wolfSSL
diff --git a/‎.gitignore‎
Lines changed: 15 additions & 0 deletions b/‎.gitignore‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 96 additions & 5 deletions b/‎README.md‎
Lines changed: 96 additions & 5 deletions
diff --git a/‎certs/ca-cert.pem‎
Lines changed: 16 additions & 0 deletions b/‎certs/ca-cert.pem‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎certs/ca-key.pem‎
Lines changed: 7 additions & 0 deletions b/‎certs/ca-key.pem‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎certs/client-cert.pem‎
Lines changed: 17 additions & 0 deletions b/‎certs/client-cert.pem‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎certs/client-key.pem‎
Lines changed: 7 additions & 0 deletions b/‎certs/client-key.pem‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎certs/include.am‎
Lines changed: 7 additions & 3 deletions b/‎certs/include.am‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎certs/server-cert.pem‎
Lines changed: 21 additions & 0 deletions b/‎certs/server-cert.pem‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎certs/server-key.pem‎
Lines changed: 7 additions & 0 deletions b/‎certs/server-key.pem‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎certs/test-cert.pem‎
Lines changed: 0 additions & 16 deletions b/‎certs/test-cert.pem‎
Lines changed: 0 additions & 16 deletions
@@ -41,3 +41,18 @@ src/wolfkeymgr
 examples/etsi_client/etsi_client
 libtool
 wolfkeymgr/options.h
+
+# Generated Cert Files
+certs/ca-*.pem
+certs/ca-*.der
+certs/ca-*.crl
+certs/*.par
+certs/crlnumber*
+certs/serial
+certs/index*
+certs/tpm-*.csr
+certs/server-*.der
+certs/server-*.pem
+certs/client-*.der
+certs/client-*.pem
+certs/serial.old
@@ -84,13 +84,105 @@ $ sudo make install
 
 Note: A custom install location can be specified using: `./configure --prefix=/opt/local`
 
-## Running ETSI Example
+## Key Manager and ETSI Client Command Line Help
 
+Help using `-?`:
+
+```sh
+$ ./src/wolfkeymgr -?
+wolfKeyManager 0.3
+-?          Help, print this usage
+-i          Don't chdir / in daemon mode
+-b          Daemon mode, run in background
+-p <str>    Pid File name, default ./wolfkeymgr.pid
+-l <num>    Log Level (1=Error to 4=Debug), default 4
+-f <str>    Log file name, default None
+-o <num>    Max open files, default  1024
+-s <num>    Seconds to timeout, default 60
+-t <num>    Thread pool size, default  48
+-d          TLS Disable Mutual Authentication
+-k <pem>    TLS Server TLS Key, default ./certs/server-key.pem
+-w <pass>   TLS Server Key Password, default wolfssl
+-c <pem>    TLS Server Certificate, default ./certs/server-cert.pem
+-c <pem>    TLS CA Certificate, default ./certs/ca-cert.pem
 ```
-$ ./src/wolfkeymgr
-$ ./examples/etsi_client/etsi_client
+
+```sh
+$ ./examples/etsi_client/etsi_client -?
+etsi_client 0.3
+-?          Help, print this usage
+-e          Error mode, force error response
+-h <str>    Host to connect to, default localhost
+-p <num>    Port to connect to, default 8119
+-t <num>    Thread pool size (stress test), default  0
+-l <num>    Log Level (1=Error to 4=Debug), default 4
+-r <num>    Requests per thread, default 100
+-f <file>   <file> to store ETSI response
+-g          Use HTTP GET (default is Push with HTTP PUT)
+-s <sec>    Timeout seconds (default 10)
+-k <pem>    TLS Client TLS Key, default certs/client-key.pem
+-w <pass>   TLS Client Key Password, default wolfssl
+-c <pem>    TLS Client Certificate, default certs/client-cert.pem
+-A <pem>    TLS CA Certificate, default ./certs/ca-cert.pem
+
 ```
 
