WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add peer certificate print to callback

pull/3037/head
JacobBarthelmeh 2020-06-11 10:57:26 -07:00
parent e498e07390
commit 6af052faae
5 changed files with 441 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
wrapper/CSharp/include.am
View File

@ -32,6 +32,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs
EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs
EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx
EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs
EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config
EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/Properties/AssemblyInfo.cs

87
wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
View File

@ -135,6 +135,67 @@ class wolfSSL_Example_IOCallbacks
return (uint)4;
}
/// <summary>
/// Example of a certificate verify function
/// </summary>
/// <param name="preverify"></param>
/// <param name="store">pointer to a WOLFSSL_X509_STORE_CTX</param>
/// <returns>size of key set</returns>
public static int my_verify_cb(int preverify, IntPtr store)
{
if (store == IntPtr.Zero)
{
Console.WriteLine("store is null");
}
Console.WriteLine("Status of certificate verify = " + preverify);
/* look at the current cert in store */
try
{
X509 x509 = wolfssl.X509_STORE_CTX_get_current_cert(store);
Console.WriteLine("Issuer : " + x509.Issuer);
Console.WriteLine("Subject : " + x509.Subject);
Console.WriteLine("PEM of certificate:");
Console.WriteLine(System.Text.Encoding.UTF8.GetString(x509.Export()));
Console.WriteLine("DER of certificate:");
Console.WriteLine(BitConverter.ToString(x509.Export(wolfssl.SSL_FILETYPE_ASN1)));
Console.WriteLine("Public key:");
Console.WriteLine(BitConverter.ToString(x509.GetPublicKey()));
}
catch (Exception e)
{
Console.WriteLine("Unable to get X509's");
}
/* list all certs in store */
try
{
int i;
X509[] x509 = wolfssl.X509_STORE_CTX_get_certs(store);
for (i = 0; i < x509.Length; i++)
{
Console.WriteLine("CERT[" + i + "]");
Console.WriteLine("Issuer : " + x509[i].Issuer);
Console.WriteLine("Subject : " + x509[i].Subject);
Console.WriteLine("");
}
}
catch (Exception e)
{
Console.WriteLine("Unable to get X509's");
}
/* by returning 1 here we override any failure and report success */
return 1;
}
private static void clean(IntPtr ssl, IntPtr ctx)
{
@ -151,6 +212,7 @@ class wolfSSL_Example_IOCallbacks
Socket fd;
wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb);
wolfssl.CallbackVerify_delegate verify_cb = new wolfssl.CallbackVerify_delegate(my_verify_cb);
/* These paths should be changed according to use */
string fileCert = @"server-cert.pem";
@ -191,30 +253,7 @@ class wolfSSL_Example_IOCallbacks
return;
}
StringBuilder ciphers = new StringBuilder(new String(' ', 4096));
wolfssl.get_ciphers(ciphers, 4096);
Console.WriteLine("Ciphers : " + ciphers.ToString());
Console.Write("Setting cipher suite to ");
/* To use static PSK build wolfSSL with WOLFSSL_STATIC_PSK preprocessor flag */
StringBuilder set_cipher = new StringBuilder("PSK-AES128-CBC-SHA256");
Console.WriteLine(set_cipher);
if (wolfssl.CTX_set_cipher_list(ctx, set_cipher) != wolfssl.SUCCESS)
{
Console.WriteLine("Failed to set cipher suite");
Console.WriteLine("If using static PSK make sure wolfSSL was built with preprocessor flag WOLFSSL_STATIC_PSK");
wolfssl.CTX_free(ctx);
return;
}
/* Test psk use */
StringBuilder hint = new StringBuilder("cyassl server");
if (wolfssl.CTX_use_psk_identity_hint(ctx, hint) != wolfssl.SUCCESS)
{
Console.WriteLine("Error setting hint");
return;
}
wolfssl.CTX_set_psk_server_callback(ctx, psk_cb);
wolfssl.CTX_set_verify(ctx, wolfssl.SSL_VERIFY_PEER, verify_cb);
/* Set using custom IO callbacks
delegate memory is allocated when calling SetIO**** function and freed with ctx free

