WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add mutual auth, RSA/ECC and TLS v1.2/v1.3 support to TLS crypto callback examples.

pull/413/head
David Garske 2023-12-19 12:31:28 -08:00
parent d505779dfe
commit 1c6e1c4c9a
2 changed files with 85 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
tls/client-tls-cryptocb.c
View File

@ -31,7 +31,9 @@
#include <unistd.h> #include <unistd.h>
/* wolfSSL */ /* wolfSSL */
#include <wolfssl/options.h> #ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
@ -39,7 +41,18 @@
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
#define CA_FILE "../certs/ca-cert.pem" #define USE_ECDHE_ECDSA
#define USE_TLSV13
#ifdef USE_ECDHE_ECDSA
#define CERT_FILE "../certs/client-ecc-cert.pem"
#define KEY_FILE "../certs/ecc-client-key.pem"
#define CA_FILE "../certs/ca-ecc-cert.pem"
#else
#define CERT_FILE "../certs/client-cert.pem"
#define KEY_FILE "../certs/client-key.pem"
#define CA_FILE "../certs/ca-cert.pem"
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
/* Example custom context for crypto callback */ /* Example custom context for crypto callback */
@ -555,12 +568,45 @@ int main(int argc, char** argv)
#endif #endif
/* Create and initialize WOLFSSL_CTX */ /* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())) == NULL) { #ifdef USE_TLSV13
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#endif
if (ctx == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
ret = -1; ret = -1;
goto exit; goto exit;
} }
/* Mutual Authentication */
/* Load client certificate into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
goto exit;
}
/* Load client key into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
goto exit;
}
/* Load CA certificate into WOLFSSL_CTX for validating peer */
if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL))
!= WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CA_FILE);
goto exit;
}
/* validate peer certificate */
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
/* register a devID for crypto callbacks */ /* register a devID for crypto callbacks */
wolfSSL_CTX_SetDevId(ctx, devId); wolfSSL_CTX_SetDevId(ctx, devId);

40
tls/server-tls-cryptocb.c
View File

@ -31,13 +31,28 @@
#include <unistd.h> #include <unistd.h>
/* wolfSSL */ /* wolfSSL */
#include <wolfssl/options.h> #ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/cryptocb.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#define DEFAULT_PORT 11111 #define DEFAULT_PORT 11111
#define CERT_FILE "../certs/server-cert.pem" #define USE_ECDHE_ECDSA
#define KEY_FILE "../certs/server-key.pem" #define USE_TLSV13
#ifdef USE_ECDHE_ECDSA
#define CERT_FILE "../certs/server-ecc.pem"
#define KEY_FILE "../certs/ecc-key.pem"
#define CA_FILE "../certs/client-ecc-cert.pem"
#else
#define CERT_FILE "../certs/server-cert.pem"
#define KEY_FILE "../certs/server-key.pem"
#define CA_FILE "../certs/client-cert.pem"
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
/* Example custom context for crypto callback */ /* Example custom context for crypto callback */
@ -518,7 +533,12 @@ int main(int argc, char** argv)
#endif #endif
/* Create and initialize WOLFSSL_CTX */ /* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())) == NULL) { #ifdef USE_TLSV13
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#endif
if (ctx == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
ret = -1; ret = -1;
goto exit; goto exit;
@ -543,6 +563,18 @@ int main(int argc, char** argv)
goto exit; goto exit;
} }
/* Load CA certificate into WOLFSSL_CTX for validating peer */
if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL))
!= WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CA_FILE);
goto exit;
}
/* enable mutual authentication */
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
#if 0 #if 0
/* Example: "TLS13-AES256-GCM-SHA384", "TLS13-AES128-GCM-SHA256" or "TLS13-CHACHA20-POLY1305-SHA256" */ /* Example: "TLS13-AES256-GCM-SHA384", "TLS13-AES128-GCM-SHA256" or "TLS13-CHACHA20-POLY1305-SHA256" */
wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"); wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384");