Rev 8774 | Rev 9082 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8774 | rgimad | 1 | /* |
2 | * SSL client demonstration program |
||
3 | * |
||
4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
||
5 | * SPDX-License-Identifier: GPL-2.0 |
||
6 | * |
||
7 | * This program is free software; you can redistribute it and/or modify |
||
8 | * it under the terms of the GNU General Public License as published by |
||
9 | * the Free Software Foundation; either version 2 of the License, or |
||
10 | * (at your option) any later version. |
||
11 | * |
||
12 | * This program is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
15 | * GNU General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU General Public License along |
||
18 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
20 | * |
||
21 | * This file is part of mbed TLS (https://tls.mbed.org) |
||
22 | */ |
||
23 | #if !defined(MBEDTLS_CONFIG_FILE) |
||
24 | #include "mbedtls/config.h" |
||
25 | #else |
||
26 | #include MBEDTLS_CONFIG_FILE |
||
27 | #endif |
||
28 | |||
9076 | turbocat | 29 | #include |
30 | |||
31 | //#if defined(MBEDTLS_PLATFORM_C) |
||
32 | //#include "mbedtls/platform.h" |
||
33 | //#else |
||
8774 | rgimad | 34 | #include |
35 | #include |
||
36 | #define mbedtls_time time |
||
37 | #define mbedtls_time_t time_t |
||
38 | #define mbedtls_fprintf fprintf |
||
39 | #define mbedtls_printf printf |
||
40 | #define mbedtls_exit exit |
||
9076 | turbocat | 41 | #define MBEDTLS_EXIT_SUCCESS 0 |
42 | #define MBEDTLS_EXIT_FAILURE -1 |
||
43 | //#endif /* MBEDTLS_PLATFORM_C */ |
||
8774 | rgimad | 44 | |
9076 | turbocat | 45 | //#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ |
8774 | rgimad | 46 | !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ |
47 | !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ |
||
48 | !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \ |
||
49 | !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) |
||
9076 | turbocat | 50 | /*int main( void ) |
8774 | rgimad | 51 | { |
52 | mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " |
||
53 | "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " |
||
54 | "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " |
||
55 | "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " |
||
56 | "not defined.\n"); |
||
57 | return( 0 ); |
||
58 | } |
||
9076 | turbocat | 59 | //#else*/ |
8774 | rgimad | 60 | |
61 | #include "mbedtls/net_sockets.h" |
||
62 | #include "mbedtls/debug.h" |
||
63 | #include "mbedtls/ssl.h" |
||
64 | #include "mbedtls/entropy.h" |
||
65 | #include "mbedtls/ctr_drbg.h" |
||
66 | #include "mbedtls/error.h" |
||
67 | #include "mbedtls/certs.h" |
||
68 | |||
69 | #include |
||
70 | |||
71 | //#define SERVER_PORT "443" |
||
72 | //#define SERVER_NAME "wikipedia.org" |
||
73 | //#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" |
||
9076 | turbocat | 74 | static char SERVER_PORT[16]; |
75 | static char SERVER_NAME[128]; |
||
76 | static char GET_REQUEST[512]; |
||
8774 | rgimad | 77 | |
78 | #define DEBUG_LEVEL 1 |
||
79 | |||
9076 | turbocat | 80 | extern int *_mbedtls_test_cas_pem_len; |
81 | extern char* _mbedtls_test_cas_pem; |
||
8774 | rgimad | 82 | |
9076 | turbocat | 83 | #define mbedtls_test_cas_pem_len *_mbedtls_test_cas_pem_len |
84 | #define mbedtls_test_cas_pem _mbedtls_test_cas_pem |
||
85 | |||
86 | //gmtime(time_t t){puts("gmtime stub");}; |
||
87 | |||
88 | //int load_network_obj(){return networklib_init();} |
||
89 | |||
8774 | rgimad | 90 | static void my_debug( void *ctx, int level, |
91 | const char *file, int line, |
||
92 | const char *str ) |
||
93 | { |
||
94 | ((void) level); |
||
95 | |||
96 | //mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); |
||
97 | //fflush( (FILE *) ctx ); |
||
98 | printf("%s:%04d: %s", file, line, str ); |
||
99 | } |
||
100 | |||
101 | int main( void ) |
||
102 | { |
||
9076 | turbocat | 103 | if(mbedtls_load()){ |
104 | printf("mbedtls.obj not load!\n"); |
||
105 | return -1; |
||
106 | } |
||
107 | if(mbedtls_init()){ |
