From 23bfb01e542c6f865e007c11e5d0afe3c35174c7 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 30 May 2024 15:41:01 +0200 Subject: [PATCH 01/15] environment setup, updated the README --- wrapper/CSharp/README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index faba0da7f0..ea70e4bde4 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -20,15 +20,17 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you to build the wrapper library and examples. It includes the wolfSSL Visual Studio project directly. -## Linux (using Mono) +## Linux (Ubuntu) using mono Prerequisites for linux: ``` -apt install mono-tools-devel +apt-get update +apt-get upgrade +apt-get install mono-complete ``` -Build wolfSSL and install: +# Build wolfSSL and install ``` ./autogen.sh @@ -38,21 +40,21 @@ make check sudo make install ``` -Build and run the wrapper: +# Build and run the wrapper ``` cd wrapper/CSharp -csc wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ +msc wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +``` -Run the example: +# Run the example ``` -cp wolfSSL-TLS-Server.exe ../../certs +cp wolfSSL_CSharp/wolfSSL.exe ../../certs cd ../../certs - -mono wolfSSL-TLS-Server.exe +mono wolfSSL.exe Calling ctx Init from wolfSSL Finished init of ctx .... now load in cert and key From 095609107d1b1065983f836bdff0e2b0cee4d43f Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 30 May 2024 16:14:17 +0200 Subject: [PATCH 02/15] prototypes --- wrapper/CSharp/README.md | 2 +- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index ea70e4bde4..d19adbc258 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -45,7 +45,7 @@ sudo make install ``` cd wrapper/CSharp -msc wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs ``` diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index c59c3e00b5..e647814384 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -290,6 +290,17 @@ public void free() [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_use_psk_identity_hint(IntPtr ctx, StringBuilder identity); + /******************************** + * SNI + */ + [UnmanagedFunctionPointer(CallingConvention.Cdecl)] + public delegate int sni_delegate(IntPtr ssl, IntPtr ret, IntPtr exArg); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wolfSSL_CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); /******************************** * SSL Structure From 52f1caf699b0ea53568b4aaeaef9b2605667b273 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 30 May 2024 16:44:34 +0200 Subject: [PATCH 03/15] minor changes to the prototypes and actual implementation --- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 63 +++++++++++++++++++++++- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index e647814384..b756934c22 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -59,6 +59,8 @@ private class ctx_handle private GCHandle rec_cb; private GCHandle snd_cb; private GCHandle psk_cb; + private GCHandle sni_cb; + private GCHandle sni_arg; private GCHandle vrf_cb; private IntPtr ctx; @@ -89,6 +91,22 @@ public GCHandle get_psk() return this.psk_cb; } + public void set_sni(GCHandle input) { + this.sni_cb = input; + } + + public GCHandle get_sni(GCHandle input) { + return this.sni_cb; + } + + public void set_arg(GCHandle input) { + this.sni_arg= input; + } + + public GCHandle get_arg(GCHandle input) { + return this.sni_arg; + } + public void set_vrf(GCHandle input) { if (!Object.Equals(this.vrf_cb, default(GCHandle))) @@ -144,6 +162,7 @@ private class ssl_handle { private GCHandle fd_pin; private GCHandle psk_cb; + private GCHandle sni_cb; private GCHandle vrf_cb; private IntPtr ssl; @@ -298,9 +317,9 @@ public void free() [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static void wolfSSL_CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb); + private extern static int wolfSSL_CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static void wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); + private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); /******************************** * SSL Structure @@ -1095,6 +1114,46 @@ public static void CTX_free(IntPtr ctx) } } + public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + handles.set_sni(GCHandle.Alloc(sni_cb)); + + wolfSSL_CTX_set_servername_callback(handles.get_ctx(), sni_cb); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl servername callback error: " + e.ToString()); + } + } + + public static int CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb) { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + handles.set_sni(GCHandle.Alloc(sni_cb)); + + return wolfSSL_CTX_set_tlsext_servername_callback(handles.get_ctx(), sni_cb); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl tlsext servername callback error: " + e.ToString()); + return FAILURE; + } + } + + public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + handles.set_arg(GCHandle.Alloc(arg)); + + return