202
wrapper/CSharp/wolfSSL_CSharp/X509.cs 100644
View File

@ -0,0 +1,202 @@
using System;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace wolfSSL.CSharp
{
public class X509
{
private const string wolfssl_dll = "wolfssl.dll";
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wolfSSL_X509_get_pubkey_buffer(IntPtr x509, IntPtr buf, IntPtr bufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_get_der(IntPtr x509, IntPtr bufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wolfSSL_X509_free(IntPtr x509);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_DerToPem(IntPtr der, int derSz, IntPtr pem, int pemSz, int type);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_get_name_oneline(IntPtr x509Name, IntPtr buf, int bufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_get_subject_name(IntPtr x509);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_get_issuer_name(IntPtr x509);
private IntPtr x509;
private int type;
private bool isDynamic;
/* public properties */
public string Issuer;
public string Subject;
/* enum from wolfssl */
private readonly int CERT_TYPE = 0;
/// <summary>
/// Creates a new X509 class
/// </summary>
/// <param name="x509">Pointer to wolfSSL structure</param>
/// <param name="isDynamic">Should the lower level x509 be free'd? </param>
public X509(IntPtr x509, bool isDynamic)
{
IntPtr ret;
this.type = wolfssl.SSL_FILETYPE_PEM;
this.x509 = x509;
ret = wolfSSL_X509_get_name_oneline(
wolfSSL_X509_get_issuer_name(this.x509), IntPtr.Zero, 0);
this.Issuer = Marshal.PtrToStringAnsi(ret);
ret = wolfSSL_X509_get_name_oneline(
wolfSSL_X509_get_subject_name(this.x509), IntPtr.Zero, 0);
this.Subject = Marshal.PtrToStringAnsi(ret);
}
/// <summary>
/// Free up the C level WOLFSSL_X509 struct if needed
/// </summary>
~X509()
{
if (this.isDynamic)
{
wolfSSL_X509_free(this.x509);
}
}
/// <summary>
/// Used for getting the public key buffer
/// </summary>
/// <returns>DER public key on success</returns>
public byte[] GetPublicKey()
{
if (this.x509 == IntPtr.Zero)
{
return null;
}
try
{
IntPtr bufSz;
IntPtr buf;
int keySz = 0;
int ret;
byte[] key = null;
bufSz = Marshal.AllocHGlobal(4); /* pointer to 4 bytes */
ret = wolfSSL_X509_get_pubkey_buffer(this.x509, IntPtr.Zero, bufSz);
if (ret == wolfssl.SUCCESS)
{
keySz = Marshal.ReadInt32(bufSz, 0);
buf = Marshal.AllocHGlobal(keySz);
ret = wolfSSL_X509_get_pubkey_buffer(this.x509, buf, bufSz);
if (ret == wolfssl.SUCCESS)
{
key = new byte[keySz];
Marshal.Copy(buf, key, 0, keySz);
}
Marshal.FreeHGlobal(buf);
}
Marshal.FreeHGlobal(bufSz);
return key;
}
catch (Exception e)
{
wolfssl.log(wolfssl.ERROR_LOG, "error getting public key" + e.ToString());
return null;
}
}
/// <summary>
/// Gets the X509 buffer
/// </summary>
/// <returns>X509 buffer on success</returns>
public byte[] Export(int type)
{
if (this.x509 == IntPtr.Zero)
return null;
try
{
IntPtr bufSz;
IntPtr buf;
byte[] ret = null;
bufSz = Marshal.AllocHGlobal(4); /* pointer to 4 bytes */
buf = wolfSSL_X509_get_der(this.x509, bufSz);
if (buf != IntPtr.Zero)
{
int derSz = Marshal.ReadInt32(bufSz, 0);
if (type == wolfssl.SSL_FILETYPE_ASN1)
{
ret = new byte[derSz];
Marshal.Copy(buf, ret, 0, derSz);
}
else if (type == wolfssl.SSL_FILETYPE_PEM)
{
int pemSz;
pemSz = wc_DerToPem(buf, derSz, IntPtr.Zero, 0, CERT_TYPE);
if (pemSz > 0)
{
IntPtr pem = Marshal.AllocHGlobal(pemSz);
pemSz = wc_DerToPem(buf, derSz, pem, pemSz, CERT_TYPE);
ret = new byte[pemSz];
Marshal.Copy(pem, ret, 0, pemSz);
Marshal.FreeHGlobal(pem);
}
}
else
{
wolfssl.log(wolfssl.ERROR_LOG, "unsupported export type");
}
Marshal.FreeHGlobal(bufSz);
return ret;
}
{
wolfssl.log(wolfssl.ERROR_LOG, "unable to get buffer");
}
Marshal.FreeHGlobal(bufSz);
return ret;
}
catch (Exception e)
{
wolfssl.log(wolfssl.ERROR_LOG, "error getting x509 DER" + e.ToString());
return null;
}
}
/// <summary>
/// Gets the X509 buffer using this.type set (default PEM)
/// </summary>
/// <returns>X509 buffer on success</returns>
public byte[] Export()
{
return Export(this.type);
}
/// <summary>
/// Gets the X509 format
/// </summary>
/// <returns>X509 format on success</returns>
public string GetFormat()
{
if (this.type == wolfssl.SSL_FILETYPE_PEM)
{
return "PEM";
}
if (this.type == wolfssl.SSL_FILETYPE_ASN1)
{
return "DER";
}
return "Unknown";
}
}
}

