wolfKeyMgr v0.9:

* Added HTTPS server / client for local testing.
* Added middle-box decryption example (uses the wolfSSL sniffer module)
* Fixes for HTTP engine parsing.
* Improve socket select error reporting for timeout vs. error.
* Added ETSI client push support.
* Added ability to specify default key type for Key Manager.
* Added better debug printing for key used.

Author: dgarske

.gitignore

@@ -28,6 +28,7 @@ aminclude.am
 *.lo
 *.la
 *.libs
+.vscode
 
 # misc
 tags
@@ -38,7 +39,10 @@ diff
 
 # applications
 src/wolfkeymgr
-examples/etsi_client/etsi_client
+examples/middlebox/decrypt
+examples/etsi_test/etsi_test
+examples/https/client
+examples/https/server
 libtool
 wolfkeymgr/options.h
 
@@ -56,4 +60,4 @@ certs/server-*.pem
 certs/client-*.der
 certs/client-*.pem
 certs/serial.old
-options.h
+tracefile.txt

Makefile.am

@@ -27,7 +27,7 @@ EXTRA_DIST += README.md
 EXTRA_DIST += LICENSE
 
 include src/include.am
-include examples/etsi_client/include.am
+include examples/include.am
 include scripts/include.am
 include certs/include.am
 

README.md

@@ -68,12 +68,13 @@ openssl ca -config ./certs/ca-ecc.cnf -extensions server_cert -days 3650 -notext
 rm ./certs/server-cert.csr
 
 
-# Script to generated a self-signed TLS server certificate for Apache
+# Script to generate a self-signed TLS server certificate for Apache
 # No key password
 
 if [ -f ./certs/test-key.pem ]; then
     # ECC
     openssl ecparam -name prime256v1 -genkey -outform pem -out ./certs/test-key.pem
 fi
 
-openssl req -new -x509 -nodes -key ./certs/test-key.pem -out ./certs/test-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=CA/L=Seattle/O=wolfSSL/OU=Development/CN=etsitest.com/[email protected]"
+openssl req -new -x509 -nodes -key ./certs/test-key.pem -out ./certs/test-cert.pem -sha256 -days 7300 -batch \
+	-subj "/C=US/ST=CA/L=Seattle/O=wolfSSL/OU=Development/CN=localhost/[email protected]"

certs/gen-certs.sh

@@ -1,16 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICbzCCAhWgAwIBAgIUXcyHnGxDNR6GBYq4ZHSm7hJ+e8gwCgYIKoZIzj0EAwIw
-gYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UEBwwHU2VhdHRsZTEQ
-MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFTATBgNVBAMM
-DGV0c2l0ZXN0LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0yMTAzMTkxOTAzMTVaFw00MTAzMTQxOTAzMTVaMIGMMQswCQYDVQQGEwJVUzEL
-MAkGA1UECAwCQ0ExEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
-FDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQDDAxldHNpdGVzdC5jb20xHzAd
-BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAAToBp+YdaHpiRuvAWYXgK/mv7M1szpyfv7EXYDQXibu3moryej10+Re
-Wc5neXgDVfQEZ1O6CkwPo7lZU6FBhGxmo1MwUTAdBgNVHQ4EFgQUvWcAwbZL6I6L
-HUZYMSdTFBzD3cswHwYDVR0jBBgwFoAUvWcAwbZL6I6LHUZYMSdTFBzD3cswDwYD
-VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEA6JE1aOqHMqa5zMtRuwuK
-qhKVmsgaV/FHHALuS6BmEF4CIEbQMTDs9HuSJiLUD15KqkDvgTs5EUJC7CTxgd+r
-WRpw
+MIICZjCCAgygAwIBAgIUB2rvL80c8JdZrnELwaTfiMPUv1wwCgYIKoZIzj0EAwIw
+gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UEBwwHU2VhdHRsZTEQ
+MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
+MTA2MDQxOTA1MTFaFw00MTA1MzAxOTA1MTFaMIGJMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDAS
+BgNVBAsMC0RldmVsb3BtZW50MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AAToBp+YdaHpiRuvAWYXgK/mv7M1szpyfv7EXYDQXibu3moryej10+ReWc5neXgD
+VfQEZ1O6CkwPo7lZU6FBhGxmo1AwTjAdBgNVHQ4EFgQUvWcAwbZL6I6LHUZYMSdT
+FBzD3cswHwYDVR0jBBgwFoAUvWcAwbZL6I6LHUZYMSdTFBzD3cswDAYDVR0TBAUw
+AwEB/zAKBggqhkjOPQQDAgNIADBFAiEAlMwaXmWD1wRMZNrWl5xnQrxINJuRajAS
+T9gJqaWM3CkCIEifthJa24FavzZj3p/STn0xxfQLro+T2EqZqXrV52RU
 -----END CERTIFICATE-----

certs/test-cert.pem

@@ -5,7 +5,7 @@
 
 AC_PREREQ(2.59)
 