wolfSSL_CTX_set_servername_arg(handles.get_ctx(), arg); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl arg servername callback error: " + e.ToString()); + return FAILURE; + } + } /// /// Set identity hint to use From 15ac366bf979a5e7cc48697483b53710afccec50 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Sat, 1 Jun 2024 17:46:17 +0200 Subject: [PATCH 04/15] added missing wrappers for sni setup & frees --- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 47 ++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index b756934c22..3e78da76e7 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -147,6 +147,10 @@ public void free() { this.psk_cb.Free(); } + if (!Object.Equals(this.sni_cb, default(GCHandle))) + { + this.sni_cb.Free(); + } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); @@ -217,6 +221,10 @@ public void free() { this.psk_cb.Free(); } + if (!Object.Equals(this.sni_cb, default(GCHandle))) + { + this.sni_cb.Free(); + } if (!Object.Equals(this.vrf_cb, default(GCHandle))) { this.vrf_cb.Free(); @@ -320,6 +328,10 @@ public void free() private extern static int wolfSSL_CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size); /******************************** * SSL Structure @@ -1114,7 +1126,8 @@ public static void CTX_free(IntPtr ctx) } } - public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) { + public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) + { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; @@ -1127,7 +1140,8 @@ public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) } } - public static int CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb) { + public static int CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb) + { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; @@ -1141,7 +1155,8 @@ public static int CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sn } } - public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) { + public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) + { try { GCHandle gch = GCHandle.FromIntPtr(ctx); ctx_handle handles = (ctx_handle)gch.Target; @@ -1155,6 +1170,32 @@ public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) { } } + public static int CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ctx); + ctx_handle handles = (ctx_handle)gch.Target; + + return wolfSSL_CTX_UseSNI(handles.get_ctx(), type, data, size); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl ctx use sni error: " + e.ToString()); + return FAILURE; + } + } + + public static int UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ssl); + ssl_handle handles = (ssl_handle)gch.Target; + + return wolfSSL_UseSNI(handles.get_ssl(), type, data, size); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl use sni error: " + e.ToString()); + return FAILURE; + } + } + /// /// Set identity hint to use /// From 6f567b58bc0e0bb85beff074f69be50199f90b82 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Sun, 2 Jun 2024 00:01:51 +0200 Subject: [PATCH 05/15] completed the examples --- .../wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 42 +++++++++++++++++-- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 38 +++++++++++++++-- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 2 + 3 files changed, 74 insertions(+), 8 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index a12c5f599c..5a018d85a8 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - using System; using System.Runtime.InteropServices; using System.Text; @@ -60,11 +59,32 @@ private static int myVerify(int preverify, IntPtr x509_ctx) return preverify; } + /// + /// Checks if the SNI option was enabled via command line. + /// Must be enabled with ./configure --enable-sni when configuring + /// wolfSSL. + /// Parameters passed via command line + /// + private static bool haveSNI(string[] args) + { + if (args != null && args.Length == 2 && args[0] == "-S") + { + Console.WriteLine("SNI IS: ON"); + return true; + } + else { + Console.WriteLine("SNI IS: OFF"); + return false; + } + } + + public static void Main(string[] args) { IntPtr ctx; IntPtr ssl; Socket tcp; + IntPtr sniHostName; /* These paths should be changed for use */ string caCert = @"ca-cert.pem"; @@ -78,7 +98,6 @@ public static void Main(string[] args) wolfssl.Init(); - Console.WriteLine("Calling ctx Init from wolfSSL"); ctx = wolfssl.CTX_new(wolfssl.usev23_client()); if (ctx == IntPtr.Zero) @@ -88,7 +107,6 @@ public static void Main(string[] args) } Console.WriteLine("Finished init of ctx .... now load in CA"); - if (!File.Exists(caCert)) { Console.WriteLine("Could not find CA cert file"); @@ -96,11 +114,27 @@ public static void Main(string[] args) return; } - if (wolfssl.CTX_load_verify_locations(ctx, caCert, null) != wolfssl.SUCCESS) { Console.WriteLine("Error loading CA cert"); + wolfssl.CTX_free(ctx); + return; + } + + if (haveSNI(args)) + { + string sniHostNameString = args[1].Trim(); + sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); + + ushort