135
wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
View File

@ -298,13 +298,17 @@ namespace wolfSSL.CSharp {
/********************************
* Error logging
*/
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl, CharSet=CharSet.Ansi)]
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)]
private extern static IntPtr wolfSSL_ERR_error_string(uint err, StringBuilder errOut);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wolfSSL_get_error(IntPtr ssl, int err);
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate void loggingCb(int lvl, StringBuilder msg);
private static loggingCb internal_log;
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wolfSSL_Debugging_ON();
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wolfSSL_Debugging_OFF();
/********************************
@ -321,6 +325,7 @@ namespace wolfSSL.CSharp {
/********************************
* Verify Callback
*/
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate int CallbackVerify_delegate(int ret, IntPtr x509_ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wolfSSL_CTX_set_verify(IntPtr ctx, int mode, CallbackVerify_delegate vc);
@ -328,11 +333,26 @@ namespace wolfSSL.CSharp {
private extern static void wolfSSL_set_verify(IntPtr ssl, int mode, CallbackVerify_delegate vc);
/********************************
* X509 Store
*/
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_STORE_CTX_get_current_cert(IntPtr x509Ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_X509_STORE_GetCerts(IntPtr x509Ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wolfSSL_sk_X509_num(IntPtr sk);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wolfSSL_sk_X509_free(IntPtr sk);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wolfSSL_sk_X509_pop(IntPtr sk);
/********************************
* Enum types from wolfSSL library
*/
public static readonly int SSL_FILETYPE_PEM = 1;
public static readonly int SSL_FILETYPE_ASN1= 2;
public static readonly int SSL_FILETYPE_ASN1 = 2;
public static readonly int SSL_FILETYPE_RAW = 3;
public static readonly int SSL_VERIFY_NONE = 0;
@ -341,16 +361,16 @@ namespace wolfSSL.CSharp {
public static readonly int SSL_VERIFY_CLIENT_ONCE = 4;
public static readonly int SSL_VERIFY_FAIL_EXCEPT_PSK = 8;
public static readonly int CBIO_ERR_GENERAL = -1;
public static readonly int CBIO_ERR_WANT_READ = -2;
public static readonly int CBIO_ERR_GENERAL = -1;
public static readonly int CBIO_ERR_WANT_READ = -2;
public static readonly int CBIO_ERR_WANT_WRITE = -2;
public static readonly int CBIO_ERR_CONN_RST = -3;
public static readonly int CBIO_ERR_ISR = -4;
public static readonly int CBIO_ERR_CONN_RST = -3;
public static readonly int CBIO_ERR_ISR = -4;
public static readonly int CBIO_ERR_CONN_CLOSE = -5;
public static readonly int CBIO_ERR_TIMEOUT = -6;
public static readonly int CBIO_ERR_TIMEOUT = -6;
public static readonly int ERROR_LOG = 0;
public static readonly int INFO_LOG = 1;
public static readonly int INFO_LOG = 1;
public static readonly int ENTER_LOG = 2;
public static readonly int LEAVE_LOG = 3;
public static readonly int OTHER_LOG = 4;
@ -455,7 +475,7 @@ namespace wolfSSL.CSharp {
Socket con = (System.Net.Sockets.Socket)gch.Target;
Byte[] msg = new Byte[sz];
Marshal.Copy(buf, msg, 0, sz);
if (con.Send(msg, 0, msg.Length, SocketFlags.None) == 0 && sz !=0)
