Rev 8774 | Rev 9082 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 8774 | rgimad | 1 | /* |
| 2 | * SSL client demonstration program |
||
| 3 | * |
||
| 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
||
| 5 | * SPDX-License-Identifier: GPL-2.0 |
||
| 6 | * |
||
| 7 | * This program is free software; you can redistribute it and/or modify |
||
| 8 | * it under the terms of the GNU General Public License as published by |
||
| 9 | * the Free Software Foundation; either version 2 of the License, or |
||
| 10 | * (at your option) any later version. |
||
| 11 | * |
||
| 12 | * This program is distributed in the hope that it will be useful, |
||
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
| 15 | * GNU General Public License for more details. |
||
| 16 | * |
||
| 17 | * You should have received a copy of the GNU General Public License along |
||
| 18 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
| 19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
| 20 | * |
||
| 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
||
| 22 | */ |
||
| 23 | #if !defined(MBEDTLS_CONFIG_FILE) |
||
| 24 | #include "mbedtls/config.h" |
||
| 25 | #else |
||
| 26 | #include MBEDTLS_CONFIG_FILE |
||
| 27 | #endif |
||
| 28 | |||
| 9076 | turbocat | 29 | #include |
| 30 | |||
| 31 | //#if defined(MBEDTLS_PLATFORM_C) |
||
| 32 | //#include "mbedtls/platform.h" |
||
| 33 | //#else |
||
| 8774 | rgimad | 34 | #include |
| 35 | #include |
||
| 36 | #define mbedtls_time time |
||
| 37 | #define mbedtls_time_t time_t |
||
| 38 | #define mbedtls_fprintf fprintf |
||
| 39 | #define mbedtls_printf printf |
||
| 40 | #define mbedtls_exit exit |
||
| 9076 | turbocat | 41 | #define MBEDTLS_EXIT_SUCCESS 0 |
| 42 | #define MBEDTLS_EXIT_FAILURE -1 |
||
| 43 | //#endif /* MBEDTLS_PLATFORM_C */ |
||
| 8774 | rgimad | 44 | |
| 9076 | turbocat | 45 | //#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ |
| 8774 | rgimad | 46 | !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ |
| 47 | !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ |
||
| 48 | !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \ |
||
| 49 | !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) |
||
| 9076 | turbocat | 50 | /*int main( void ) |
| 8774 | rgimad | 51 | { |
| 52 | mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " |
||
| 53 | "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " |
||
| 54 | "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " |
||
| 55 | "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " |
||
| 56 | "not defined.\n"); |
||
| 57 | return( 0 ); |
||
| 58 | } |
||
| 9076 | turbocat | 59 | //#else*/ |
| 8774 | rgimad | 60 | |
| 61 | #include "mbedtls/net_sockets.h" |
||
| 62 | #include "mbedtls/debug.h" |
||
| 63 | #include "mbedtls/ssl.h" |
||
| 64 | #include "mbedtls/entropy.h" |
||
| 65 | #include "mbedtls/ctr_drbg.h" |
||
| 66 | #include "mbedtls/error.h" |
||
| 67 | #include "mbedtls/certs.h" |
||
| 68 | |||
| 69 | #include |
||
| 70 | |||
| 71 | //#define SERVER_PORT "443" |
||
| 72 | //#define SERVER_NAME "wikipedia.org" |
||
| 73 | //#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" |
||
| 9076 | turbocat | 74 | static char SERVER_PORT[16]; |
| 75 | static char SERVER_NAME[128]; |
||
| 76 | static char GET_REQUEST[512]; |
||
| 8774 | rgimad | 77 | |
| 78 | #define DEBUG_LEVEL 1 |
||
| 79 | |||
| 9076 | turbocat | 80 | extern int *_mbedtls_test_cas_pem_len; |
| 81 | extern char* _mbedtls_test_cas_pem; |
||
| 8774 | rgimad | 82 | |
| 9076 | turbocat | 83 | #define mbedtls_test_cas_pem_len *_mbedtls_test_cas_pem_len |
| 84 | #define mbedtls_test_cas_pem _mbedtls_test_cas_pem |
||
| 85 | |||
| 86 | //gmtime(time_t t){puts("gmtime stub");}; |
||
| 87 | |||
| 88 | //int load_network_obj(){return networklib_init();} |
||
| 89 | |||
| 8774 | rgimad | 90 | static void my_debug( void *ctx, int level, |
| 91 | const char *file, int line, |
||
| 92 | const char *str ) |
||
| 93 | { |
||
| 94 | ((void) level); |
||
| 95 | |||
| 96 | //mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); |
||
| 97 | //fflush( (FILE *) ctx ); |
||
| 98 | printf("%s:%04d: %s", file, line, str ); |
||
| 99 | } |
||
| 100 | |||
| 101 | int main( void ) |
||
| 102 | { |
||
| 9076 | turbocat | 103 | if(mbedtls_load()){ |
