• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  SSL client demonstration program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #if !defined(MBEDTLS_CONFIG_FILE)
9 #include "mbedtls/config.h"
10 #else
11 #include MBEDTLS_CONFIG_FILE
12 #endif
13 
14 #include "mbedtls/platform.h"
15 
16 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
17     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
18     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||         \
19     !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
20     !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
main(void)21 int main(void)
22 {
23     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
24                    "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
25                    "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
26                    "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
27                    "not defined.\n");
28     mbedtls_exit(0);
29 }
30 #else
31 
32 #include "mbedtls/net_sockets.h"
33 #include "mbedtls/debug.h"
34 #include "mbedtls/ssl.h"
35 #include "mbedtls/entropy.h"
36 #include "mbedtls/ctr_drbg.h"
37 #include "mbedtls/error.h"
38 #include "mbedtls/certs.h"
39 
40 #include <string.h>
41 
42 #define SERVER_PORT "4433"
43 #define SERVER_NAME "localhost"
44 #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
45 
46 #define DEBUG_LEVEL 1
47 
48 
my_debug(void * ctx,int level,const char * file,int line,const char * str)49 static void my_debug(void *ctx, int level,
50                      const char *file, int line,
51                      const char *str)
52 {
53     ((void) level);
54 
55     mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
56     fflush((FILE *) ctx);
57 }
58 
main(void)59 int main(void)
60 {
61     int ret = 1, len;
62     int exit_code = MBEDTLS_EXIT_FAILURE;
63     mbedtls_net_context server_fd;
64     uint32_t flags;
65     unsigned char buf[1024];
66     const char *pers = "ssl_client1";
67 
68     mbedtls_entropy_context entropy;
69     mbedtls_ctr_drbg_context ctr_drbg;
70     mbedtls_ssl_context ssl;
71     mbedtls_ssl_config conf;
72     mbedtls_x509_crt cacert;
73 
74 #if defined(MBEDTLS_DEBUG_C)
75     mbedtls_debug_set_threshold(DEBUG_LEVEL);
76 #endif
77 
78     /*
79      * 0. Initialize the RNG and the session data
80      */
81     mbedtls_net_init(&server_fd);
82     mbedtls_ssl_init(&ssl);
83     mbedtls_ssl_config_init(&conf);
84     mbedtls_x509_crt_init(&cacert);
85     mbedtls_ctr_drbg_init(&ctr_drbg);
86     mbedtls_entropy_init(&entropy);
87 
88 #if defined(MBEDTLS_USE_PSA_CRYPTO)
89     psa_status_t status = psa_crypto_init();
90     if (status != PSA_SUCCESS) {
91         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
92                         (int) status);
93         goto exit;
94     }
95 #endif /* MBEDTLS_USE_PSA_CRYPTO */
96 
97     mbedtls_printf("\n  . Seeding the random number generator...");
98     fflush(stdout);
99 
100 
101     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
102                                      (const unsigned char *) pers,
103                                      strlen(pers))) != 0) {
104         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
105         goto exit;
106     }
107 
108     mbedtls_printf(" ok\n");
109 
110     /*
111      * 0. Initialize certificates
112      */
113     mbedtls_printf("  . Loading the CA root certificate ...");
114     fflush(stdout);
115 
116     ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
117                                  mbedtls_test_cas_pem_len);
118     if (ret < 0) {
119         mbedtls_printf(" failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n",
120                        (unsigned int) -ret);
121         goto exit;
122     }
123 
124     mbedtls_printf(" ok (%d skipped)\n", ret);
125 
126     /*
127      * 1. Start the connection
128      */
129     mbedtls_printf("  . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
130     fflush(stdout);
131 
132     if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
133                                    SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
134         mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
135         goto exit;
136     }
137 
138     mbedtls_printf(" ok\n");
139 
140     /*
141      * 2. Setup stuff
142      */
143     mbedtls_printf("  . Setting up the SSL/TLS structure...");
144     fflush(stdout);
145 
146     if ((ret = mbedtls_ssl_config_defaults(&conf,
147                                            MBEDTLS_SSL_IS_CLIENT,
148                                            MBEDTLS_SSL_TRANSPORT_STREAM,
