--- /dev/null
+/*
+ * Testing tool for TLSv1 server routines using HTTPS
+ * Copyright (c) 2011-2019, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "crypto/tls.h"
+
+
+static void https_tls_event_cb(void *ctx, enum tls_event ev,
+ union tls_event_data *data)
+{
+ wpa_printf(MSG_DEBUG, "HTTPS: TLS event %d", ev);
+}
+
+
+static struct wpabuf * https_recv(int s, int timeout_ms)
+{
+ struct wpabuf *in;
+ int len, ret;
+ fd_set rfds;
+ struct timeval tv;
+
+ in = wpabuf_alloc(20000);
+ if (in == NULL)
+ return NULL;
+
+ FD_ZERO(&rfds);
+ FD_SET(s, &rfds);
+ tv.tv_sec = timeout_ms / 1000;
+ tv.tv_usec = timeout_ms % 1000;
+
+ wpa_printf(MSG_DEBUG, "Waiting for more data");
+ ret = select(s + 1, &rfds, NULL, NULL, &tv);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "select: %s", strerror(errno));
+ wpabuf_free(in);
+ return NULL;
+ }
+ if (ret == 0) {
+ /* timeout */
+ wpa_printf(MSG_INFO, "Timeout on waiting for data");
+ wpabuf_free(in);
+ return NULL;
+ }
+
+ len = recv(s, wpabuf_put(in, 0), wpabuf_tailroom(in), 0);
+ if (len < 0) {
+ wpa_printf(MSG_ERROR, "recv: %s", strerror(errno));
+ wpabuf_free(in);
+ return NULL;
+ }
+ if (len == 0) {
+ wpa_printf(MSG_DEBUG, "No more data available");
+ wpabuf_free(in);
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "Received %d bytes", len);
+ wpabuf_put(in, len);
+
+ return in;
+}
+
+
+static void https_tls_log_cb(void *ctx, const char *msg)
+{
+ wpa_printf(MSG_DEBUG, "TLS: %s", msg);
+}
+
+
+static int https_server(int s)
+{
+ struct tls_config conf;
+ void *tls;
+ struct tls_connection_params params;
+ struct tls_connection *conn;
+ struct wpabuf *in, *out, *appl;
+ int res = -1;
+
+ os_memset(&conf, 0, sizeof(conf));
+ conf.event_cb = https_tls_event_cb;
+ tls = tls_init(&conf);
+ if (!tls)
+ return -1;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.ca_cert = "hwsim/auth_serv/ca.pem";
+ params.client_cert = "hwsim/auth_serv/server.pem";
+ params.private_key = "hwsim/auth_serv/server.key";
+ params.dh_file = "hwsim/auth_serv/dh.conf";
+
+ if (tls_global_set_params(tls, ¶ms)) {
+ wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
+ tls_deinit(tls);
+ return -1;
+ }
+
+ conn = tls_connection_init(tls);
+ if (!conn) {
+ tls_deinit(tls);
+ return -1;
+ }
+
+ tls_connection_set_log_cb(conn, https_tls_log_cb, NULL);
+
+ for (;;) {
+ in = https_recv(s, 5000);
+ if (!in)
+ goto done;
+
+ appl = NULL;
+ out = tls_connection_server_handshake(tls, conn, in, &appl);
+ wpabuf_free(in);
+ in = NULL;
+ if (!out) {
+ if (!tls_connection_get_failed(tls, conn) &&
+ !tls_connection_established(tls, conn))
+ continue;
+ goto done;
+ }
+ wpa_printf(MSG_DEBUG, "Sending %d bytes",
+ (int) wpabuf_len(out));
+ if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
+ wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
+ goto done;
+ }
+ wpabuf_free(out);
+ out = NULL;
+ if (tls_connection_get_failed(tls, conn)) {
+ wpa_printf(MSG_ERROR, "TLS handshake failed");
+ goto done;
+ }
+ if (tls_connection_established(tls, conn))
+ break;
+ }
+ wpabuf_free(out);
+ out = NULL;
+
+ wpa_printf(MSG_INFO, "TLS connection established");
+ if (appl)
+ wpa_hexdump_buf(MSG_DEBUG, "Received application data", appl);
+
+ wpa_printf(MSG_INFO, "Reading HTTP request");
+ for (;;) {
+ int need_more_data;
+
+ in = https_recv(s, 5000);
+ if (!in)
+ goto done;
+ out = tls_connection_decrypt2(tls, conn, in, &need_more_data);
+ wpabuf_free(in);
+ in = NULL;
+ if (need_more_data) {
+ wpa_printf(MSG_DEBUG, "HTTP: Need more data");
+ continue;
+ }
+ if (!out)
+ goto done;
+ wpa_hexdump_ascii(MSG_INFO, "Request",
+ wpabuf_head(out), wpabuf_len(out));
+ wpabuf_free(out);
+ out = NULL;
+ break;
+ }
+
+ in = wpabuf_alloc(1000);
+ if (!in)
+ goto done;
+ wpabuf_put_str(in, "HTTP/1.1 200 OK\r\n"
+ "Server: test-https_server\r\n"
+ "\r\n"
+ "<HTML><BODY>HELLO</BODY></HTML>\n");
+ wpa_hexdump_ascii(MSG_DEBUG, "Response",
+ wpabuf_head(in), wpabuf_len(in));
+ out = tls_connection_encrypt(tls, conn, in);
+ wpabuf_free(in);
+ in = NULL;
+ wpa_hexdump_buf(MSG_DEBUG, "Encrypted response", out);
+ if (!out)
+ goto done;
+
+ wpa_printf(MSG_INFO, "Sending HTTP response: %d bytes",
+ (int) wpabuf_len(out));
+ if (send(s, wpabuf_head(out), wpabuf_len(out), 0) < 0) {
+ wpa_printf(MSG_ERROR, "send: %s", strerror(errno));
+ goto done;
+ }
+ wpabuf_free(out);
+ out = NULL;
+
+ res = 0;
+done:
+ wpabuf_free(out);
+ wpabuf_free(in);
+ wpabuf_free(appl);
+ tls_connection_deinit(tls, conn);
+ tls_deinit(tls);
+ close(s);
+
+ return res;
+}
+
+
+int main(int argc, char *argv[])
+{
+ struct sockaddr_in sin;
+ int port, s, conn;
+ int on = 1;
+
+ wpa_debug_level = 0;
+ wpa_debug_show_keys = 1;
+
+ if (argc < 2) {
+ wpa_printf(MSG_INFO, "usage: test-https_server port");
+ return -1;
+ }
+
+ port = atoi(argv[1]);
+
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "HTTP: setsockopt(SO_REUSEADDR) failed: %s",
+ strerror(errno));
+ /* try to continue anyway */
+ }
+
+ os_memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(port);
+ if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
+ perror("bind");
+ close(s);
+ return -1;
+ }
+
+ if (listen(s, 10) < 0) {
+ perror("listen");
+ close(s);
+ return -1;
+ }
+
+ for (;;) {
+ struct sockaddr_in addr;
+ socklen_t addr_len = sizeof(addr);
+
+ conn = accept(s, (struct sockaddr *) &addr, &addr_len);
+ if (conn < 0) {
+ perror("accept");
+ break;
+ }
+
+ wpa_printf(MSG_DEBUG, "-------------------------------------");
+ wpa_printf(MSG_DEBUG, "Connection from %s:%d",
+ inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
+
+ https_server(conn);
+ wpa_printf(MSG_DEBUG, "Done with the connection");
+ wpa_printf(MSG_DEBUG, "-------------------------------------");
+ }
+
+ close(s);
+
+ return 0;
+}