1 /* This is a small demo of the NetX Secure TLS API running on a
2 high-performance NetX TCP/IP stack. */
3 /* This demo works for IPv4 only */
4
5 #include "tx_api.h"
6 #include "nx_api.h"
7
8 #ifndef NX_DISABLE_IPV4
9
10 #include "nx_secure_tls_api.h"
11 #include "nx_secure_x509.h"
12
13 #define DEMO_STACK_SIZE 4096
14
15 /* Replace the 'ram' driver with your Ethernet driver. */
16 VOID _nx_ram_network_driver(struct NX_IP_DRIVER_STRUCT *driver_req);
17
18 /* Define packet pool for the demonstration. */
19 #define NX_PACKET_SIZE (1536 + sizeof(NX_PACKET))
20
21 /* Set up the TLS client global variables. */
22
23 static TX_THREAD client_thread;
24 static NX_PACKET_POOL client_pool;
25 static NX_IP client_ip;
26 static NX_TCP_SOCKET client_tcp_socket;
27 static NX_SECURE_TLS_SESSION client_tls_session;
28 static NX_SECURE_X509_CERT trusted_certificate;
29 static UINT error_counter;
30
31 /* Set up the TLS server global variables */
32
33 static TX_THREAD server_thread;
34 static NX_PACKET_POOL server_pool;
35 static NX_IP server_ip;
36 static NX_TCP_SOCKET server_tcp_socket;
37 static NX_SECURE_TLS_SESSION server_tls_session;
38
39
40 static void tls_client_thread_entry(ULONG thread_input);
41 static void tls_server_thread_entry(ULONG thread_input);
42
43
44 /* Define some demo certificates. First, the server/device certificate. */
45 static unsigned char test_device_cert_der[] = {
46 0x30, 0x82, 0x03, 0xd2, 0x30, 0x82, 0x02, 0xba, 0xa0, 0x03, 0x02, 0x01,
47 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
48 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x7a, 0x31, 0x0b, 0x30,
49 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
50 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31,
51 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x61,
52 0x6e, 0x20, 0x44, 0x69, 0x65, 0x67, 0x6f, 0x31, 0x16, 0x30, 0x14, 0x06,
53 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73,
54 0x73, 0x20, 0x4c, 0x6f, 0x67, 0x69, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06,
55 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53,
56 0x65, 0x63, 0x75, 0x72, 0x65, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55,
57 0x04, 0x03, 0x0c, 0x13, 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53, 0x65, 0x63,
58 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30,
59 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x31, 0x31, 0x31, 0x39, 0x35,
60 0x31, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x31, 0x30, 0x39,
61 0x31, 0x39, 0x35, 0x31, 0x30, 0x30, 0x5a, 0x30, 0x62, 0x31, 0x0b, 0x30,
62 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
