Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
mbedtls/programs/ssl/dtls_client.c
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
342 lines (276 sloc)
9.78 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Simple DTLS client demonstration program | |
| * | |
| * Copyright The Mbed TLS Contributors | |
| * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | |
| */ | |
| #include "mbedtls/build_info.h" | |
| #include "mbedtls/platform.h" | |
| #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ | |
| !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ | |
| !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ | |
| !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \ | |
| !defined(MBEDTLS_PEM_PARSE_C) | |
| int main(void) | |
| { | |
| mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " | |
| "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or " | |
| "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " | |
| "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or " | |
| "MBEDTLS_PEM_PARSE_C not defined.\n"); | |
| mbedtls_exit(0); | |
| } | |
| #else | |
| #include <string.h> | |
| #include "mbedtls/net_sockets.h" | |
| #include "mbedtls/debug.h" | |
| #include "mbedtls/ssl.h" | |
| #include "mbedtls/entropy.h" | |
| #include "mbedtls/ctr_drbg.h" | |
| #include "mbedtls/error.h" | |
| #include "mbedtls/timing.h" | |
| #include "test/certs.h" | |
| /* Uncomment out the following line to default to IPv4 and disable IPv6 */ | |
| //#define FORCE_IPV4 | |
| #define SERVER_PORT "4433" | |
| #define SERVER_NAME "localhost" | |
| #ifdef FORCE_IPV4 | |
| #define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */ | |
| #else | |
| #define SERVER_ADDR "::1" | |
| #endif | |
| #define MESSAGE "Echo this" | |
| #define READ_TIMEOUT_MS 1000 | |
| #define MAX_RETRY 5 | |
| #define DEBUG_LEVEL 0 | |
| static void my_debug(void *ctx, int level, | |
| const char *file, int line, | |
| const char *str) | |
| { | |
| ((void) level); | |
| mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); | |
| fflush((FILE *) ctx); | |
| } | |
| int main(int argc, char *argv[]) | |
| { | |
| int ret, len; | |
| mbedtls_net_context server_fd; | |
| uint32_t flags; | |
| unsigned char buf[1024]; | |
| const char *pers = "dtls_client"; | |
| int retry_left = MAX_RETRY; | |
| mbedtls_entropy_context entropy; | |
| mbedtls_ctr_drbg_context ctr_drbg; | |
| mbedtls_ssl_context ssl; | |
| mbedtls_ssl_config conf; | |
| mbedtls_x509_crt cacert; | |
| mbedtls_timing_delay_context timer; | |
| ((void) argc); | |
| ((void) argv); | |
| #if defined(MBEDTLS_DEBUG_C) | |
| mbedtls_debug_set_threshold(DEBUG_LEVEL); | |
| #endif | |
| /* | |
| * 0. Initialize the RNG and the session data | |
| */ | |
| mbedtls_net_init(&server_fd); | |
| mbedtls_ssl_init(&ssl); | |
| mbedtls_ssl_config_init(&conf); | |
| mbedtls_x509_crt_init(&cacert); | |
| mbedtls_ctr_drbg_init(&ctr_drbg); | |
| mbedtls_entropy_init(&entropy); | |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) | |
| psa_status_t status = psa_crypto_init(); | |
| if (status != PSA_SUCCESS) { | |
| mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", | |
| (int) status); | |
| ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; | |
| goto exit; | |
| } | |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ | |
| mbedtls_printf("\n . Seeding the random number generator..."); | |
| fflush(stdout); | |
| if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, | |
| (const unsigned char *) pers, | |
| strlen(pers))) != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); | |
| goto exit; | |
| } | |
| mbedtls_printf(" ok\n"); | |
| /* | |
| * 0. Load certificates | |
| */ | |
| mbedtls_printf(" . Loading the CA root certificate ..."); | |
| fflush(stdout); | |
| ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, | |
| mbedtls_test_cas_pem_len); | |
| if (ret < 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", | |
| (unsigned int) -ret); | |
| goto exit; | |
| } | |
| mbedtls_printf(" ok (%d skipped)\n", ret); | |
| /* | |
| * 1. Start the connection | |
| */ | |
| mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT); | |
| fflush(stdout); | |
| if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR, | |
| SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); | |
| goto exit; | |
| } | |
| mbedtls_printf(" ok\n"); | |
| /* | |
| * 2. Setup stuff | |
| */ | |
| mbedtls_printf(" . Setting up the DTLS structure..."); | |
| fflush(stdout); | |
| if ((ret = mbedtls_ssl_config_defaults(&conf, | |
| MBEDTLS_SSL_IS_CLIENT, | |
| MBEDTLS_SSL_TRANSPORT_DATAGRAM, | |
| MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); | |
| goto exit; | |
| } | |
| /* OPTIONAL is usually a bad choice for security, but makes interop easier | |