if (con.Send(msg, 0, msg.Length, SocketFlags.None) == 0 && sz != 0)
{
/* no data sent and msg size is larger then 0, check for lost connection */
if (con.Poll((con.SendTimeout > 0) ? con.SendTimeout : WC_WAIT, SelectMode.SelectWrite))
@ -468,7 +488,7 @@ namespace wolfSSL.CSharp {
}
catch (Exception e)
{
log(ERROR_LOG, "socket connection issue "+ e.ToString());
log(ERROR_LOG, "socket connection issue " + e.ToString());
return wolfssl.CBIO_ERR_CONN_CLOSE;
}
}
@ -545,7 +565,7 @@ namespace wolfSSL.CSharp {
catch (Exception e)
{
/* issue with receive or size of buffer */
log(ERROR_LOG, "socket read issue "+ e.ToString());
log(ERROR_LOG, "socket read issue " + e.ToString());
return wolfssl.CBIO_ERR_CONN_CLOSE;
}
}
@ -1132,14 +1152,14 @@ namespace wolfSSL.CSharp {
return FAILURE;
}
try
try
{
if (!fd.Equals(null))
{
GCHandle gch = GCHandle.FromIntPtr(ssl);
GCHandle gch = GCHandle.FromIntPtr(ssl);
ssl_handle handles = (ssl_handle)gch.Target;
IntPtr sslCtx = handles.get_ssl();
IntPtr ptr;
IntPtr sslCtx = handles.get_ssl();
IntPtr ptr;
GCHandle fd_pin = GCHandle.Alloc(fd);
if (sslCtx == IntPtr.Zero)
@ -1857,7 +1877,92 @@ namespace wolfSSL.CSharp {
log(ERROR_LOG, "wolfssl set verify error " + e.ToString());
return FAILURE;
}
}
/// <summary>
/// Set the certificate verification mode and optional callback function
/// </summary>
/// <param name="ctx">pointer to SSL object that the function is set in</param>
/// <param name="mode">See SSL_VERIFY options</param>
/// <param name="vc">Optional verify callback function to use</param>
public static X509 X509_STORE_CTX_get_current_cert(IntPtr x509Ctx)
{
X509 ret = null;
try
{
if (x509Ctx == IntPtr.Zero)
{
log(ERROR_LOG, "pointer passed in was not set");
return ret;
}
IntPtr x509 = wolfSSL_X509_STORE_CTX_get_current_cert(x509Ctx);
if (x509 != IntPtr.Zero) {
return new X509(x509, false);
}
return ret;
}
catch (Exception e)
{
log(ERROR_LOG, "wolfssl WOLFSSL_X509_STORE_CTX error " + e.ToString());
return ret;
}
}
/// <summary>
/// Gets all of the certificates from store
/// </summary>
/// <param name="x509Ctx">pointer to store to get certificates from</param>
public static X509[] X509_STORE_CTX_get_certs(IntPtr x509Ctx)
{
X509[] ret = null;
try
{
if (x509Ctx == IntPtr.Zero)
{
log(ERROR_LOG, "pointer passed in was not set");
return ret;
}
IntPtr sk = wolfSSL_X509_STORE_GetCerts(x509Ctx);
if (sk != IntPtr.Zero) {
int i;
int numCerts = wolfSSL_sk_X509_num(sk);
ret = new X509[numCerts];
for (i = 0; i < numCerts; i++) {
IntPtr current = wolfSSL_sk_X509_pop(sk);
if (current != IntPtr.Zero)
{
ret[i] = new X509(current, true);
}
}
wolfSSL_sk_X509_free(sk);
}
return ret;
}
catch (Exception e)
{
log(ERROR_LOG, "wolfssl WOLFSSL_X509_STORE_CTX error " + e.ToString());
return ret;
}
}
/// <summary>
/// Print low level C library debug messages to stdout when compiled with macro DEBUG_WOLFSSL
/// </summary>
public static void Debugging_ON()
{
wolfSSL_Debugging_ON();
}
/// <summary>
/// Turn off low level C debug messages
/// </summary>
public static void Debugging_OFF()
{
wolfSSL_Debugging_OFF();
}
/// <summary>

1
wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
View File

@ -59,6 +59,7 @@
<ItemGroup>
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="wolfSSL.cs" />
<Compile Include="X509.cs" />
</ItemGroup>
<ItemGroup>
<WCFMetadata Include="Service References\" />