63 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31,
64 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x45, 0x78,
65 0x70, 0x72, 0x65, 0x73, 0x73, 0x20, 0x4c, 0x6f, 0x67, 0x69, 0x63, 0x31,
66 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x4e, 0x65,
67 0x74, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x31, 0x18, 0x30,
68 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e,
69 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
70 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
71 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
72 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xae, 0x03, 0x2c, 0xec,
73 0xa2, 0x79, 0xd1, 0x15, 0x20, 0x88, 0x4d, 0xcd, 0xa2, 0x1b, 0x05, 0xe3,
74 0xbd, 0x55, 0xad, 0xc6, 0x1f, 0x64, 0xe8, 0xb5, 0xc5, 0x0d, 0x67, 0xfc,
75 0x7e, 0xda, 0xfb, 0x70, 0xf6, 0xc9, 0x47, 0x87, 0x3a, 0xaa, 0x88, 0x00,
76 0xf1, 0xa7, 0xf7, 0xe1, 0xf5, 0x2c, 0x54, 0x0e, 0x33, 0xda, 0xbe, 0x9c,
77 0x66, 0x30, 0xd9, 0x40, 0xeb, 0x1d, 0xce, 0xe1, 0x55, 0x15, 0x2b, 0x11,
78 0x47, 0x6c, 0x7e, 0x88, 0xc6, 0x24, 0xcf, 0x87, 0x1b, 0xb5, 0x1f, 0x47,
79 0xb9, 0xef, 0xad, 0x29, 0xd3, 0x2e, 0x43, 0xee, 0x39, 0xdd, 0x09, 0x54,
80 0xba, 0xfc, 0xed, 0xbc, 0x2e, 0x0e, 0x53, 0x15, 0x37, 0xcb, 0xc5, 0xf5,
81 0xee, 0x70, 0x2a, 0xe8, 0x01, 0x6d, 0xb1, 0x39, 0x94, 0x5a, 0xc2, 0x8a,
82 0x00, 0x04, 0xa9, 0xff, 0xea, 0x56, 0xf7, 0xd7, 0xa8, 0x1b, 0xa4, 0x26,
83 0xcd, 0x28, 0xaf, 0xfa, 0x52, 0x85, 0x1c, 0x26, 0x3e, 0x5e, 0x01, 0xf7,
84 0xe1, 0x66, 0xff, 0xac, 0xad, 0x9c, 0x98, 0x2f, 0xe0, 0x7e, 0x9f, 0xf1,
85 0x33, 0x31, 0xc3, 0x7f, 0xe6, 0x58, 0x5d, 0xd8, 0x5f, 0x7d, 0x2b, 0x5a,
86 0x55, 0xcf, 0xb1, 0x91, 0x53, 0x41, 0x04, 0xac, 0x86, 0x5e, 0x01, 0x35,
87 0x2b, 0x74, 0x8d, 0x46, 0x4d, 0x48, 0xc0, 0x5f, 0x83, 0x67, 0xb5, 0x6d,
88 0x52, 0x3f, 0x3e, 0xe6, 0xec, 0xf8, 0x2e, 0x10, 0x28, 0xdb, 0x69, 0xa6,
89 0x9d, 0x4b, 0xde, 0x19, 0x2e, 0xd2, 0x5f, 0xc8, 0xa9, 0x3b, 0x52, 0xe9,
90 0xb2, 0xcd, 0x6e, 0x19, 0x22, 0xf9, 0x99, 0xa6, 0xcc, 0xf5, 0xd3, 0xec,
91 0xff, 0x0c, 0x77, 0x6f, 0x25, 0x92, 0x07, 0x4c, 0x64, 0x7d, 0x34, 0x49,
92 0x6f, 0xff, 0x0a, 0xa8, 0x15, 0x64, 0x72, 0x2d, 0x4f, 0x42, 0x05, 0xe8,
93 0x2b, 0x01, 0xf1, 0xe3, 0x65, 0x94, 0x23, 0xd9, 0xdf, 0x5e, 0x3b, 0xb5,
94 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b, 0x30, 0x79, 0x30, 0x09, 0x06,
95 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x2c, 0x06, 0x09,
96 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x1f, 0x16,
97 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, 0x65, 0x6e,
98 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