-AC_INIT([wolfKeyManager],[0.8],[http://www.wolfssl.com])
+AC_INIT([wolfKeyManager],[0.9],[http://www.wolfssl.com])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADERS([wolfkeymgr/config.h])
 AC_CONFIG_MACRO_DIR(m4)
@@ -71,7 +71,7 @@ LT_PREREQ([2.2])
 LT_INIT([disable-static win32-dll])
 
 # Shared library versioning
-WOLFKM_LIBRARY_VERSION=5:0:0
+WOLFKM_LIBRARY_VERSION=5:1:0
 #                      | | |
 #               +------+ | +---+
 #               |        |     |
@@ -121,7 +121,6 @@ esac
 # Checks for library functions.
 LIB_SOCKET_NSL
 
-
 # ETSI Service
 AC_ARG_ENABLE([etsisvc],
     [AS_HELP_STRING([--enable-etsisvc],[Enable the ETSI key service (default: enabled)])],
@@ -135,6 +134,21 @@ then
 fi
 
 
+# SNIFFER
+AC_ARG_ENABLE([sniffer],
+   [AS_HELP_STRING([--enable-sniffer],[Enable sniffer support (default: disabled)])],
+   [ ENABLED_SNIFFER=$enableval ],
+   [ ENABLED_SNIFFER=yes ]
+   )
+AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
+      [
+          CFLAGS="$CFLAGS -DWOLFKM_SNIFFER"
+          AC_CHECK_HEADERS([pcap/pcap.h],
+              [ ENABLED_SNIFFTEST=yes ],
+              [ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
+          )
+      ])
+
 
 # The following AM_CONDITIONAL statements set flags for use in the Makefiles.
 # Some of these affect build targets and objects, some trigger different

configure.ac

@@ -1,4 +1,4 @@
-/* etsi_client.c
+/* etsi_test.c
  *
  * Copyright (C) 2006-2021 wolfSSL Inc.
  *
@@ -19,9 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include "etsi_client.h"
-#include "mod_etsi.h"
+#include "wolfkeymgr/mod_etsi.h"
+#include "examples/test_config.h"
 
+#define WOLFKM_ETST_CLIENT_DEF_REQUESTS     1       /* per thread */
 #define WOLFKM_ETST_CLIENT_DEF_TIMEOUT_SEC 10
 
 #ifndef EX_USAGE
@@ -161,24 +162,24 @@ static void* DoRequests(void* arg)
 /* usage help */
 static void Usage(void)
 {
-    printf("%s %s\n",  "etsi_client", PACKAGE_VERSION);
+    printf("%s %s\n",  "etsi_test", PACKAGE_VERSION);
     printf("-?          Help, print this usage\n");
     printf("-e          Error mode, force error response\n");
-    printf("-h <str>    Host to connect to, default %s\n", WOLFKM_DEFAULT_HOST);
-    printf("-p <num>    Port to connect to, default %s\n", WOLFKM_DEFAULT_ETSISVC_PORT);
+    printf("-h <str>    Host to connect to, default %s\n", ETSI_TEST_HOST);
+    printf("-p <num>    Port to connect to, default %s\n", ETSI_TEST_PORT_STR);
     printf("-t <num>    Thread pool size (stress test), default  %d\n", 0);
     printf("-l <num>    Log Level (1=Error to 4=Debug), default %d\n", WOLFKM_DEFAULT_LOG_LEVEL);
-    printf("-r <num>    Requests per thread, default %d\n",
-                                                          WOLFKM_DEFAULT_REQUESTS);
+    printf("-r <num>    Requests per thread, default %d\n", WOLFKM_ETST_CLIENT_DEF_REQUESTS);
     printf("-f <file>   <file> to store ETSI response\n");
     printf("-u          Use ETSI Push (default is get)\n");
     printf("-s <sec>    Timeout seconds (default %d)\n", WOLFKM_ETST_CLIENT_DEF_TIMEOUT_SEC);
 