149                                            MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
150         mbedtls_printf(" failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
151         goto exit;
152     }
153 
154     mbedtls_printf(" ok\n");
155 
156     /* OPTIONAL is not optimal for security,
157      * but makes interop easier in this simplified example */
158     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
159     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
160     mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
161     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
162 
163     if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
164         mbedtls_printf(" failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret);
165         goto exit;
166     }
167 
168     if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
169         mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
170         goto exit;
171     }
172 
173     mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
174 
175     /*
176      * 4. Handshake
177      */
178     mbedtls_printf("  . Performing the SSL/TLS handshake...");
179     fflush(stdout);
180 
181     while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
182         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
183             mbedtls_printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
184                            (unsigned int) -ret);
185             goto exit;
186         }
187     }
188 
189     mbedtls_printf(" ok\n");
190 
191     /*
192      * 5. Verify the server certificate
193      */
194     mbedtls_printf("  . Verifying peer X.509 certificate...");
195 
196     /* In real life, we probably want to bail out when ret != 0 */
197     if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
198         char vrfy_buf[512];
199 
200         mbedtls_printf(" failed\n");
201 
202         mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "  ! ", flags);
203 
204         mbedtls_printf("%s\n", vrfy_buf);
205     } else {
206         mbedtls_printf(" ok\n");
207     }
208 
209     /*
210      * 3. Write the GET request
211      */
212     mbedtls_printf("  > Write to server:");
213     fflush(stdout);
214 
215     len = sprintf((char *) buf, GET_REQUEST);
216 
217     while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
218         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
219             mbedtls_printf(" failed\n  ! mbedtls_ssl_write returned %d\n\n", ret);
220             goto exit;
221         }
222     }
223 
224     len = ret;
225     mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
226 
227     /*
228      * 7. Read the HTTP response
229      */
230     mbedtls_printf("  < Read from server:");
231     fflush(stdout);
232 
233     do {
234         len = sizeof(buf) - 1;
235         memset(buf, 0, sizeof(buf));
236         ret = mbedtls_ssl_read(&ssl, buf, len);
237 
238         if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
239             continue;
240         }
241 
242         if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
243             break;
244         }
245 
246         if (ret < 0) {
247             mbedtls_printf("failed\n  ! mbedtls_ssl_read returned %d\n\n", ret);
248             break;
249         }
250 
251         if (ret == 0) {
252             mbedtls_printf("\n\nEOF\n\n");
253             break;
254         }
255 
256         len = ret;
257         mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
258     } while (1);
259 
260     mbedtls_ssl_close_notify(&ssl);
261 
262     exit_code = MBEDTLS_EXIT_SUCCESS;
263 
264 exit:
265 
266 #ifdef MBEDTLS_ERROR_C
267     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
268         char error_buf[100];
269         mbedtls_strerror(ret, error_buf, 100);
270         mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
271     }
272 #endif
273 
274     mbedtls_net_free(&server_fd);
275     mbedtls_x509_crt_free(&cacert);
276     mbedtls_ssl_free(&ssl);
277     mbedtls_ssl_config_free(&conf);
278     mbedtls_ctr_drbg_free(&ctr_drbg);
279     mbedtls_entropy_free(&entropy);
280 #if defined(MBEDTLS_USE_PSA_CRYPTO)
281     mbedtls_psa_crypto_free();
282 #endif /* MBEDTLS_USE_PSA_CRYPTO */
283 
284 #if defined(_WIN32)
285     mbedtls_printf("  + Press Enter to exit this program.\n");
286     fflush(stdout); getchar();
287 #endif
288 
289     mbedtls_exit(exit_code);
290 }
291 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
292           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
293           MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
294           MBEDTLS_X509_CRT_PARSE_C */
295