99 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
100 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8d, 0xb0, 0xee, 0x8f, 0x6b, 0x43, 0x52,
101 0x29, 0xf4, 0x25, 0xff, 0x3c, 0xda, 0x5f, 0xb3, 0xce, 0x9b, 0x7b, 0x75,
102 0xe1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
103 0x80, 0x14, 0x1b, 0x8d, 0x06, 0xd9, 0x6b, 0xad, 0xee, 0x82, 0x24, 0x26,
104 0x55, 0x9a, 0x1b, 0x03, 0x44, 0x92, 0x0a, 0x06, 0x92, 0x48, 0x30, 0x0d,
105 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
106 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x75, 0x83, 0x89, 0xab, 0x84, 0x52,
107 0x5f, 0xa4, 0x9e, 0x98, 0xca, 0xa3, 0xf9, 0xab, 0xd4, 0x04, 0x32, 0xa4,
108 0x8c, 0x96, 0x90, 0x39, 0x88, 0x92, 0xc3, 0xcd, 0x51, 0xc3, 0x01, 0x35,
109 0x03, 0x78, 0xfa, 0x0d, 0x1e, 0x7b, 0x79, 0xe9, 0x7d, 0xd8, 0x68, 0x7a,
110 0x65, 0xc6, 0x00, 0x7c, 0xa1, 0x7a, 0x52, 0xc9, 0xa3, 0xf4, 0x0b, 0xbd,
111 0x76, 0x24, 0xdf, 0xde, 0x22, 0x2d, 0x95, 0xc5, 0xb6, 0x54, 0xb1, 0xac,
112 0xb6, 0x9a, 0xe4, 0x68, 0x0f, 0x97, 0x4a, 0x44, 0xa2, 0x87, 0x01, 0x82,
113 0xd4, 0x25, 0xbd, 0x01, 0xbc, 0x35, 0x8a, 0x6d, 0xb7, 0x7c, 0x48, 0xaa,
114 0x92, 0xd7, 0x57, 0x76, 0x6a, 0xb0, 0xc9, 0x46, 0xa6, 0xbe, 0xbf, 0x0f,
115 0xf0, 0xea, 0x62, 0x57, 0x71, 0x42, 0xf6, 0x67, 0xa7, 0xa1, 0x50, 0x87,
116 0x14, 0x8e, 0x32, 0xd0, 0x5e, 0xc9, 0x7b, 0x79, 0x7e, 0xfa, 0x17, 0xc7,
117 0xad, 0xbd, 0xc3, 0x98, 0x79, 0x45, 0xfb, 0x7f, 0xf7, 0xe6, 0x9f, 0x77,
118 0xb3, 0x44, 0xc3, 0xaf, 0x6b, 0x61, 0x6a, 0x04, 0x68, 0x24, 0x2d, 0x31,
119 0xf1, 0x28, 0x2c, 0xf4, 0xf0, 0x07, 0xfe, 0xfd, 0x66, 0x98, 0x77, 0x37,
120 0x7b, 0x80, 0x1f, 0xb2, 0x49, 0xe4, 0xa6, 0x24, 0x72, 0x42, 0xf4, 0xca,
121 0x91, 0x80, 0xa1, 0xb2, 0x0a, 0xc9, 0xc0, 0x93, 0xa7, 0x22, 0x0b, 0x13,
122 0x8a, 0xb2, 0x75, 0x4b, 0x66, 0xf9, 0x87, 0x3a, 0x51, 0x97, 0xc7, 0x1e,
123 0x2b, 0x61, 0x81, 0x5c, 0xf0, 0xf8, 0x4c, 0xdb, 0x36, 0xc7, 0xba, 0x49,
124 0xd9, 0x04, 0x6a, 0x95, 0xb0, 0x7f, 0xfc, 0xce, 0xca, 0x23, 0xad, 0xf9,
125 0xaf, 0x8a, 0x72, 0x8e, 0xab, 0xb8, 0x8b, 0x7e, 0xf7, 0x39, 0xa6, 0x22,
126 0x56, 0x03, 0x72, 0x06, 0xc3, 0x57, 0x1f, 0x32, 0xaa, 0xb5, 0xa6, 0x00,
127 0x67, 0x88, 0x4b, 0x40, 0xe9, 0x5e, 0x4a, 0x6f, 0x76, 0xe8
128 };
129 static unsigned int test_device_cert_der_len = 982;
130
131 /* Server private RSA key. */
132 static unsigned char test_device_cert_key_der[] = {
133 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
134 0xae, 0x03, 0x2c, 0xec, 0xa2, 0x79, 0xd1, 0x15, 0x20, 0x88, 0x4d, 0xcd,
135 0xa2, 0x1b, 0x05, 0xe3, 0xbd, 0x55, 0xad, 0xc6, 0x1f, 0x64, 0xe8, 0xb5,
136 0xc5, 0x0d, 0x67, 0xfc, 0x7e, 0xda, 0xfb, 0x70, 0xf6, 0xc9, 0x47, 0x87,