| 104 | printf("mbedtls.obj not load!\n"); |
||
| 105 | return -1; |
||
| 106 | } |
||
| 107 | if(mbedtls_init()){ |
||
| 108 | puts("mbedtls.obj not init!"); |
||
| 109 | return -1; |
||
| 110 | } |
||
| 111 | |||
| 8774 | rgimad | 112 | puts("Enter SERVER_NAME : "); |
| 113 | gets(SERVER_NAME); |
||
| 114 | puts("Enter SERVER_PORT : "); |
||
| 115 | gets(SERVER_PORT); |
||
| 116 | sprintf(GET_REQUEST, "GET / HTTP/1.1\r\nHost: %s\r\n\r\n", SERVER_NAME); |
||
| 9076 | turbocat | 117 | //puts(GET_REQUEST); |
| 8774 | rgimad | 118 | |
| 119 | int ret = 1, len; |
||
| 120 | int exit_code = MBEDTLS_EXIT_FAILURE; |
||
| 121 | mbedtls_net_context server_fd; |
||
| 122 | uint32_t flags; |
||
| 123 | unsigned char buf[1024]; |
||
| 124 | const char *pers = "ssl_client1"; |
||
| 125 | mbedtls_entropy_context entropy; |
||
| 126 | mbedtls_ctr_drbg_context ctr_drbg; |
||
| 127 | mbedtls_ssl_context ssl; |
||
| 128 | mbedtls_ssl_config conf; |
||
| 129 | mbedtls_x509_crt cacert; |
||
| 130 | |||
| 131 | #if defined(MBEDTLS_DEBUG_C) |
||
| 9076 | turbocat | 132 | // mbedtls_debug_set_threshold( DEBUG_LEVEL ); |
| 8774 | rgimad | 133 | #endif |
| 134 | |||
| 135 | /* |
||
| 136 | * 0. Initialize the RNG and the session data |
||
| 137 | */ |
||
| 138 | mbedtls_net_init( &server_fd ); |
||
| 139 | mbedtls_ssl_init( &ssl ); |
||
| 140 | mbedtls_ssl_config_init( &conf ); |
||
| 141 | mbedtls_x509_crt_init( &cacert ); |
||
| 142 | mbedtls_ctr_drbg_init( &ctr_drbg ); |
||
| 143 | mbedtls_printf( "\n . Seeding the random number generator..." ); |
||
| 144 | //fflush( stdout ); |
||
| 145 | mbedtls_entropy_init( &entropy ); |
||
| 146 | if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, |
||
| 147 | (const unsigned char *) pers, |
||
| 148 | strlen( pers ) ) ) != 0 ) |
||
| 149 | { |
||
| 150 | mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); |
||
| 151 | goto exit; |
||
| 152 | } |
||
| 9076 | turbocat | 153 | |
| 8774 | rgimad | 154 | mbedtls_printf( " ok\n" ); |
| 9076 | turbocat | 155 | |
| 8774 | rgimad | 156 | /* |
| 157 | * 0. Initialize certificates |
||
| 9076 | turbocat | 158 | */; |
| 8774 | rgimad | 159 | mbedtls_printf( " . Loading the CA root certificate ..." ); |
| 160 | //fflush( stdout ); |
||
| 9076 | turbocat | 161 | |
| 8774 | rgimad | 162 | ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, |
| 163 | mbedtls_test_cas_pem_len ); |
||
| 164 | if( ret < 0 ) |
||
| 165 | { |
||
| 166 | mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); |
||
| 167 | goto exit; |
||
| 168 | } |
||
| 169 | |||
| 170 | mbedtls_printf( " ok (%d skipped)\n", ret ); |
||
| 9076 | turbocat | 171 | |
| 8774 | rgimad | 172 | /* |
| 173 | * 1. Start the connection |
||
| 174 | */ |
||
| 175 | mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT ); |
||
| 176 | //fflush( stdout ); |
||
| 177 | |||
| 178 | if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, |
||
| 179 | SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) |
||
| 180 | { |
||
| 181 | mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); |
||
| 182 | goto exit; |
||
| 183 | } |
||
| 184 | |||
| 185 | mbedtls_printf( " ok\n" ); |
||
| 186 | |||
| 187 | /* |
||
| 188 | * 2. Setup stuff |
||
| 189 | */ |
||
| 190 | mbedtls_printf( " . Setting up the SSL/TLS structure..." ); |
||
| 191 | //fflush( stdout ); |
||
| 192 | |||
| 193 | if( ( ret = mbedtls_ssl_config_defaults( &conf, |
||
| 194 | MBEDTLS_SSL_IS_CLIENT, |
||
| 195 | MBEDTLS_SSL_TRANSPORT_STREAM, |
||
| 196 | MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) |
||
| 197 | { |
||
| 198 | mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); |
||
| 199 | goto exit; |
||
| 200 | } |
||
| 201 | |||
| 202 | mbedtls_printf( " ok\n" ); |
||
| 203 | |||
| 204 | /* OPTIONAL is not optimal for security, |
||
| 205 | * but makes interop easier in this simplified example */ |
||
| 206 | mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); |
||
| 207 | mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); |
||
| 208 | mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); |
||
| 209 | mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); |
||
| 210 | |||
| 211 | if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) |
||
| 212 | { |
||
| 213 | mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); |
||
| 214 | goto exit; |
