• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Simple DTLS server demonstration program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #if defined(MBEDTLS_PLATFORM_C)
23 #include "mbedtls/platform.h"
24 #else
25 #include <stdio.h>
26 #include <stdlib.h>
27 #define mbedtls_printf     printf
28 #define mbedtls_fprintf    fprintf
29 #define mbedtls_time_t     time_t
30 #define mbedtls_exit            exit
31 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
32 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
33 #endif
34 
35 /* Uncomment out the following line to default to IPv4 and disable IPv6 */
36 //#define FORCE_IPV4
37 
38 #ifdef FORCE_IPV4
39 #define BIND_IP     "0.0.0.0"     /* Forces IPv4 */
40 #else
41 #define BIND_IP     "::"
42 #endif
43 
44 #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||    \
45     !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) ||          \
46     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||        \
47     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) ||      \
48     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
49 
main(void)50 int main( void )
51 {
52     printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
53             "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
54             "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
55             "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
56             "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n" );
57     mbedtls_exit( 0 );
58 }
59 #else
60 
61 #if defined(_WIN32)
62 #include <windows.h>
63 #endif
64 
65 #include <string.h>
66 #include <stdlib.h>
67 #include <stdio.h>
68 
69 #include "mbedtls/entropy.h"
70 #include "mbedtls/ctr_drbg.h"
71 #include "mbedtls/x509.h"
72 #include "mbedtls/ssl.h"
73 #include "mbedtls/ssl_cookie.h"
74 #include "mbedtls/net_sockets.h"
75 #include "mbedtls/error.h"
76 #include "mbedtls/debug.h"
77 #include "mbedtls/timing.h"
78 
79 #include "test/certs.h"
80 
81 #if defined(MBEDTLS_SSL_CACHE_C)
82 #include "mbedtls/ssl_cache.h"
83 #endif
84 
85 #define READ_TIMEOUT_MS 10000   /* 10 seconds */
86 #define DEBUG_LEVEL 0
87 
88 
my_debug(void * ctx,int level,const char * file,int line,const char * str)89 static void my_debug( void *ctx, int level,
90                       const char *file, int line,
91                       const char *str )
92 {
93     ((void) level);
94 
95     mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
96     fflush(  (FILE *) ctx  );
97 }
98 
main(void)99 int main( void )
100 {
101     int ret, len;
102     mbedtls_net_context listen_fd, client_fd;
103     unsigned char buf[1024];
104     const char *pers = "dtls_server";
105     unsigned char client_ip[16] = { 0 };
106     size_t cliip_len;
107     mbedtls_ssl_cookie_ctx cookie_ctx;
108 
109     mbedtls_entropy_context entropy;
110     mbedtls_ctr_drbg_context ctr_drbg;
111     mbedtls_ssl_context ssl;
112     mbedtls_ssl_config conf;
113     mbedtls_x509_crt srvcert;
114     mbedtls_pk_context pkey;
115     mbedtls_timing_delay_context timer;
116 #if defined(MBEDTLS_SSL_CACHE_C)
117     mbedtls_ssl_cache_context cache;
118 #endif
119 
120     mbedtls_net_init( &listen_fd );
121     mbedtls_net_init( &client_fd );
122     mbedtls_ssl_init( &ssl );
123     mbedtls_ssl_config_init( &conf );
124     mbedtls_ssl_cookie_init( &cookie_ctx );
125 #if defined(MBEDTLS_SSL_CACHE_C)
126     mbedtls_ssl_cache_init( &cache );
127 #endif
128     mbedtls_x509_crt_init( &srvcert );
129     mbedtls_pk_init( &pkey );
130     mbedtls_entropy_init( &entropy );
131     mbedtls_ctr_drbg_init( &ctr_drbg );
132 
133 #if defined(MBEDTLS_DEBUG_C)
134     mbedtls_debug_set_threshold( DEBUG_LEVEL );
135 #endif
136 
137     /*
138      * 1. Seed the RNG
139      */
140     printf( "  . Seeding the random number generator..." );
141     fflush( stdout );
142 
143     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
144                                (const unsigned char *) pers,
145                                strlen( pers ) ) ) != 0 )
146     {
147         printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
148         goto exit;
149     }
150 
151     printf( " ok\n" );
152 
153     /*
154      * 2. Load the certificates and private RSA key
155      */
156     printf( "\n  . Loading the server cert. and key..." );
157     fflush( stdout );
158 
159     /*
160      * This demonstration program uses embedded test certificates.