137 0x3a, 0xaa, 0x88, 0x00, 0xf1, 0xa7, 0xf7, 0xe1, 0xf5, 0x2c, 0x54, 0x0e,
138 0x33, 0xda, 0xbe, 0x9c, 0x66, 0x30, 0xd9, 0x40, 0xeb, 0x1d, 0xce, 0xe1,
139 0x55, 0x15, 0x2b, 0x11, 0x47, 0x6c, 0x7e, 0x88, 0xc6, 0x24, 0xcf, 0x87,
140 0x1b, 0xb5, 0x1f, 0x47, 0xb9, 0xef, 0xad, 0x29, 0xd3, 0x2e, 0x43, 0xee,
141 0x39, 0xdd, 0x09, 0x54, 0xba, 0xfc, 0xed, 0xbc, 0x2e, 0x0e, 0x53, 0x15,
142 0x37, 0xcb, 0xc5, 0xf5, 0xee, 0x70, 0x2a, 0xe8, 0x01, 0x6d, 0xb1, 0x39,
143 0x94, 0x5a, 0xc2, 0x8a, 0x00, 0x04, 0xa9, 0xff, 0xea, 0x56, 0xf7, 0xd7,
144 0xa8, 0x1b, 0xa4, 0x26, 0xcd, 0x28, 0xaf, 0xfa, 0x52, 0x85, 0x1c, 0x26,
145 0x3e, 0x5e, 0x01, 0xf7, 0xe1, 0x66, 0xff, 0xac, 0xad, 0x9c, 0x98, 0x2f,
146 0xe0, 0x7e, 0x9f, 0xf1, 0x33, 0x31, 0xc3, 0x7f, 0xe6, 0x58, 0x5d, 0xd8,
147 0x5f, 0x7d, 0x2b, 0x5a, 0x55, 0xcf, 0xb1, 0x91, 0x53, 0x41, 0x04, 0xac,
148 0x86, 0x5e, 0x01, 0x35, 0x2b, 0x74, 0x8d, 0x46, 0x4d, 0x48, 0xc0, 0x5f,
149 0x83, 0x67, 0xb5, 0x6d, 0x52, 0x3f, 0x3e, 0xe6, 0xec, 0xf8, 0x2e, 0x10,
150 0x28, 0xdb, 0x69, 0xa6, 0x9d, 0x4b, 0xde, 0x19, 0x2e, 0xd2, 0x5f, 0xc8,
151 0xa9, 0x3b, 0x52, 0xe9, 0xb2, 0xcd, 0x6e, 0x19, 0x22, 0xf9, 0x99, 0xa6,
152 0xcc, 0xf5, 0xd3, 0xec, 0xff, 0x0c, 0x77, 0x6f, 0x25, 0x92, 0x07, 0x4c,
153 0x64, 0x7d, 0x34, 0x49, 0x6f, 0xff, 0x0a, 0xa8, 0x15, 0x64, 0x72, 0x2d,
154 0x4f, 0x42, 0x05, 0xe8, 0x2b, 0x01, 0xf1, 0xe3, 0x65, 0x94, 0x23, 0xd9,
155 0xdf, 0x5e, 0x3b, 0xb5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
156 0x01, 0x00, 0xa5, 0x22, 0x2c, 0x52, 0xd0, 0x09, 0x4c, 0x4a, 0x81, 0x59,
157 0xf8, 0x83, 0xa9, 0x4f, 0x7d, 0xb2, 0x56, 0xad, 0xe5, 0x3f, 0xfb, 0xf0,
158 0xf6, 0x09, 0xf1, 0x5b, 0x3c, 0x90, 0x58, 0x0e, 0x15, 0xc9, 0x68, 0xd9,
159 0x30, 0x40, 0xfb, 0x82, 0x73, 0x98, 0x79, 0xbb, 0xcd, 0xb8, 0x27, 0xc3,
160 0x8e, 0x6c, 0xff, 0xf6, 0x99, 0x26, 0xb0, 0xaf, 0xb0, 0xac, 0x33, 0xb3,
161 0x50, 0xed, 0x73, 0xa1, 0xa8, 0x02, 0x38, 0xc6, 0x93, 0xf9, 0xd6, 0x17,
162 0x7e, 0xbd, 0x97, 0xa4, 0xb5, 0x6f, 0x8a, 0xdb, 0x11, 0x78, 0x7c, 0x89,
163 0x0e, 0x3c, 0x17, 0xbb, 0x54, 0x2c, 0x8d, 0x5a, 0x93, 0x7d, 0x1e, 0x33,
164 0xc7, 0xd2, 0x7d, 0xe5, 0xaa, 0x12, 0x2d, 0xd9, 0x52, 0x4e, 0x63, 0x74,
165 0xa6, 0x57, 0x9f, 0x1a, 0xd6, 0x3c, 0xc1, 0xb1, 0xab, 0x66, 0x4a, 0x0b,
166 0x88, 0x1d, 0xa6, 0xd1, 0xbc, 0x60, 0x7a, 0x17, 0x1f, 0x8f, 0x9b, 0x35,
167 0x57, 0xf8, 0xd0, 0x1c, 0xd3, 0xa6, 0x56, 0xc8, 0x03, 0x9c, 0x08, 0x3b,
168 0x1b, 0x5b, 0xc2, 0x03, 0x3b, 0x3a, 0xa4, 0xe8, 0xed, 0x75, 0x66, 0xb0,
169 0x85, 0x56, 0x40, 0xfe, 0xae, 0x97, 0x7e, 0xc0, 0x79, 0x49, 0x13, 0x8b,
170 0x01, 0x0c, 0xae, 0x4c, 0x3d, 0x54, 0x47, 0xc5, 0x51, 0x40, 0x3d, 0xcc,