||
108 | puts("mbedtls.obj not init!"); |
||
109 | return -1; |
||
110 | } |
||
111 | |||
8774 | rgimad | 112 | puts("Enter SERVER_NAME : "); |
113 | gets(SERVER_NAME); |
||
114 | puts("Enter SERVER_PORT : "); |
||
115 | gets(SERVER_PORT); |
||
116 | sprintf(GET_REQUEST, "GET / HTTP/1.1\r\nHost: %s\r\n\r\n", SERVER_NAME); |
||
9076 | turbocat | 117 | //puts(GET_REQUEST); |
8774 | rgimad | 118 | |
119 | int ret = 1, len; |
||
120 | int exit_code = MBEDTLS_EXIT_FAILURE; |
||
121 | mbedtls_net_context server_fd; |
||
122 | uint32_t flags; |
||
123 | unsigned char buf[1024]; |
||
124 | const char *pers = "ssl_client1"; |
||
125 | mbedtls_entropy_context entropy; |
||
126 | mbedtls_ctr_drbg_context ctr_drbg; |
||
127 | mbedtls_ssl_context ssl; |
||
128 | mbedtls_ssl_config conf; |
||
129 | mbedtls_x509_crt cacert; |
||
130 | |||
131 | #if defined(MBEDTLS_DEBUG_C) |
||
9076 | turbocat | 132 | // mbedtls_debug_set_threshold( DEBUG_LEVEL ); |
8774 | rgimad | 133 | #endif |
134 | |||
135 | /* |
||
136 | * 0. Initialize the RNG and the session data |
||
137 | */ |
||
138 | mbedtls_net_init( &server_fd ); |
||
139 | mbedtls_ssl_init( &ssl ); |
||
140 | mbedtls_ssl_config_init( &conf ); |
||
141 | mbedtls_x509_crt_init( &cacert ); |
||
142 | mbedtls_ctr_drbg_init( &ctr_drbg ); |
||
143 | mbedtls_printf( "\n . Seeding the random number generator..." ); |
||
144 | //fflush( stdout ); |
||
145 | mbedtls_entropy_init( &entropy ); |
||
146 | if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, |
||
147 | (const unsigned char *) pers, |
||
148 | strlen( pers ) ) ) != 0 ) |
||
149 | { |
||
150 | mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); |
||
151 | goto exit; |
||
152 | } |
||
9076 | turbocat | 153 | |
8774 | rgimad | 154 | mbedtls_printf( " ok\n" ); |
9076 | turbocat | 155 | |
8774 | rgimad | 156 | /* |
157 | * 0. Initialize certificates |
||
9076 | turbocat | 158 | */; |
8774 | rgimad | 159 | mbedtls_printf( " . Loading the CA root certificate ..." ); |
160 | //fflush( stdout ); |
||
9076 | turbocat | 161 | |
8774 | rgimad | 162 | ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, |
163 | mbedtls_test_cas_pem_len ); |
||
164 | if( ret < 0 ) |
||
165 | { |
||
166 | mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); |
||
167 | goto exit; |
||
168 | } |
||
169 | |||
170 | mbedtls_printf( " ok (%d skipped)\n", ret ); |
||
9076 | turbocat | 171 | |
8774 | rgimad | 172 | /* |
173 | * 1. Start the connection |
||
174 | */ |
||
175 | mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT ); |
||
176 | //fflush( stdout ); |
||
177 | |||
178 | if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, |
||
179 | SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) |
||
180 | { |
||
181 | mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); |
||
182 | goto exit; |
||
183 | } |
||
184 | |||
185 | mbedtls_printf( " ok\n" ); |
||
186 | |||
187 | /* |
||
188 | * 2. Setup stuff |
||
189 | */ |
||
190 | mbedtls_printf( " . Setting up the SSL/TLS structure..." ); |
||
191 | //fflush( stdout ); |
||
192 | |||
193 | if( ( ret = mbedtls_ssl_config_defaults( &conf, |
||
194 | MBEDTLS_SSL_IS_CLIENT, |
||
195 | MBEDTLS_SSL_TRANSPORT_STREAM, |
||
196 | MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) |
||
197 | { |
||
198 | mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); |
||
199 | goto exit; |
||
200 | } |
||
201 | |||
202 | mbedtls_printf( " ok\n" ); |
||
203 | |||
204 | /* OPTIONAL is not optimal for security, |
||
205 | * but makes interop easier in this simplified example */ |
||
206 | mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); |
||
207 | mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); |
||
208 | mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); |
||
209 | mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); |
||
210 | |||
211 | if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) |
||
212 | { |
||
213 | mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); |
||
214 | goto exit; |
||
215 | } |
||
216 | |||