| * in this simplified example, in which the ca chain is hardcoded. | |
| * Production code should set a proper ca chain and use REQUIRED. */ | |
| mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); | |
| mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); | |
| mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); | |
| mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); | |
| mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); | |
| if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); | |
| goto exit; | |
| } | |
| if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); | |
| goto exit; | |
| } | |
| mbedtls_ssl_set_bio(&ssl, &server_fd, | |
| mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); | |
| mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, | |
| mbedtls_timing_get_delay); | |
| mbedtls_printf(" ok\n"); | |
| /* | |
| * 4. Handshake | |
| */ | |
| mbedtls_printf(" . Performing the DTLS handshake..."); | |
| fflush(stdout); | |
| do { | |
| ret = mbedtls_ssl_handshake(&ssl); | |
| } while (ret == MBEDTLS_ERR_SSL_WANT_READ || | |
| ret == MBEDTLS_ERR_SSL_WANT_WRITE); | |
| if (ret != 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", | |
| (unsigned int) -ret); | |
| goto exit; | |
| } | |
| mbedtls_printf(" ok\n"); | |
| /* | |
| * 5. Verify the server certificate | |
| */ | |
| mbedtls_printf(" . Verifying peer X.509 certificate..."); | |
| /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the | |
| * handshake would not succeed if the peer's cert is bad. Even if we used | |
| * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ | |
| if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { | |
| #if !defined(MBEDTLS_X509_REMOVE_INFO) | |
| char vrfy_buf[512]; | |
| #endif | |
| mbedtls_printf(" failed\n"); | |
| #if !defined(MBEDTLS_X509_REMOVE_INFO) | |
| mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); | |
| mbedtls_printf("%s\n", vrfy_buf); | |
| #endif | |
| } else { | |
| mbedtls_printf(" ok\n"); | |
| } | |
| /* | |
| * 6. Write the echo request | |
| */ | |
| send_request: | |
| mbedtls_printf(" > Write to server:"); | |
| fflush(stdout); | |
| len = sizeof(MESSAGE) - 1; | |
| do { | |
| ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len); | |
| } while (ret == MBEDTLS_ERR_SSL_WANT_READ || | |
| ret == MBEDTLS_ERR_SSL_WANT_WRITE); | |
| if (ret < 0) { | |
| mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); | |
| goto exit; | |
| } | |
| len = ret; | |
| mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE); | |
| /* | |
| * 7. Read the echo response | |
| */ | |
| mbedtls_printf(" < Read from server:"); | |
| fflush(stdout); | |
| len = sizeof(buf) - 1; | |
| memset(buf, 0, sizeof(buf)); | |
| do { | |
| ret = mbedtls_ssl_read(&ssl, buf, len); | |
| } while (ret == MBEDTLS_ERR_SSL_WANT_READ || | |
| ret == MBEDTLS_ERR_SSL_WANT_WRITE); | |
| if (ret <= 0) { | |
| switch (ret) { | |
| case MBEDTLS_ERR_SSL_TIMEOUT: | |
| mbedtls_printf(" timeout\n\n"); | |
| if (retry_left-- > 0) { | |
| goto send_request; | |
| } | |
| goto exit; | |
| case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: | |
| mbedtls_printf(" connection was closed gracefully\n"); | |
| goto close_notify; | |
| default: | |
| mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret); | |
| goto exit; | |
| } | |
| } | |
| len = ret; | |
| mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf); | |
| /* | |
| * 8. Done, cleanly close the connection | |
| */ | |
| close_notify: | |
| mbedtls_printf(" . Closing the connection..."); | |
| /* No error checking, the connection might be closed already */ | |
| do { | |
| ret = mbedtls_ssl_close_notify(&ssl); | |
| } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); | |
| ret = 0; | |
| mbedtls_printf(" done\n"); | |
| /* | |
| * 9. Final clean-ups and exit | |
| */ | |
| exit: | |
| #ifdef MBEDTLS_ERROR_C | |
| if (ret != 0) { | |
| char error_buf[100]; | |
| mbedtls_strerror(ret, error_buf, 100); | |
| mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); | |
| } | |
| #endif | |
| mbedtls_net_free(&server_fd); | |
| mbedtls_x509_crt_free(&cacert); | |
| mbedtls_ssl_free(&ssl); | |
| mbedtls_ssl_config_free(&conf); | |
| mbedtls_ctr_drbg_free(&ctr_drbg); | |
| mbedtls_entropy_free(&entropy); | |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) | |
| mbedtls_psa_crypto_free(); | |
| #endif /* MBEDTLS_USE_PSA_CRYPTO */ | |
| /* Shell can not handle large exit numbers -> 1 for errors */ | |
| if (ret < 0) { | |
| ret = 1; | |
| } | |
| mbedtls_exit(ret); | |
| } | |
| #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C && | |
| MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && | |
| MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */ |