h>
48 #include <cyassl/test.h>
50 #include "examples/server/server.h"
53 #ifdef CYASSL_CALLBACKS
54 int srvHandShakeCB(HandShakeInfo*);
55 int srvTimeoutCB(TimeoutInfo*);
59 static void NonBlockingSSL_Accept(SSL* ssl)
61 #ifndef CYASSL_CALLBACKS
62 int ret = SSL_accept(ssl);
64 int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
66 int error = SSL_get_error(ssl, 0);
67 SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
70 while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
71 error == SSL_ERROR_WANT_WRITE)) {
74 if (error == SSL_ERROR_WANT_READ)
75 printf("... server would read block\n");
77 printf("... server would write block\n");
80 currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
82 select_ret = tcp_select(sockfd, currTimeout);
84 if ((select_ret == TEST_RECV_READY) ||
85 (select_ret == TEST_ERROR_READY)) {
86 #ifndef CYASSL_CALLBACKS
87 ret = SSL_accept(ssl);
89 ret = CyaSSL_accept_ex(ssl,
90 srvHandShakeCB, srvTimeoutCB, srvTo);
92 error = SSL_get_error(ssl, 0);
94 else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
95 error = SSL_ERROR_WANT_READ;
98 else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
99 CyaSSL_dtls_got_timeout(ssl) >= 0) {
100 error = SSL_ERROR_WANT_READ;
104 error = SSL_FATAL_ERROR;
107 if (ret != SSL_SUCCESS)
108 err_sys("SSL_accept failed");
112 static void Usage(void)
114 printf("server " LIBCYASSL_VERSION_STRING
115 " NOTE: All files relative to CyaSSL home dir\n");
116 printf("-? Help, print this usage\n");
117 printf("-p <num> Port to listen on, not 0, default %d\n", yasslPort);
118 printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
119 SERVER_DEFAULT_VERSION);
120 printf("-l <str> Cipher list\n");
121 printf("-c <file> Certificate file, default %s\n", svrCert);
122 printf("-k <file> Key file, default %s\n", svrKey);
123 printf("-A <file> Certificate Authority file, default %s\n", cliCert);
124 printf("-d Disable client cert check\n");
125 printf("-b Bind to any interface instead of localhost only\n");
126 printf("-s Use pre Shared keys\n");
127 printf("-t Track CyaSSL memory use\n");
128 printf("-u Use UDP DTLS,"
129 " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
130 printf("-f Fewer packets/group messages\n");
131 printf("-N Use Non-blocking sockets\n");
132 printf("-S <str> Use Host Name Indication\n");
134 printf("-o Perform OCSP lookup on peer certificate\n");
135 printf("-O <url> Perform OCSP lookup using <url> as responder\n");
137 #ifdef HAVE_PK_CALLBACKS
138 printf("-P Public Key Callbacks\n");
142 THREAD_RETURN CYASSL_THREAD server_test(void* args)
145 SOCKET_T clientfd = 0;
147 SSL_METHOD* method = 0;
151 char msg[] = "I hear you fa shizzle!";
155 int version = SERVER_DEFAULT_VERSION;
156 int doCliCertCheck = 1;
158 word16 port = yasslPort;
164 int fewerPackets = 0;
166 char* cipherList = NULL;
167 const char* verifyCert = cliCert;
168 const char* ourCert = svrCert;
169 const char* ourKey = svrKey;
170 int argc = ((func_args*)args)->argc;
171 char** argv = ((func_args*)args)->argv;
174 char* sniHostName = NULL;
179 char* ocspUrl = NULL;
182 ((func_args*)args)->return_code = -1; /* error state */
185 verifyCert = (char*)cliEccCert;
186 ourCert = (char*)eccCert;
187 ourKey = (char*)eccKey;
192 while ((ch = mygetopt(argc, argv, "?dbstnNufPp:v:l:A:c:k:S:oO:")) != -1) {
211 #ifdef USE_CYASSL_MEMORY
229 #ifdef HAVE_PK_CALLBACKS
235 port = (word16)atoi(myoptarg);
236 #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
238 err_sys("port number cannot be 0");
243 version = atoi(myoptarg);
244 if (version < 0 || version > 3) {
251 cipherList = myoptarg;
255 verifyCert = myoptarg;
272 sniHostName = myoptarg;
295 myoptind = 0; /* reset for test cases */
297 /* sort out DTLS versus TLS versions */
298 if (version == CLIENT_INVALID_VERSION) {
300 version = CLIENT_DTLS_DEFAULT_VERSION;
302 version = CLIENT_DEFAULT_VERSION;
313 #ifdef USE_CYASSL_MEMORY
321 method = SSLv3_server_method();
326 method = TLSv1_server_method();
331 method = TLSv1_1_server_method();
339 method = TLSv1_2_server_method();
345 method = DTLSv1_server_method();
349 method = DTLSv1_2_server_method();
354 err_sys("Bad SSL version");
358 err_sys("unable to get method");
360 ctx = SSL_CTX_new(method);
362 err_sys("unable to get ctx");
365 if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
366 err_sys("server can't set cipher list 1");
368 #ifdef CYASSL_LEANPSK