-    printf("-k <pem>    TLS Client TLS Key, default %s\n", WOLFKM_ETSICLIENT_KEY);
-    printf("-w <pass>   TLS Client Key Password, default %s\n", WOLFKM_ETSICLIENT_PASS);
-    printf("-c <pem>    TLS Client Certificate, default %s\n", WOLFKM_ETSICLIENT_CERT);
-    printf("-A <pem>    TLS CA Certificate, default %s\n", WOLFKM_ETSICLIENT_CA);
-    printf("-K <keyt>   Key Type: SECP256R1 (default), FFDHE_2048, X25519 or X448\n");
+    printf("-k <pem>    TLS Client TLS Key, default %s\n", ETSI_TEST_CLIENT_KEY);
+    printf("-w <pass>   TLS Client Key Password, default %s\n", ETSI_TEST_CLIENT_PASS);
+    printf("-c <pem>    TLS Client Certificate, default %s\n", ETSI_TEST_CLIENT_CERT);
+    printf("-A <pem>    TLS CA Certificate, default %s\n", ETSI_TEST_CLIENT_CA);
+    printf("-K <keyt>   Key Type: SECP256R1, FFDHE_2048, X25519 or X448 (default %s)\n",
+        wolfEtsiKeyGetTypeStr(ETSI_TEST_KEY_TYPE));
 }
 
 int main(int argc, char** argv)
@@ -192,16 +193,16 @@ int main(int argc, char** argv)
     WorkThreadInfo info;
 
     memset(&info, 0, sizeof(info));
-    info.requests = WOLFKM_DEFAULT_REQUESTS;
-    info.host = WOLFKM_DEFAULT_HOST;
+    info.requests = WOLFKM_ETST_CLIENT_DEF_REQUESTS;
+    info.host = ETSI_TEST_HOST;
     info.timeoutSec = WOLFKM_ETST_CLIENT_DEF_TIMEOUT_SEC;
-    info.port = atoi(WOLFKM_DEFAULT_ETSISVC_PORT);
-    info.keyFile = WOLFKM_ETSICLIENT_KEY;
-    info.keyPass = WOLFKM_ETSICLIENT_PASS;
-    info.clientCertFile = WOLFKM_ETSICLIENT_CERT;
-    info.caFile = WOLFKM_ETSICLIENT_CA;
+    info.port = atoi(ETSI_TEST_PORT_STR);
+    info.keyFile = ETSI_TEST_CLIENT_KEY;
+    info.keyPass = ETSI_TEST_CLIENT_PASS;
+    info.clientCertFile = ETSI_TEST_CLIENT_CERT;
+    info.caFile = ETSI_TEST_CLIENT_CA;
     info.useGet = 1;
-    info.keyType = ETSI_KEY_TYPE_SECP256R1;
+    info.keyType = ETSI_TEST_KEY_TYPE;
 
     /* argument processing */
     while ((ch = getopt(argc, argv, "?eh:p:t:l:r:f:gus:k:w:c:A:K:")) != -1) {
@@ -261,7 +262,7 @@ int main(int argc, char** argv)
                 for (i=(int)ETSI_KEY_TYPE_MIN; i<=(int)ETSI_KEY_TYPE_FFDHE_8192; i++) {
                     const char* keyStr = wolfEtsiKeyGetTypeStr((EtsiKeyType)i);
                     if (keyStr != NULL) {
-                        if (XSTRNCMP(optarg, keyStr, XSTRLEN(keyStr)) == 0) {
+                        if (strncmp(optarg, keyStr, strlen(keyStr)) == 0) {
                             info.keyType = (EtsiKeyType)i;
                             break;
                         }

examples/etsi_client/etsi_client.h

@@ -0,0 +1,9 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+
+noinst_PROGRAMS += examples/etsi_test/etsi_test
+examples_etsi_test_etsi_test_SOURCES      = examples/etsi_test/etsi_test.c
+examples_etsi_test_etsi_test_LDADD        = src/libwolfkeymgr.la $(LIB_STATIC_ADD)
+examples_etsi_test_etsi_test_DEPENDENCIES = src/libwolfkeymgr.la