size = (ushort)sniHostNameString.Length; + + if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS) + { + Console.WriteLine("UseSNI failed"); + wolfssl.CTX_free(ctx); + return; + } } StringBuilder ciphers = new StringBuilder(new String(' ', 4096)); diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 12217dc071..140d4d1f2f 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -19,9 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - - using System; using System.Runtime.InteropServices; using System.Text; @@ -50,6 +47,26 @@ private static void clean(IntPtr ssl, IntPtr ctx) wolfssl.Cleanup(); } + /// + /// Checks if the SNI option was enabled via command line. + /// Must be enabled with ./configure --enable-sni when configuring + /// wolfSSL. + /// Parameters passed via command line + /// + private static bool haveSNI(string[] args) + { + if (args != null && args.Length == 2 && args[0] == "-S") + { + Console.WriteLine("SNI IS: ON"); + return true; + } + else { + Console.WriteLine("SNI IS: OFF"); + return false; + } + } + + public static void Main(string[] args) { @@ -70,7 +87,6 @@ public static void Main(string[] args) wolfssl.Init(); - Console.WriteLine("Calling ctx Init from wolfSSL"); ctx = wolfssl.CTX_new(wolfssl.usev23_server()); if (ctx == IntPtr.Zero) @@ -101,6 +117,20 @@ public static void Main(string[] args) return; } + if (haveSNI(args)) + { + string sniHostNameString = args[1].Trim(); + sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); + + ushort size = (ushort)sniHostNameString.Length; + + if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS) + { + Console.WriteLine("UseSNI failed"); + wolfssl.CTX_free(ctx); + return; + } + } StringBuilder ciphers = new StringBuilder(new String(' ', 4096)); wolfssl.get_ciphers(ciphers, 4096); diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 3e78da76e7..8377419c46 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -459,6 +459,8 @@ public void free() public static readonly int SUCCESS = 1; public static readonly int FAILURE = 0; + public static readonly int WOLFSSL_SNI_HOST_NAME = 0; + public static readonly int WOLFSSL_SNI_HOST_NAME_OUTER = 0; private static IntPtr unwrap_ctx(IntPtr ctx) From c325de993db3604dc8e64b60162a2f6a56d544b3 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Mon, 3 Jun 2024 20:05:00 +0200 Subject: [PATCH 06/15] removed WOLFSSL_SNI_HOST_NAME_OUTER && minor fix (missing sniHostName got lost during editing) --- wolfssl/ssl.h | 1 - wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 1 + wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f12d32a23d..1eeeef7f04 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3811,7 +3811,6 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /* SNI types */ enum { WOLFSSL_SNI_HOST_NAME = 0, - WOLFSSL_SNI_HOST_NAME_OUTER = 0, }; WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 140d4d1f2f..281020709f 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -73,6 +73,7 @@ public static void Main(string[] args) IntPtr ctx; IntPtr ssl; Socket fd; + IntPtr sniHostName; /* These paths should be changed for use */ string fileCert = @"server-cert.pem"; diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 8377419c46..551585bdd7 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -460,7 +460,6 @@ public void free() public static readonly int SUCCESS = 1; public static readonly int FAILURE = 0; public static readonly int WOLFSSL_SNI_HOST_NAME = 0; - public static readonly int WOLFSSL_SNI_HOST_NAME_OUTER = 0; private static IntPtr unwrap_ctx(IntPtr ctx) From c04c7685b1f9f4c9215c55512fb22830b747ac06 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Mon, 3 Jun 2024 21:24:54 +0200 Subject: [PATCH 07/15] added callback example: setting sni cb & arg server side, and passing the name client side via -S flag --- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 59 ++++++++++++++----- 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 281020709f..141f1f9af6 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -66,7 +66,19 @@ private static bool haveSNI(string[] args) } } - + /// + /// Example of a SNI function call back + /// + /// pointer to ssl structure + /// alert code + /// context arg, can be set with the function wolfssl.CTX_set_servername_arg + /// + public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) { + /* Trivial callback just for testing */ + Console.WriteLine("my sni server callback"); + + return wolfssl.SUCCESS; + } public static void Main(string[] args) { @@ -74,6 +86,7 @@ public static void Main(string[] args) IntPtr ssl; Socket fd; IntPtr sniHostName; + IntPtr arg_sni; /* These paths should be changed for use */ string fileCert = @"server-cert.pem"; @@ -118,21 +131,6 @@ public static void Main(string[] args) return; } - if (haveSNI(args)) - { - string sniHostNameString = args[1].Trim(); - sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); - - ushort size = (ushort)sniHostNameString.Length; - - if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS) - { - Console.WriteLine("UseSNI failed"); - wolfssl.CTX_free(ctx); - return; - } - } - StringBuilder ciphers = new StringBuilder(new String(' ', 4096)); wolfssl.get_ciphers(ciphers, 4096); Console.WriteLine("Ciphers : " + ciphers.ToString()); @@ -155,6 +153,34 @@ public static void Main(string[] args) return; } + if (haveSNI(args)) + { + string sniHostNameString = args[1].Trim(); + sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); + + ushort size = (ushort)sniHostNameString.Length; + + // Allocating memory and setting SNI arg + int test_value = 32; + arg_sni = Marshal.AllocHGlobal(sizeof(int)); + Marshal.WriteInt32(arg_sni, test_value); + if (wolfssl.CTX_set_servername_arg(ctx, arg_sni) == wolfssl.FAILURE) { + Console.WriteLine("wolfssl.CTX_set_servername_arg failed"); + wolfssl.CTX_free(ctx); + return; + } + + // Setting SNI delegate + wolfssl.sni_delegate sni_cb = new wolfssl.sni_delegate(my_sni_server_cb); + wolfssl.CTX_set_servername_callback(ctx, sni_cb); + + if (wolfssl.CTX_set_tlsext_servername_callback(ssl, sni_cb) == wolfssl.FAILURE) { + Console.WriteLine("wolfssl.CTX_set_tlsext_servername_callback failed"); + wolfssl.CTX_free(ctx); + return; + } + } + Console.WriteLine("Connection made wolfSSL_accept "); if (wolfssl.set_fd(ssl, fd) != wolfssl.SUCCESS) { @@ -201,6 +227,7 @@ public static void Main(string[] args) wolfssl.shutdown(ssl); fd.Close(); tcp.Stop(); + clean(ssl, ctx); } } From b2e7707f18a9f2ada4b9553bd035c5aefdd98fde Mon Sep 17 00:00:00 2001 From: gasbytes Date: Mon, 3 Jun 2024 21:33:55 +0200 Subject: [PATCH 08/15] removed sniHostName no longer used --- wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 141f1f9af6..7803febc32 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -85,7 +85,6 @@ public static void Main(string[] args) IntPtr ctx; IntPtr ssl; Socket fd; - IntPtr sniHostName; IntPtr arg_sni; /* These paths should be changed for use */ @@ -155,11 +154,6 @@ public static void Main(string[] args) if (haveSNI(args)) { - string sniHostNameString = args[1].Trim(); - sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); - - ushort size = (ushort)sniHostNameString.Length; - // Allocating memory and setting SNI arg int test_value = 32; arg_sni = Marshal.AllocHGlobal(sizeof(int)); From 5d0b7e0d18ab53c483095c89ef4885c889ca5815 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Tue, 4 Jun 2024 17:54:21 +0200 Subject: [PATCH 09/15] updated readme & sni function --- wrapper/CSharp/README.md | 38 ++++++++++++++----- .../wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 19 +++++----- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 18 ++++----- 3 files changed, 47 insertions(+), 28 deletions(-) diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index d19adbc258..a4f7ab4d7a 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -30,7 +30,7 @@ apt-get upgrade apt-get install mono-complete ``` -# Build wolfSSL and install +### Build wolfSSL and install ``` ./autogen.sh @@ -40,24 +40,42 @@ make check sudo make install ``` -# Build and run the wrapper +### Build and run the wrapper ``` cd wrapper/CSharp +``` + +Building the server: +``` +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ +wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs && \ +cp wolfSSL_CSharp/wolfSSL.exe ../../certs/server.exe +``` +Building the client: +``` mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ - wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs && \ +cp wolfSSL_CSharp/wolfSSL.exe ../../certs/client.exe ``` -# Run the example +### Run the example +In one terminal instance run: ``` -cp wolfSSL_CSharp/wolfSSL.exe ../../certs cd ../../certs -mono wolfSSL.exe +mono server.exe +``` + +And in another terminal instance run: +``` +cd ../../certs +mono client.exe +``` -Calling ctx Init from wolfSSL -Finished init of ctx .... now load in cert and key -Ciphers : TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD -Started TCP and waiting for a connection +### Enabling SNI +To enable SNI, just pass the `-S` argument with the specified hostname: +``` +mono client.exe -S hostname ``` diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index 5a018d85a8..e8e4e9ae63 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -65,20 +65,21 @@ private static int myVerify(int preverify, IntPtr x509_ctx) /// wolfSSL. /// Parameters passed via command line /// - private static bool haveSNI(string[] args) + private static bool haveSNI(string[] args) { - if (args != null && args.Length == 2 && args[0] == "-S") - { - Console.WriteLine("SNI IS: ON"); - return true; - } - else { - Console.WriteLine("SNI IS: OFF"); - return false; + bool sniON = false; + for (int i = 0; i < args.Length; i++) { + if (args[i] == "-S") { + sniON = true; + break; + } } + Console.WriteLine("SNI IS: " + sniON); + return sniON; } + public static void Main(string[] args) { IntPtr