171 0x4d, 0x17, 0xb3, 0x4e, 0x1d, 0x85, 0x1c, 0x41, 0x07, 0x03, 0x5e, 0xf9,
172 0xfa, 0x17, 0x81, 0x24, 0x34, 0xaa, 0xbf, 0x67, 0x73, 0xb6, 0x9c, 0x67,
173 0x36, 0xd9, 0xee, 0xf7, 0x86, 0x4c, 0x4d, 0x79, 0xca, 0xd7, 0xfd, 0x72,
174 0xf9, 0xb3, 0x73, 0xc3, 0x57, 0xe5, 0x39, 0x72, 0x93, 0x56, 0xc2, 0xec,
175 0xf8, 0x25, 0xe4, 0x8f, 0xba, 0xd0, 0x6f, 0x23, 0x8c, 0x39, 0x9e, 0x05,
176 0x1a, 0x4e, 0xdc, 0x5e, 0xcd, 0x17, 0x59, 0x94, 0x37, 0x22, 0xb7, 0x39,
177 0x50, 0x65, 0xdc, 0x91, 0x3c, 0xe1, 0x02, 0x81, 0x81, 0x00, 0xe4, 0xc6,
178 0x42, 0xe5, 0xea, 0xe5, 0x32, 0xf3, 0x51, 0x36, 0x7b, 0x8c, 0x5b, 0x72,
179 0x24, 0x1a, 0x4a, 0x44, 0x4f, 0x64, 0xe5, 0xa7, 0x74, 0xd9, 0xb2, 0x29,
180 0x8a, 0x08, 0xcf, 0x9b, 0xd2, 0x9d, 0xc4, 0x20, 0x4c, 0xd3, 0x60, 0x4d,
181 0xf7, 0xb7, 0xac, 0x92, 0x6b, 0x2b, 0x95, 0x73, 0x6e, 0x57, 0x00, 0x20,
182 0x9d, 0xb2, 0xf6, 0xbd, 0x0b, 0xbb, 0xaa, 0x7e, 0x7e, 0x3e, 0x53, 0xfb,
183 0x79, 0x7e, 0x45, 0xd5, 0x2e, 0xab, 0x5e, 0xff, 0x5c, 0x0a, 0x45, 0x2d,
184 0x27, 0x19, 0xb0, 0x59, 0x0a, 0x39, 0x89, 0xf6, 0xae, 0xc6, 0xe2, 0xd1,
185 0x07, 0x58, 0xbe, 0x95, 0x27, 0xaf, 0xf7, 0xa6, 0x2f, 0xaa, 0x37, 0x25,
186 0x7c, 0x7b, 0xd3, 0xda, 0x13, 0x76, 0x0a, 0xb6, 0x6c, 0x99, 0x53, 0x5d,
187 0xa5, 0x75, 0xfa, 0x10, 0x9b, 0x7f, 0xfe, 0xd7, 0xb4, 0x18, 0x95, 0xa8,
188 0x65, 0x85, 0x07, 0xc5, 0xc4, 0xad, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xb8,
189 0x8e, 0xed, 0x9d, 0x4a, 0x1f, 0x9c, 0xda, 0x73, 0xf0, 0x2c, 0x35, 0x91,
190 0xe4, 0x40, 0x78, 0xe1, 0x12, 0xf3, 0x08, 0xef, 0xdf, 0x97, 0xa0, 0xb0,
191 0xdd, 0xea, 0xc2, 0xb9, 0x5b, 0xf8, 0xa1, 0xac, 0x32, 0xfd, 0xb8, 0xe9,
192 0x0f, 0xed, 0xfd, 0xe0, 0xdc, 0x38, 0x90, 0x5e, 0xf5, 0x4c, 0x02, 0xc3,
193 0x1a, 0x72, 0x18, 0xf7, 0xfe, 0xb7, 0xb8, 0x2a, 0xf8, 0x72, 0xbb, 0x99,
194 0x56, 0xec, 0x85, 0x58, 0x31, 0x7e, 0x64, 0xdf, 0x02, 0x05, 0xe3, 0xb2,
195 0xbb, 0xe2, 0x1b, 0xd6, 0x43, 0x73, 0xf8, 0x0f, 0xaf, 0x89, 0x57, 0x44,
196 0x5f, 0x30, 0x1c, 0xe5, 0x78, 0xbf, 0x0b, 0xe7, 0x4b, 0xbe, 0x80, 0x2f,
197 0x3d, 0x35, 0x44, 0xfc, 0x9e, 0x0d, 0x85, 0x5d, 0x94, 0x6e, 0xe9, 0x6a,
198 0x72, 0xa7, 0x46, 0xd8, 0x64, 0x6c, 0xe9, 0x61, 0x92, 0xa0, 0xb6, 0xd1,
199 0xee, 0xa6, 0xa6, 0xf4, 0x2c, 0x29, 0x02, 0x81, 0x81, 0x00, 0xb4, 0xa7,
200 0x7b, 0x1c, 0x64, 0x29, 0x29, 0xda, 0xca, 0x3e, 0xe3, 0xc1, 0x2a, 0x55,
201 0x2f, 0xfd, 0x32, 0xb8, 0x4e, 0x99, 0xb6, 0x60, 0x4d, 0xfd, 0xba, 0x9a,
202 0xe2, 0xcd, 0xa2, 0x63, 0xc2, 0x25, 0xa3, 0x42, 0x7e, 0x68, 0x4c, 0x9c,
203 0x45, 0x09, 0x5d, 0xd5, 0x21, 0x9c, 0x01, 0x20, 0x6d, 0xf9, 0x75, 0xb8,
204 0x4b, 0xcf, 0x8e, 0xd8, 0x29, 0xf3, 0xbf, 0xe6, 0xb3, 0x7a, 0x34, 0x87,