161      * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
162      * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
163      */
164     ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
165                           mbedtls_test_srv_crt_len );
166     if( ret != 0 )
167     {
168         printf( " failed\n  !  mbedtls_x509_crt_parse returned %d\n\n", ret );
169         goto exit;
170     }
171 
172     ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
173                           mbedtls_test_cas_pem_len );
174     if( ret != 0 )
175     {
176         printf( " failed\n  !  mbedtls_x509_crt_parse returned %d\n\n", ret );
177         goto exit;
178     }
179 
180     ret =  mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
181                          mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
182     if( ret != 0 )
183     {
184         printf( " failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret );
185         goto exit;
186     }
187 
188     printf( " ok\n" );
189 
190     /*
191      * 3. Setup the "listening" UDP socket
192      */
193     printf( "  . Bind on udp/*/4433 ..." );
194     fflush( stdout );
195 
196     if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
197     {
198         printf( " failed\n  ! mbedtls_net_bind returned %d\n\n", ret );
199         goto exit;
200     }
201 
202     printf( " ok\n" );
203 
204     /*
205      * 4. Setup stuff
206      */
207     printf( "  . Setting up the DTLS data..." );
208     fflush( stdout );
209 
210     if( ( ret = mbedtls_ssl_config_defaults( &conf,
211                     MBEDTLS_SSL_IS_SERVER,
212                     MBEDTLS_SSL_TRANSPORT_DATAGRAM,
213                     MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
214     {
215         mbedtls_printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
216         goto exit;
217     }
218 
219     mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
220     mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
221     mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
222 
223 #if defined(MBEDTLS_SSL_CACHE_C)
224     mbedtls_ssl_conf_session_cache( &conf, &cache,
225                                    mbedtls_ssl_cache_get,
226                                    mbedtls_ssl_cache_set );
227 #endif
228 
229     mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
230    if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
231     {
232         printf( " failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
233         goto exit;
234     }
235 
236     if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
237                                   mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
238     {
239         printf( " failed\n  ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
240         goto exit;
241     }
242 
243     mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
244                                &cookie_ctx );
245 
246     if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
247     {
248         printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
249         goto exit;
250     }
251 
252     mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
253                                             mbedtls_timing_get_delay );
254 
255     printf( " ok\n" );
256 
257 reset:
258 #ifdef MBEDTLS_ERROR_C
259     if( ret != 0 )
260     {
261         char error_buf[100];
262         mbedtls_strerror( ret, error_buf, 100 );
263         printf("Last error was: %d - %s\n\n", ret, error_buf );
264     }
265 #endif
266 
267     mbedtls_net_free( &client_fd );
268 
269     mbedtls_ssl_session_reset( &ssl );
270 
271     /*
272      * 3. Wait until a client connects
273      */
274     printf( "  . Waiting for a remote connection ..." );
275     fflush( stdout );
276 
277     if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
278                     client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
279     {
280         printf( " failed\n  ! mbedtls_net_accept returned %d\n\n", ret );
281         goto exit;
282     }
283 
284     /* For HelloVerifyRequest cookies */
285     if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
286                     client_ip, cliip_len ) ) != 0 )
287     {
288         printf( " failed\n  ! "