ctx; diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 7803febc32..2a51378515 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -53,17 +53,17 @@ private static void clean(IntPtr ssl, IntPtr ctx) /// wolfSSL. /// Parameters passed via command line /// - private static bool haveSNI(string[] args) + private static bool haveSNI(string[] args) { - if (args != null && args.Length == 2 && args[0] == "-S") - { - Console.WriteLine("SNI IS: ON"); - return true; - } - else { - Console.WriteLine("SNI IS: OFF"); - return false; + bool sniON = false; + for (int i = 0; i < args.Length; i++) { + if (args[i] == "-S") { + sniON = true; + break; + } } + Console.WriteLine("SNI IS: " + sniON); + return sniON; } /// From 983610ed687b8ba488d62baee52bda0a90bca85b Mon Sep 17 00:00:00 2001 From: gasbytes Date: Tue, 4 Jun 2024 18:26:01 +0200 Subject: [PATCH 10/15] - Applied David's patch to get access to the missing sni callback (arg) - removed tlsext callback (since it's a compatibility one) - updated testing examples and wrapper --- src/ssl.c | 43 ++++++++++--------- wolfssl/ssl.h | 11 +++-- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 8 +--- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 17 -------- 4 files changed, 31 insertions(+), 48 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d027ef01b0..44b46c1f30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20156,16 +20156,9 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx) return NULL; } - #ifdef HAVE_SNI - -void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); - if (ctx) - ctx->sniRecvCb = cb; -} - +/* this is a compatibily function, consider using + * wolfSSL_CTX_set_servername_callback */ int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) { @@ -20177,19 +20170,8 @@ int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, return WOLFSSL_FAILURE; } -int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg"); - if (ctx) { - ctx->sniRecvCbArg = arg; - return WOLFSSL_SUCCESS; - } - return WOLFSSL_FAILURE; -} - #endif /* HAVE_SNI */ - #ifndef NO_BIO void wolfSSL_ERR_load_BIO_strings(void) { WOLFSSL_ENTER("wolfSSL_ERR_load_BIO_strings"); @@ -20224,6 +20206,27 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH || * HAVE_SBLIM_SFCB)) */ +#ifdef HAVE_SNI + +void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); + if (ctx) + ctx->sniRecvCb = cb; +} + + +int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg"); + if (ctx) { + ctx->sniRecvCbArg = arg; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} + +#endif /* HAVE_SNI */ #if defined(OPENSSL_EXTRA) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1eeeef7f04..59f703d3ce 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4872,14 +4872,17 @@ typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb); -WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, - CallbackSniRecv cb); WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg); #endif -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + +#ifdef HAVE_SNI +WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, + CallbackSniRecv cb); +#endif WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void* pid); diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 2a51378515..b90453b515 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -77,7 +77,7 @@ public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) { /* Trivial callback just for testing */ Console.WriteLine("my sni server callback"); - return wolfssl.SUCCESS; + return 0; } public static void Main(string[] args) @@ -167,12 +167,6 @@ public static void Main(string[] args) // Setting SNI delegate wolfssl.sni_delegate sni_cb = new wolfssl.sni_delegate(my_sni_server_cb); wolfssl.CTX_set_servername_callback(ctx, sni_cb); - - if (wolfssl.CTX_set_tlsext_servername_callback(ssl, sni_cb) == wolfssl.FAILURE) { - Console.WriteLine("wolfssl.CTX_set_tlsext_servername_callback failed"); - wolfssl.CTX_free(ctx); - return; - } } Console.WriteLine("Connection made wolfSSL_accept "); diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 551585bdd7..3f9d9a17e6 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -325,8 +325,6 @@ public void free() [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static int wolfSSL_CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb); - [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size); @@ -1141,21 +1139,6 @@ public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) } } - public static int CTX_set_tlsext_servername_callback(IntPtr ctx, sni_delegate sni_cb) - { - try { - GCHandle gch = GCHandle.FromIntPtr(ctx); - ctx_handle handles = (ctx_handle)gch.Target; - - handles.set_sni(GCHandle.Alloc(sni_cb)); - - return wolfSSL_CTX_set_tlsext_servername_callback(handles.get_ctx(), sni_cb); - } catch (Exception e) { - log(ERROR_LOG, "wolfssl tlsext servername callback error: " + e.ToString()); - return FAILURE; - } - } - public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) { try { From 