205 0x58, 0xa1, 0x46, 0x33, 0xd9, 0xee, 0xa9, 0xcd, 0xac, 0xb8, 0xcf, 0x77,
206 0xa0, 0x70, 0xc0, 0xb9, 0x0f, 0x41, 0xf0, 0x98, 0x43, 0xdb, 0xfa, 0x30,
207 0x66, 0x44, 0xc5, 0xfa, 0xb2, 0xa4, 0x5a, 0x43, 0x79, 0x50, 0x48, 0xcb,
208 0xe9, 0x49, 0x3f, 0x39, 0xee, 0x34, 0x40, 0xb1, 0x5d, 0x80, 0x96, 0x3c,
209 0x54, 0xf4, 0x9c, 0xcb, 0x90, 0x7f, 0xba, 0x96, 0x4b, 0x39, 0x3e, 0xb5,
210 0x03, 0xb5, 0xd1, 0x35, 0x72, 0xe1, 0x02, 0x81, 0x80, 0x60, 0x14, 0xd5,
211 0x61, 0xe6, 0x24, 0xf7, 0x28, 0x5c, 0x9a, 0xac, 0xbe, 0x03, 0xc8, 0xf3,
212 0x49, 0xe4, 0xdb, 0x9a, 0x90, 0x15, 0xae, 0xd7, 0x33, 0x68, 0x75, 0x1d,
213 0x6b, 0x83, 0x9e, 0x17, 0x05, 0xbe, 0x30, 0xcc, 0x10, 0x6a, 0x37, 0x86,
214 0x46, 0xb6, 0xe9, 0x47, 0x81, 0x19, 0xab, 0xe1, 0x7a, 0x1a, 0x3a, 0xcf,
215 0x47, 0xd1, 0x8e, 0x3d, 0x3f, 0xc6, 0x3e, 0x5d, 0xcd, 0xaf, 0x47, 0xe0,
216 0x9e, 0x60, 0xc5, 0xbd, 0xd6, 0x52, 0x4b, 0xc0, 0x21, 0xcb, 0xd3, 0x1b,
217 0xe6, 0x5c, 0x3a, 0x03, 0x9a, 0xab, 0xa2, 0x81, 0xc9, 0x51, 0x28, 0x49,
218 0x97, 0xe2, 0x0a, 0x50, 0xe4, 0x64, 0x29, 0x43, 0x34, 0xc2, 0xe7, 0x8c,
219 0x5a, 0x46, 0xaa, 0x28, 0x0b, 0x1f, 0xed, 0xa7, 0x1a, 0x7b, 0x4e, 0xad,
220 0x38, 0x61, 0x3a, 0xd1, 0x82, 0xf4, 0x3d, 0xd3, 0x2e, 0x3e, 0x47, 0xa4,
221 0x6c, 0xd3, 0x20, 0xd4, 0xd1, 0x02, 0x81, 0x80, 0x68, 0x1a, 0x8d, 0x3c,
222 0x18, 0x3f, 0x42, 0x5e, 0x38, 0x6d, 0x0a, 0x1e, 0x52, 0xd5, 0x8f, 0xd6,
223 0x32, 0xff, 0x7c, 0x1c, 0xf3, 0x20, 0x8b, 0x92, 0xa5, 0x44, 0xff, 0x08,
224 0x21, 0xa1, 0xce, 0x68, 0x8b, 0x03, 0xe0, 0x90, 0xeb, 0x01, 0x4e, 0x85,
225 0xf9, 0xc5, 0xb7, 0x86, 0xee, 0xd0, 0x59, 0x10, 0x73, 0x98, 0x2a, 0xcb,
226 0xf6, 0xfe, 0x0d, 0xba, 0x07, 0x91, 0x18, 0xf6, 0xbc, 0x93, 0x8a, 0x91,
227 0xdd, 0x80, 0x16, 0x37, 0xdf, 0x75, 0x46, 0x87, 0x68, 0xee, 0xf4, 0x76,
228 0x0c, 0xc5, 0x87, 0x38, 0xf5, 0xb6, 0xda, 0x8a, 0xee, 0x62, 0xc8, 0xc0,
229 0xa2, 0x8d, 0xbf, 0xd5, 0xf8, 0xba, 0xb5, 0x74, 0xf0, 0x07, 0xa6, 0x1c,
230 0xcf, 0x76, 0x61, 0xbe, 0xa4, 0x88, 0x4a, 0x95, 0xb0, 0xa3, 0x70, 0x73,
231 0xa1, 0x6f, 0x73, 0xf0, 0xe8, 0x38, 0x8d, 0xe8, 0xd0, 0x7e, 0x2c, 0x0c,
232 0xdc, 0x21, 0xfa, 0xc1
233 };
234
235 static unsigned int test_device_cert_key_der_len = 1192;
236
237 /* Trusted CA certificate for Client. */
238 static unsigned char test_ca_cert_der[] = {
239 0x30, 0x82, 0x03, 0xc7, 0x30, 0x82, 0x02, 0xaf, 0xa0, 0x03, 0x02, 0x01,
240 0x02, 0x02, 0x09, 0x00, 0xa1, 0x79, 0xb0, 0x6a, 0x32, 0xbc, 0x48, 0x67,
241 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
242 0x0b, 0x05, 0x00, 0x30, 0x7a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
243 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
244 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x12, 0x30, 0x10, 0x06,