217 | if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ) |
||
218 | { |
||
219 | mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); |
||
220 | goto exit; |
||
221 | } |
||
222 | |||
223 | mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); |
||
224 | /* |
||
225 | * 4. Handshake |
||
226 | */ |
||
227 | mbedtls_printf( " . Performing the SSL/TLS handshake..." ); |
||
228 | //fflush( stdout ); |
||
229 | |||
230 | while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) |
||
231 | { |
||
232 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
233 | { |
||
234 | mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); |
||
235 | goto exit; |
||
236 | } |
||
237 | } |
||
238 | |||
239 | mbedtls_printf( " ok\n" ); |
||
240 | |||
241 | /* |
||
242 | * 5. Verify the server certificate |
||
243 | */ |
||
244 | mbedtls_printf( " . Verifying peer X.509 certificate..." ); |
||
245 | |||
246 | /* In real life, we probably want to bail out when ret != 0 */ |
||
247 | if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) |
||
248 | { |
||
249 | char vrfy_buf[512]; |
||
250 | |||
251 | mbedtls_printf( " failed\n" ); |
||
252 | |||
253 | mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); |
||
254 | |||
255 | mbedtls_printf( "%s\n", vrfy_buf ); |
||
256 | } |
||
257 | else |
||
258 | mbedtls_printf( " ok\n" ); |
||
259 | |||
260 | /* |
||
261 | * 3. Write the GET request |
||
262 | */ |
||
263 | mbedtls_printf( " > Write to server:" ); |
||
264 | //fflush( stdout ); |
||
265 | |||
266 | len = sprintf( (char *) buf, GET_REQUEST ); |
||
267 | |||
268 | while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ) |
||
269 | { |
||
270 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
271 | { |
||
272 | mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); |
||
273 | goto exit; |
||
274 | } |
||
275 | } |
||
276 | |||
277 | len = ret; |
||
278 | mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf ); |
||
279 | |||
280 | /* |
||
281 | * 7. Read the HTTP response |
||
282 | */ |
||
283 | mbedtls_printf( " < Read from server:" ); |
||
284 | //fflush( stdout ); |
||
285 | |||
286 | do |
||
287 | { |
||
288 | len = sizeof( buf ) - 1; |
||
289 | memset( buf, 0, sizeof( buf ) ); |
||
290 | ret = mbedtls_ssl_read( &ssl, buf, len ); |
||
291 | |||
292 | if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) |
||
293 | continue; |
||
294 | |||
295 | if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) |
||
296 | break; |
||
297 | |||
298 | if( ret < 0 ) |
||
299 | { |
||
300 | mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret ); |
||
301 | break; |
||
302 | } |
||
303 | |||
304 | if( ret == 0 ) |
||
305 | { |
||
306 | mbedtls_printf( "\n\nEOF\n\n" ); |
||
307 | break; |
||
308 | } |
||
309 | |||
310 | len = ret; |
||
311 | mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); |
||
312 | } |
||
313 | while( 1 ); |
||
314 | |||
315 | mbedtls_ssl_close_notify( &ssl ); |
||
316 | |||
317 | exit_code = MBEDTLS_EXIT_SUCCESS; |
||
318 | |||
319 | exit: |
||
9076 | turbocat | 320 | //#ifdef MBEDTLS_ERROR_C |
8774 | rgimad | 321 | if( exit_code != MBEDTLS_EXIT_SUCCESS ) |
322 | { |
||
9076 | turbocat | 323 | static char error_buf[100]; |
8774 | rgimad | 324 | mbedtls_strerror( ret, error_buf, 100 ); |
325 | mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); |
||
326 | } |
||
9076 | turbocat | 327 | //#endif |
8774 | rgimad | 328 | |
329 | mbedtls_net_free( &server_fd ); |
||
330 | |||
331 | mbedtls_x509_crt_free( &cacert ); |
||
332 | mbedtls_ssl_free( &ssl ); |
||
333 | mbedtls_ssl_config_free( &conf ); |
||
334 | mbedtls_ctr_drbg_free( &ctr_drbg ); |
||
335 | mbedtls_entropy_free( &entropy ); |
||
336 | |||
337 | |||
338 | return( exit_code ); |
||
339 | } |
||
9076 | turbocat | 340 | /*#endif MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && |
8774 | rgimad | 341 | MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && |
342 | MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && |
||
343 | MBEDTLS_X509_CRT_PARSE_C */>>=>> |