70fc5c97fbdcedacfaff79b7747b1caf804becdf Mon Sep 17 00:00:00 2001 From: gasbytes Date: Tue, 4 Jun 2024 19:13:51 +0200 Subject: [PATCH 11/15] made the workflow to compile & executes easier, updated the readme also --- wrapper/CSharp/README.md | 24 +++++++++++-------- .../wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 2 +- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 4 ++-- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index a4f7ab4d7a..1d70ba939b 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -42,40 +42,44 @@ sudo make install ### Build and run the wrapper +From the wolfssl root directory: + ``` cd wrapper/CSharp ``` -Building the server: +Compile server: + ``` mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs && \ -cp wolfSSL_CSharp/wolfSSL.exe ../../certs/server.exe +wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe ``` -Building the client: +Compile client: + ``` mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs && \ -cp wolfSSL_CSharp/wolfSSL.exe ../../certs/client.exe +wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe ``` ### Run the example -In one terminal instance run: +In one terminal instance run the server: + ``` -cd ../../certs mono server.exe ``` -And in another terminal instance run: +And in another terminal instance run the client: + ``` -cd ../../certs mono client.exe ``` ### Enabling SNI + To enable SNI, just pass the `-S` argument with the specified hostname: + ``` mono client.exe -S hostname ``` diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index e8e4e9ae63..3086c3cae4 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -88,7 +88,7 @@ public static void Main(string[] args) IntPtr sniHostName; /* These paths should be changed for use */ - string caCert = @"ca-cert.pem"; + string caCert = @"../../certs/ca-cert.pem"; StringBuilder dhparam = new StringBuilder("dh2048.pem"); StringBuilder buff = new StringBuilder(1024); diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index b90453b515..e5b56e91dd 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -88,8 +88,8 @@ public static void Main(string[] args) IntPtr arg_sni; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; + string fileCert = @"../../certs/server-cert.pem"; + string fileKey = @"../../certs/server-key.pem"; StringBuilder dhparam = new StringBuilder("dh2048.pem"); StringBuilder buff = new StringBuilder(1024); From f231c7be0374b4920548e3a79b18faf9ebbe34d6 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Tue, 4 Jun 2024 23:08:56 +0200 Subject: [PATCH 12/15] updated the README & haveSNI function --- wrapper/CSharp/README.md | 8 +++- .../wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 37 ++++++++++++++----- 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index 1d70ba939b..4a2c1455ec 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -78,8 +78,14 @@ mono client.exe ### Enabling SNI -To enable SNI, just pass the `-S` argument with the specified hostname: +To enable SNI, just pass the `-S` argument with the specified hostname to the client: ``` mono client.exe -S hostname ``` + +And run the server with the `-S` flag: + +``` +mono server.exe -S +``` diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index 3086c3cae4..fde1026bcf 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -65,20 +65,30 @@ private static int myVerify(int preverify, IntPtr x509_ctx) /// wolfSSL. /// Parameters passed via command line /// - private static bool haveSNI(string[] args) + private static int haveSNI(string[] args) { - bool sniON = false; for (int i = 0; i < args.Length; i++) { if (args[i] == "-S") { - sniON = true; - break; + Console.WriteLine("SNI IS ON"); + return i+1; } } - Console.WriteLine("SNI IS: " + sniON); - return sniON; + Console.WriteLine("SNI IS OFF"); + return -1; } - + public static string setPath() { + if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + { + return @"../../certs/ca-cert.pem"; + } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + return @"../../../../certs/ca-cert.pem"; + } else + { + return ""; + } + } public static void Main(string[] args) { @@ -88,7 +98,12 @@ public static void Main(string[] args) IntPtr sniHostName; /* These paths should be changed for use */ - string caCert = @"../../certs/ca-cert.pem"; + string caCert = setPath(); + if (caCert == "") { + Console.WriteLine("Platform not supported."); + return; + } + StringBuilder dhparam = new StringBuilder("dh2048.pem"); StringBuilder buff = new StringBuilder(1024); @@ -108,6 +123,7 @@ public static void Main(string[] args) } Console.WriteLine("Finished init of ctx .... now load in CA"); + if (!File.Exists(caCert)) { Console.WriteLine("Could not find CA cert file"); @@ -123,9 +139,10 @@ public static void Main(string[] args) return; } - if (haveSNI(args)) + int sniArg = haveSNI(args); + if (sniArg >= 0) { - string sniHostNameString = args[1].Trim(); + string sniHostNameString = args[sniArg].Trim(); sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString); ushort size = (ushort)sniHostNameString.Length; From 6cb97a7262c27450960a57e5efc6d89d49d9b1fc Mon Sep 17 00:00:00 2001 From: gasbytes Date: Tue, 4 Jun 2024 23:12:16 +0200 Subject: [PATCH 13/15] fixed windows build path problem --- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index e5b56e91dd..c273f63317 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -80,6 +80,19 @@ public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) { return 0; } + public static string setPath(string file) { + if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + { + return @"../../certs/" + file; + } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + return @"../../../../certs/" + file; + } else + { + return ""; + } + } + public static void Main(string[] args) { IntPtr ctx; @@ -88,8 +101,13 @@ public static void Main(string[] args) IntPtr arg_sni; /* These paths should be changed for use */ - string fileCert = @"../../certs/server-cert.pem"; - string fileKey = @"../../certs/server-key.pem"; + string fileCert = setPath("server-cert.pem"); + string fileKey = setPath("server-key.pem"); + if (fileCert == "" || fileKey == "") { + Console.WriteLine("Platform not supported."); + return; + } + StringBuilder dhparam = new StringBuilder("dh2048.pem"); StringBuilder buff = new StringBuilder(1024); From 2ab709c89a260f178e4f9e0e2639cd62940eff53 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Wed, 5 Jun 2024 13:28:30 +0200 Subject: [PATCH 14/15] - Platform specific function to correctly set the path for the certificates; - Updated all the examples with it; --- .../wolfSSL-DTLS-PSK-Server.cs | 17 +++++++-- .../wolfSSL-DTLS-Server.cs | 17 +++++++-- .../wolfSSL-Example-IOCallbacks.cs | 17 +++++++-- .../wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 27 +++++-------- .../wolfSSL-TLS-PSK-Client.cs | 12 +++++- .../wolfSSL-TLS-PSK-Server.cs | 17 +++++++-- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 38 +++++++++---------- .../wolfSSL-TLS-ServerThreaded.cs | 17 +++++++-- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 20 ++++++++++ 9 files changed, 130 insertions(+), 52 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs index 6aa9aa542b..f1753282b8 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs @@ -78,9 +78,14 @@ public static void Main(string[] args) IntPtr ssl; /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); @@ -106,6 +111,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs index fcbfe69229..5e10a9a93b 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs @@ -58,9 +58,14 @@ public static void Main(string[] args) IntPtr ssl; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath(@"server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -87,6 +92,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs index ac91a97954..77218fd0a1 100644 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs @@ -214,12 +214,17 @@ static void Main(string[] args) IntPtr ssl; Socket fd; - wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); wolfssl.CallbackVerify_delegate verify_cb = new wolfssl.CallbackVerify_delegate(my_verify_cb); /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -242,6 +247,12 @@ static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs index fde1026bcf..7cf4c71f4c 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs @@ -77,19 +77,6 @@ private static int haveSNI(string[] args) return -1; } - public static string setPath() { - if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) - { - return @"../../certs/ca-cert.pem"; - } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) - { - return @"../../../../certs/ca-cert.pem"; - } else - { - return ""; - } - } - public static void Main(string[] args) { IntPtr ctx; @@ -98,14 +85,14 @@ public static void Main(string[] args) IntPtr sniHostName; /* These paths should be changed for use */ - string caCert = setPath(); - if (caCert == "") { + string caCert = wolfssl.setPath("ca-cert.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (caCert == "" || dhparam.Length == 0) { Console.WriteLine("Platform not supported."); return; } - StringBuilder dhparam = new StringBuilder("dh2048.pem"); - StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -131,6 +118,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_load_verify_locations(ctx, caCert, null) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs index cdc3ef7ca9..0f70d72d44 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs @@ -82,7 +82,11 @@ public static void Main(string[] args) wolfssl.psk_client_delegate psk_cb = new wolfssl.psk_client_delegate(my_psk_client_cb); - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + if (dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# client psk wrapper"); @@ -157,6 +161,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM); if (wolfssl.connect(ssl) != wolfssl.SUCCESS) diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs index a46dbd5949..a16bb87325 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs @@ -80,9 +80,14 @@ public static void Main(string[] args) wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb); /* These paths should be changed according to use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -105,6 +110,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index c273f63317..2479bb7629 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -80,19 +80,6 @@ public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) { return 0; } - public static string setPath(string file) { - if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) - { - return @"../../certs/" + file; - } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) - { - return @"../../../../certs/" + file; - } else - { - return ""; - } - } - public static void Main(string[] args) { IntPtr ctx; @@ -101,15 +88,15 @@ public static void Main(string[] args) IntPtr arg_sni; /* These paths should be changed for use */ - string fileCert = setPath("server-cert.pem"); - string fileKey = setPath("server-key.pem"); - if (fileCert == "" || fileKey == "") { + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dh2048Pem = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dh2048Pem.Length == 0) { Console.WriteLine("Platform not supported."); return; } - StringBuilder dhparam = new StringBuilder("dh2048.pem"); - StringBuilder buff = new StringBuilder(1024); StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper"); @@ -134,6 +121,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); @@ -197,7 +190,14 @@ public static void Main(string[] args) return; } - wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM); + if (wolfssl.SetTmpDH_file(ssl, dh2048Pem, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) + { + Console.WriteLine("Error in setting dh2048Pem"); + Console.WriteLine(wolfssl.get_error(ssl)); + tcp.Stop(); + clean(ssl, ctx); + return; + } if (wolfssl.accept(ssl) != wolfssl.SUCCESS) { diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs index e83784e1f7..6cd6982dbe 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs @@ -116,9 +116,14 @@ public static void Main(string[] args) IntPtr ctx; /* These paths should be changed for use */ - string fileCert = @"server-cert.pem"; - string fileKey = @"server-key.pem"; - StringBuilder dhparam = new StringBuilder("dh2048.pem"); + string fileCert = wolfssl.setPath("server-cert.pem"); + string fileKey = wolfssl.setPath("server-key.pem"); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); + + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { + Console.WriteLine("Platform not supported"); + return; + } /* example of function used for setting logging */ wolfssl.SetLogging(standard_log); @@ -140,6 +145,12 @@ public static void Main(string[] args) return; } + if (!File.Exists(dhparam.ToString())) { + Console.WriteLine("Could not find dh file"); + wolfssl.CTX_free(ctx); + return; + } + if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting cert file"); diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 3f9d9a17e6..7b7ec1e236 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -485,6 +485,26 @@ private static IntPtr unwrap_ssl(IntPtr ssl) } } + /// + /// Utility function used to access the certificates + /// based on the platform. + /// return the platform specific path to the certificate + /// + public static string setPath(string file) { + if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + { + Console.WriteLine("Linux - " + file); + return @"../../certs/" + file; + } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + Console.WriteLine("Windows - " + file); + return @"../../../../certs/" + file; + } else + { + return ""; + } + } + /// /// Call back to allow receiving TLS information From 453e2fadc1f9425b961fcdaad4f0461e81911798 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Wed, 5 Jun 2024 17:45:34 +0200 Subject: [PATCH 15/15] dh2048Pem -> dhparam --- wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 2479bb7629..7552777abb 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -90,9 +90,9 @@ public static void Main(string[] args) /* These paths should be changed for use */ string fileCert = wolfssl.setPath("server-cert.pem"); string fileKey = wolfssl.setPath("server-key.pem"); - StringBuilder dh2048Pem = new StringBuilder(wolfssl.setPath("dh2048.pem")); + StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem")); - if (fileCert == "" || fileKey == "" || dh2048Pem.Length == 0) { + if (fileCert == "" || fileKey == "" || dhparam.Length == 0) { Console.WriteLine("Platform not supported."); return; } @@ -190,7 +190,7 @@ public static void Main(string[] args) return; } - if (wolfssl.SetTmpDH_file(ssl, dh2048Pem, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) + if (wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS) { Console.WriteLine("Error in setting dh2048Pem"); Console.WriteLine(wolfssl.get_error(ssl));