245 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x61, 0x6e, 0x20, 0x44, 0x69,
246 0x65, 0x67, 0x6f, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a,
247 0x0c, 0x0d, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x20, 0x4c, 0x6f,
248 0x67, 0x69, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
249 0x0c, 0x0b, 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
250 0x65, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13,
251 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
252 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31,
253 0x36, 0x31, 0x31, 0x31, 0x31, 0x31, 0x39, 0x35, 0x30, 0x30, 0x38, 0x5a,
254 0x17, 0x0d, 0x32, 0x36, 0x31, 0x31, 0x30, 0x39, 0x31, 0x39, 0x35, 0x30,
255 0x30, 0x38, 0x5a, 0x30, 0x7a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
256 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
257 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x12, 0x30, 0x10, 0x06,
258 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x61, 0x6e, 0x20, 0x44, 0x69,
259 0x65, 0x67, 0x6f, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a,
260 0x0c, 0x0d, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x20, 0x4c, 0x6f,
261 0x67, 0x69, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
262 0x0c, 0x0b, 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
263 0x65, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13,
264 0x4e, 0x65, 0x74, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
265 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30,
266 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
267 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
268 0x82, 0x01, 0x01, 0x00, 0xd1, 0xdc, 0x3c, 0xe1, 0x1c, 0x7a, 0x3d, 0xb7,
269 0x76, 0xcf, 0xab, 0xd7, 0x3c, 0x38, 0xb0, 0x81, 0xb6, 0x37, 0x52, 0xa3,
270 0x3d, 0x6f, 0xcd, 0x89, 0xa6, 0xa2, 0xf3, 0xa8, 0xb0, 0x8d, 0xee, 0x0b,
271 0x36, 0x94, 0x83, 0x0e, 0x7f, 0x39, 0x87, 0x6e, 0xee, 0x19, 0xe2, 0x1f,
272 0x92, 0x3d, 0x01, 0x05, 0x4f, 0x11, 0xcd, 0xcb, 0xa0, 0x79, 0xfc, 0x9d,
273 0x6e, 0x93, 0xb1, 0xb7, 0x03, 0xf3, 0xfe, 0xeb, 0x30, 0x67, 0x38, 0x85,
274 0x28, 0xdf, 0x93, 0xdb, 0xcb, 0xcb, 0xb1, 0xbe, 0xd3, 0xe1, 0xc2, 0x7d,
275 0x8d, 0xbb, 0x70, 0x76, 0x99, 0x08, 0x7c, 0x3f, 0x21, 0x2f, 0x37, 0x97,
276 0xf7, 0xe8, 0x6e, 0x8c, 0x7e, 0xbc, 0x30, 0x5f, 0xbf, 0x32, 0x51, 0x1d,
277 0x66, 0x76, 0xad, 0x39, 0xfc, 0x94, 0xd4, 0x65, 0xf6, 0xd2, 0x0b, 0x37,
278 0xd3, 0x4a, 0xe6, 0xe1, 0xdf, 0x4a, 0x8f, 0x3b, 0x33, 0x16, 0xbe, 0xf7,
279 0xd9, 0xbd, 0x73, 0x64, 0xdf, 0x34, 0xa3, 0x55, 0xe7, 0xac, 0xab, 0xa7,