372 #if defined(NO_RSA) && !defined(HAVE_ECC)
377 CyaSSL_CTX_set_group_messages(ctx);
379 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
380 SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
383 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
385 if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
387 err_sys("can't load server cert file, check file and run from"
394 if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
396 err_sys("can't load ntru key file, "
397 "Please run from CyaSSL home dir");
401 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
402 if (!useNtruKey && !usePsk) {
403 if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
405 err_sys("can't load server private key file, check file and run "
406 "from CyaSSL home dir");
412 SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
413 SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
414 if (cipherList == NULL) {
415 const char *defaultCipherList;
416 #ifdef HAVE_NULL_CIPHER
417 defaultCipherList = "PSK-NULL-SHA256";
419 defaultCipherList = "PSK-AES128-CBC-SHA256";
421 if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
422 err_sys("server can't set cipher list 2");
427 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
428 /* if not using PSK, verify peer with certs */
429 if (doCliCertCheck && usePsk == 0) {
430 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
431 SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
432 if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
433 err_sys("can't load ca file, Please run from CyaSSL home dir");
437 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
438 /* don't use EDH, can't sniff tmp keys */
439 if (cipherList == NULL) {
440 if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
441 err_sys("server can't set cipher list 3");
447 if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
448 XSTRLEN(sniHostName)) != SSL_SUCCESS)
449 err_sys("UseSNI failed");
454 err_sys("unable to get SSL");
457 CyaSSL_EnableCRL(ssl, 0);
458 CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
459 CYASSL_CRL_START_MON);
460 CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
464 if (ocspUrl != NULL) {
465 CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
466 CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
467 | CYASSL_OCSP_URL_OVERRIDE);
470 CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
473 #ifdef HAVE_PK_CALLBACKS
475 SetupPkCallbacks(ctx, ssl);
478 tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
482 SSL_set_fd(ssl, clientfd);
483 if (usePsk == 0 || cipherList != NULL) {
484 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
485 CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
486 #elif !defined(NO_DH)
487 SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
491 #ifndef CYASSL_CALLBACKS
493 CyaSSL_set_using_nonblock(ssl, 1);
494 tcp_set_nonblocking(&clientfd);
495 NonBlockingSSL_Accept(ssl);
496 } else if (SSL_accept(ssl) != SSL_SUCCESS) {
497 int err = SSL_get_error(ssl, 0);
498 char buffer[CYASSL_MAX_ERROR_SZ];
499 printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
500 err_sys("SSL_accept failed");
503 NonBlockingSSL_Accept(ssl);
507 idx = SSL_read(ssl, input, sizeof(input)-1);
510 printf("Client message: %s\n", input);
514 int readErr = SSL_get_error(ssl, 0);
515 if (readErr != SSL_ERROR_WANT_READ)
516 err_sys("SSL_read failed");
519 if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
520 err_sys("SSL_write failed");
522 #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
530 CloseSocket(clientfd);
531 ((func_args*)args)->return_code = 0;
533 #ifdef USE_CYASSL_MEMORY
536 #endif /* USE_CYASSL_MEMORY */
542 /* so overall tests can pull in test function */
543 #ifndef NO_MAIN_DRIVER
545 int main(int argc, char** argv)
550 int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
552 err_sys("Cavium OpenNitroxDevice failed");
553 #endif /* HAVE_CAVIUM */
561 #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
562 CyaSSL_Debugging_ON();
564 if (CurrentDir("server"))
566 else if (CurrentDir("Debug") || CurrentDir("Release"))
569 #ifdef HAVE_STACK_SIZE
570 StackSizeCheck(&args, server_test);
577 CspShutdown(CAVIUM_DEV_ID);
579 return args.return_code;
583 char* myoptarg = NULL;
585 #endif /* NO_MAIN_DRIVER */
588 #ifdef CYASSL_CALLBACKS
590 int srvHandShakeCB(HandShakeInfo* info)
597 int srvTimeoutCB(TimeoutInfo* info)