+## Running the Key Manager and ETSI client
+
+```sh
+# Start Key Manager with Log Level 3 (Info) and two worker threads
+$ ./src/wolfkeymgr -l 3 -t 2
+Feb 24 16:24:04 2021: [INFO] Starting Key Manager
+Feb 24 16:24:04 2021: [INFO] Binding listener :::8119
+Feb 24 16:24:04 2021: [WARNING] Generating new ECC key (index 0)
+Feb 24 16:24:04 2021: [INFO] loaded CA certificate file ./certs/ca-cert.pem
+Feb 24 16:24:04 2021: [INFO] loaded key file ./certs/server-key.pem
+Feb 24 16:24:04 2021: [INFO] loaded certificate file ./certs/server-cert.pem
+Feb 24 16:24:04 2021: [INFO] Setting up new ETSI conn item pool
+Feb 24 16:24:04 2021: [INFO] Growing ETSI service conn pool
+Feb 24 16:24:04 2021: [INFO] Growing ETSI service conn pool
+Feb 24 16:24:11 2021: [INFO] Accepted a connection, sent to thread 0
+Feb 24 16:24:11 2021: [INFO] New ETSI service conn
+Feb 24 16:24:11 2021: [INFO] Got ETSI Request (103 bytes)
+Feb 24 16:24:11 2021: [INFO] Creating connection context
+Feb 24 16:24:11 2021: [INFO] Sent ETSI Response (194 bytes)
+Feb 24 16:24:11 2021: [INFO] EventCb what = 17
+Feb 24 16:24:11 2021: [INFO] Peer ended connection, closing
+
+^C
+Feb 24 16:24:15 2021: [INFO] SIGINT handled.
+Feb 24 16:24:15 2021: [INFO] Ending main thread loop
+Feb 24 16:24:15 2021: [INFO] Sending cancel to threads
+Feb 24 16:24:15 2021: [INFO] Joining threads
+Feb 24 16:24:15 2021: [INFO] Worker thread exiting, tid = 140694064588352
+Feb 24 16:24:15 2021: [INFO] Worker thread exiting, tid = 140694056195648
+Feb 24 16:24:15 2021: [INFO] Done with main thread dispatching
+Feb 24 16:24:15 2021: [ERROR] Current stats:
+total   connections  =                   1
+completed            =                   1
+timeouts             =                   0
+current connections  =                   0
+max     concurrent   =                   1
+uptime  in seconds   =                  11
+average response(ms) =               0.046
+Feb 24 16:24:15 2021: [INFO] Exit Key Manager (ret 0)
+
+
+# Start ETSI client with single GET request
+$ ./examples/etsi_client/etsi_client -l 3 -g
+Feb 24 16:24:11 2021: [INFO] Starting client
+Feb 24 16:24:11 2021: [INFO] Connected to ETSI service
+Feb 24 16:24:11 2021: [INFO] Sent single get request (103 bytes)
+Feb 24 16:24:11 2021: [INFO] Got ETSI response (121 bytes)
+Feb 24 16:24:11 2021: [INFO] Pub X: 4958C92FCF1D0C51A1969370B2CB2E846F25A3FBB5B9621020B338E7CCA8C53F
+Feb 24 16:24:11 2021: [INFO] Pub Y: 3EE0E7AF506A86380D11450A39BF3561917824F3A8BEC44AEF3B83C25F058DF9
+```
+
+## Stress Testing ETSI Server / Client
+
+* Use the thread pool "-t" to spin up more threads.
+* Use the ETSI client "-r" to make additional requests per thread.
+
 
 ## ETSI (Enterprise Transport Security)
 
@@ -149,8 +241,7 @@ See Recommendation ITU-T X.509 (10/2016) | ISO/IEC 9594-8: "Information technolo
 
 ## Outstanding Features
 
-1) Add TLS mutual authentication to ETSI example.
-2) Add example for HTTP server "VisibilityInformation" extension.
+1) Add example for HTTP server "VisibilityInformation" extension.
 
 ## Support
 
 
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIClTCCAjugAwIBAgIUZzNFzfT3gew6OMtFWGN5KCu962swCgYIKoZIzj0EAwIw
+gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMB4XDTIxMDIyNDAxMDUyN1oXDTQxMDIxOTAxMDUyN1owgZcxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
+MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDeCw/DZVbeITxJBRaQpTbb4g
+bBtL88ZqSt/sWhABdP21pVxBXHy6UEeW+vl6HrEZomAKEJ9USlnskQap37RmlaNj
+MGEwHQYDVR0OBBYEFGd0eZ7H+R2lQl76gLEm6OeMDJZjMB8GA1UdIwQYMBaAFGd0
+eZ7H+R2lQl76gLEm6OeMDJZjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDi1neivT9e9IZGKjEjAWXieOsE1pt3B96F
+55LJEpk3ZwIgcPa8qKZ1EGX6Xz7w0SRxw/CiRHTlm4ZEaLcxTrF0eEI=
+-----END CERTIFICATE-----
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAgaJGPnqcysUwICCAAw
+DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEJfGjbWqwIEnod7fHoguu3oEgZAd
+IoF3rmsiRP1cX74twJNSx90Iq2cXcJSkoGBkhs0PaXJjaLe8KmS8DX0JLSX9yMRC
+2R0wPZT0eb8rvb2ShjBb06Nhexle7Nj4sXcBS7nD3zE4Y3LejaGBpPNko7WJRN8E
+Pdi70KK9hCrrpiyerGSw0IzBWjOBiUbNcRV5o0BUv+yTbGkSVk/3xE4HJffFdY8=
+-----END ENCRYPTED PRIVATE KEY-----
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqDCCAk+gAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDIy
+NDAxMDUyN1oXDTMxMDIyMjAxMDUyN1owgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
+MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABJPL3WW6Oqw5vcOsitgci4RbSm+6CryZHnj1G1oWSHsU1VFwctBesxczv2KA
+cmnYXnanN5xUCiS+Jk7aYGENQ++jgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhC
+AQEEBAMCBaAwHQYDVR0OBBYEFGNRe0i70kUgyqrVLPR/FE7DAGlZMB8GA1UdIwQY
+MBaAFGd0eZ7H+R2lQl76gLEm6OeMDJZjMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUE
+FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwIDRwAwRAIgQy5ItBCA
+FPFjDQD1AuMd3tsSi/4hbxt9Xw/txgdOXOwCIGRL1VkpSbrPxhSeAR3yPTzaHrVU
+MK5TxoCwj4EEHBik
+-----END CERTIFICATE-----
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAhl8MKolNu/vwICCAAw
+DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEM3OtU3hDdLKWhc1fb9U67YEgZCB
+uWIiqPe5VAZPJvz4d5N9aBhnog77forXzumfgiqPZ+f2KH34oj4g5ZiXqyJigKNu
+7wDb1yPh9I1l/zTWhaIFam7xfa7oy3GUk7P7kRwIpkvcPuwnbv82r/Nrhqo0Hefy
+yTHgwKdHM5hV0usbJ1bMYPl8Y1QF86XRz2FPglGNqaC6egT9VDi/A329nM6cfQQ=
+-----END ENCRYPTED PRIVATE KEY-----
@@ -3,6 +3,10 @@
 # All paths should be given relative to the root
 
 
-EXTRA_DIST += certs/test-cert.pem
-EXTRA_DIST += certs/test-cert.sh
-EXTRA_DIST += certs/test-key.pem
+EXTRA_DIST += certs/gen-certs.sh
+EXTRA_DIST += certs/ca-key.pem
+EXTRA_DIST += certs/ca-cert.pem
+EXTRA_DIST += certs/client-key.pem
+EXTRA_DIST += certs/client-cert.pem
+EXTRA_DIST += certs/server-key.pem
+EXTRA_DIST += certs/server-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAxGgAwIBAgICEAQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDIy
+NDAxMDUyN1oXDTMxMDIyMjAxMDUyN1owgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGlj
+MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABJJXxA6+BjbQ+xDagzOizUqvBeBGT+4Jv+7hO7io2FSqkv5VYuMmS9kmE7oY
+HUgMZGVCEdhpEl2eFiSihQz6HiOjggFRMIIBTTAJBgNVHRMEAjAAMBEGCWCGSAGG
++EIBAQQEAwIGQDAdBgNVHQ4EFgQUIfibLbR/ybFs6ooVzwNT0xTRuAMwDwYDVR0R
+BAgwBocEfwAAATCB1wYDVR0jBIHPMIHMgBRndHmex/kdpUJe+oCxJujnjAyWY6GB
+naSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNV
+BAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3Bt
+ZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb22CFGczRc3094HsOjjLRVhjeSgrvetrMA4GA1UdDwEB/wQE
+AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEA7kp2
+DyEQRe4W2psvfMFQVPZ82YT1EPbkp1d2kaajf2YCIQCH7tuvUQvol5vj9FiJET9A
+gueqWHeJrkCR7gIBTe9xZg==
+-----END CERTIFICATE-----
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAigTM4xxXajfAICCAAw
+DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEKzLUxrQHvW6QF/pvVhVAvoEgZBT
+A79IduRJNEsKj/6qR2XizYQ+9MazK4txO6dBxctI71yeAJ1CwLnmyjkpCuljdNwa
+u4ei485u94LJuGKoC+gnyu4cI2kqIU890FjtGIpKH8M/D+2TkRSJOTcchrYdgGy/
+IHVlXFUiAuQwK2FLBZOJ5gEhgCN1XumOJdELbZ5UdQhBL3aiQTW0v6VqNvFsisc=
+-----END ENCRYPTED PRIVATE KEY-----