289                 "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
290         goto exit;
291     }
292 
293     mbedtls_ssl_set_bio( &ssl, &client_fd,
294                          mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
295 
296     printf( " ok\n" );
297 
298     /*
299      * 5. Handshake
300      */
301     printf( "  . Performing the DTLS handshake..." );
302     fflush( stdout );
303 
304     do ret = mbedtls_ssl_handshake( &ssl );
305     while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
306            ret == MBEDTLS_ERR_SSL_WANT_WRITE );
307 
308     if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
309     {
310         printf( " hello verification requested\n" );
311         ret = 0;
312         goto reset;
313     }
314     else if( ret != 0 )
315     {
316         printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
317         goto reset;
318     }
319 
320     printf( " ok\n" );
321 
322     /*
323      * 6. Read the echo Request
324      */
325     printf( "  < Read from client:" );
326     fflush( stdout );
327 
328     len = sizeof( buf ) - 1;
329     memset( buf, 0, sizeof( buf ) );
330 
331     do ret = mbedtls_ssl_read( &ssl, buf, len );
332     while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
333            ret == MBEDTLS_ERR_SSL_WANT_WRITE );
334 
335     if( ret <= 0 )
336     {
337         switch( ret )
338         {
339             case MBEDTLS_ERR_SSL_TIMEOUT:
340                 printf( " timeout\n\n" );
341                 goto reset;
342 
343             case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
344                 printf( " connection was closed gracefully\n" );
345                 ret = 0;
346                 goto close_notify;
347 
348             default:
349                 printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
350                 goto reset;
351         }
352     }
353 
354     len = ret;
355     printf( " %d bytes read\n\n%s\n\n", len, buf );
356 
357     /*
358      * 7. Write the 200 Response
359      */
360     printf( "  > Write to client:" );
361     fflush( stdout );
362 
363     do ret = mbedtls_ssl_write( &ssl, buf, len );
364     while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
365            ret == MBEDTLS_ERR_SSL_WANT_WRITE );
366 
367     if( ret < 0 )
368     {
369         printf( " failed\n  ! mbedtls_ssl_write returned %d\n\n", ret );
370         goto exit;
371     }
372 
373     len = ret;
374     printf( " %d bytes written\n\n%s\n\n", len, buf );
375 
376     /*
377      * 8. Done, cleanly close the connection
378      */
379 close_notify:
380     printf( "  . Closing the connection..." );
381 
382     /* No error checking, the connection might be closed already */
383     do ret = mbedtls_ssl_close_notify( &ssl );
384     while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
385     ret = 0;
386 
387     printf( " done\n" );
388 
389     goto reset;
390 
391     /*
392      * Final clean-ups and exit
393      */
394 exit:
395 
396 #ifdef MBEDTLS_ERROR_C
397     if( ret != 0 )
398     {
399         char error_buf[100];
400         mbedtls_strerror( ret, error_buf, 100 );
401         printf( "Last error was: %d - %s\n\n", ret, error_buf );
402     }
403 #endif
404 
405     mbedtls_net_free( &client_fd );
406     mbedtls_net_free( &listen_fd );
407 
408     mbedtls_x509_crt_free( &srvcert );
409     mbedtls_pk_free( &pkey );
410     mbedtls_ssl_free( &ssl );
411     mbedtls_ssl_config_free( &conf );
412     mbedtls_ssl_cookie_free( &cookie_ctx );
413 #if defined(MBEDTLS_SSL_CACHE_C)
414     mbedtls_ssl_cache_free( &cache );
415 #endif
416     mbedtls_ctr_drbg_free( &ctr_drbg );
417     mbedtls_entropy_free( &entropy );
418 
419 #if defined(_WIN32)
420     printf( "  Press Enter to exit this program.\n" );
421     fflush( stdout ); getchar();
422 #endif
423 
424     /* Shell can not handle large exit numbers -> 1 for errors */
425     if( ret < 0 )
426         ret = 1;
427 
428     mbedtls_exit( ret );
429 }
430 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
431           MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
432           MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
433           && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
434