||
| 215 | } |
||
| 216 | |||
| 217 | if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ) |
||
| 218 | { |
||
| 219 | mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); |
||
| 220 | goto exit; |
||
| 221 | } |
||
| 222 | |||
| 223 | mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); |
||
| 224 | /* |
||
| 225 | * 4. Handshake |
||
| 226 | */ |
||
| 227 | mbedtls_printf( " . Performing the SSL/TLS handshake..." ); |
||
| 228 | //fflush( stdout ); |
||
| 229 | |||
| 230 | while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) |
||
| 231 | { |
||
| 232 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
| 233 | { |
||
| 234 | mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); |
||
| 235 | goto exit; |
||
| 236 | } |
||
| 237 | } |
||
| 238 | |||
| 239 | mbedtls_printf( " ok\n" ); |
||
| 240 | |||
| 241 | /* |
||
| 242 | * 5. Verify the server certificate |
||
| 243 | */ |
||
| 244 | mbedtls_printf( " . Verifying peer X.509 certificate..." ); |
||
| 245 | |||
| 246 | /* In real life, we probably want to bail out when ret != 0 */ |
||
| 247 | if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) |
||
| 248 | { |
||
| 249 | char vrfy_buf[512]; |
||
| 250 | |||
| 251 | mbedtls_printf( " failed\n" ); |
||
| 252 | |||
| 253 | mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); |
||
| 254 | |||
| 255 | mbedtls_printf( "%s\n", vrfy_buf ); |
||
| 256 | } |
||
| 257 | else |
||
| 258 | mbedtls_printf( " ok\n" ); |
||
| 259 | |||
| 260 | /* |
||
| 261 | * 3. Write the GET request |
||
| 262 | */ |
||
| 263 | mbedtls_printf( " > Write to server:" ); |
||
| 264 | //fflush( stdout ); |
||
| 265 | |||
| 266 | len = sprintf( (char *) buf, GET_REQUEST ); |
||
| 267 | |||
| 268 | while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ) |
||
| 269 | { |
||
| 270 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
| 271 | { |
||
| 272 | mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); |
||
| 273 | goto exit; |
||
| 274 | } |
||
| 275 | } |
||
| 276 | |||
| 277 | len = ret; |
||
| 278 | mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf ); |
||
| 279 | |||
| 280 | /* |
||
| 281 | * 7. Read the HTTP response |
||
| 282 | */ |
||
| 283 | mbedtls_printf( " < Read from server:" ); |
||
| 284 | //fflush( stdout ); |
||
| 285 | |||
| 286 | do |
||
| 287 | { |
||
| 288 | len = sizeof( buf ) - 1; |
||
| 289 | memset( buf, 0, sizeof( buf ) ); |
||
| 290 | ret = mbedtls_ssl_read( &ssl, buf, len ); |
||
| 291 | |||
| 292 | if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
| 293 | continue; |
||
| 294 | |||
| 295 | if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) |
||
| 296 | break; |
||
| 297 | |||
| 298 | if( ret < 0 ) |
||
| 299 | { |
||
| 300 | mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret ); |
||
| 301 | break; |
||
| 302 | } |
||
| 303 | |||
| 304 | if( ret == 0 ) |
||
| 305 | { |
||
| 306 | mbedtls_printf( "\n\nEOF\n\n" ); |
||
| 307 | break; |
||
| 308 | } |
||
| 309 | |||
| 310 | len = ret; |
||
| 311 | mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); |
||
| 312 | } |
||
| 313 | while( 1 ); |
||
| 314 | |||
| 315 | mbedtls_ssl_close_notify( &ssl ); |
||
| 316 | |||
| 317 | exit_code = MBEDTLS_EXIT_SUCCESS; |
||
| 318 | |||
| 319 | exit: |
||
| 9076 | turbocat | 320 | //#ifdef MBEDTLS_ERROR_C |
| 8774 | rgimad | 321 | if( exit_code != MBEDTLS_EXIT_SUCCESS ) |
| 322 | { |
||
| 9076 | turbocat | 323 | static char error_buf[100]; |
| 8774 | rgimad | 324 | mbedtls_strerror( ret, error_buf, 100 ); |
| 325 | mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); |
||
| 326 | } |
||
| 9076 | turbocat | 327 | //#endif |
| 8774 | rgimad | 328 | |
| 329 | mbedtls_net_free( &server_fd ); |
||
| 330 | |||
| 331 | mbedtls_x509_crt_free( &cacert ); |
||
| 332 | mbedtls_ssl_free( &ssl ); |
||
| 333 | mbedtls_ssl_config_free( &conf ); |
||
| 334 | mbedtls_ctr_drbg_free( &ctr_drbg ); |
||
| 335 | mbedtls_entropy_free( &entropy ); |
||
| 336 | |||
| 337 | |||
| 338 | return( exit_code ); |
||
| 339 | } |
||
| 9076 | turbocat | 340 | /*#endif MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && |
| 8774 | rgimad | 341 | MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && |
| 342 | MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && |
||
| 343 | MBEDTLS_X509_CRT_PARSE_C */ |