280 0xae, 0xc2, 0x20, 0x46, 0xc2, 0xd1, 0xe3, 0x25, 0x3a, 0x47, 0x68, 0x92,
281 0xac, 0xd6, 0x12, 0xa4, 0x0a, 0xce, 0xdc, 0xe2, 0x24, 0x12, 0xee, 0xe1,
282 0xb2, 0xcd, 0x09, 0xa8, 0xef, 0x36, 0xea, 0x76, 0xf9, 0xb6, 0x63, 0xaa,
283 0xac, 0xdd, 0x46, 0x06, 0x6e, 0xd9, 0x1e, 0x08, 0xac, 0x57, 0x12, 0x6c,
284 0x21, 0xef, 0x8e, 0xae, 0xf0, 0x27, 0xf1, 0x5c, 0x79, 0xb4, 0xb6, 0x26,
285 0x92, 0x11, 0xda, 0xca, 0x80, 0x5e, 0x92, 0x4c, 0xb5, 0xd8, 0xb5, 0x84,
286 0x95, 0xe3, 0xef, 0xbc, 0x7e, 0x7d, 0x68, 0x74, 0x4c, 0x34, 0x1a, 0x50,
287 0x6d, 0x2d, 0x5f, 0x1b, 0x0e, 0xbe, 0xf5, 0xb4, 0xf1, 0x32, 0x16, 0x44,
288 0x24, 0x7a, 0x0e, 0x4b, 0xcd, 0xfa, 0xa5, 0x03, 0x95, 0x2e, 0x44, 0x65,
289 0xa8, 0x74, 0xea, 0x17, 0xdd, 0x99, 0xbd, 0xcb, 0x02, 0x03, 0x01, 0x00,
290 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
291 0x04, 0x16, 0x04, 0x14, 0x1b, 0x8d, 0x06, 0xd9, 0x6b, 0xad, 0xee, 0x82,
292 0x24, 0x26, 0x55, 0x9a, 0x1b, 0x03, 0x44, 0x92, 0x0a, 0x06, 0x92, 0x48,
293 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
294 0x14, 0x1b, 0x8d, 0x06, 0xd9, 0x6b, 0xad, 0xee, 0x82, 0x24, 0x26, 0x55,
295 0x9a, 0x1b, 0x03, 0x44, 0x92, 0x0a, 0x06, 0x92, 0x48, 0x30, 0x0c, 0x06,
296 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
297 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
298 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x70, 0xc7, 0x6a, 0x75, 0x27,
299 0x14, 0xa0, 0x1c, 0xe0, 0xe0, 0x84, 0x7c, 0x6c, 0x16, 0xa9, 0x0d, 0x4d,
300 0xb1, 0xc3, 0x87, 0x37, 0xf6, 0x86, 0x89, 0x6f, 0x73, 0xf0, 0x59, 0x9b,
301 0x8c, 0xa4, 0x83, 0x10, 0x2d, 0xb7, 0x8b, 0xd0, 0x9a, 0x81, 0xe0, 0x5c,
302 0xd7, 0x20, 0x6f, 0xdc, 0xfc, 0xc8, 0xa0, 0xc2, 0x8e, 0x54, 0xe6, 0xfb,
303 0x61, 0x85, 0x37, 0x4b, 0x22, 0x47, 0x09, 0x95, 0x44, 0x12, 0x75, 0xf0,
304 0xcf, 0x0b, 0x90, 0x48, 0xb0, 0x02, 0x4c, 0xef, 0x3f, 0xde, 0x6a, 0xfd,
305 0xb1, 0x8b, 0x88, 0xd7, 0x84, 0xe5, 0x34, 0x02, 0x96, 0x0a, 0x3f, 0xa8,
306 0x8c, 0xbd, 0x1a, 0xd8, 0xf7, 0xf9, 0xe5, 0x49, 0x87, 0xd0, 0x20, 0x4f,
307 0xd8, 0xcd, 0xc0, 0xb9, 0x11, 0x2a, 0xd9, 0x0f, 0x75, 0xa6, 0xee, 0x76,
308 0x15, 0x9f, 0x12, 0x50, 0x68, 0x4c, 0xc0, 0x05, 0x46, 0x8d, 0xdd, 0x93,
309 0x74, 0x31, 0x82, 0x20, 0x37, 0x24, 0x58, 0xb2, 0x88, 0x9b, 0x21, 0xc1,
310 0x48, 0xc4, 0x8d, 0x68, 0x3b, 0x91, 0x2c, 0x34, 0xcb, 0x94, 0xd0, 0xbc,
311 0xe3, 0x05, 0x24, 0x05, 0xcc, 0xea, 0x05, 0xb1, 0x52, 0x74, 0x4a, 0x23,
312 0x65, 0xc4, 0x40, 0x04, 0x86, 0xb1, 0x80, 0x61, 0x97, 0xdc, 0x94, 0x16,
313 0x4e, 0x63, 0x31, 0x72, 0x4e, 0x45, 0xe8, 0x3e, 0x3b, 0xb6, 0x99, 0xae,
314 0xd8, 0x91, 0x25, 0x3d, 0x62, 0x92, 0x6d, 0x72, 0x01, 0x2c, 0xca, 0x67,
315 0x0a, 0xec, 0x00, 0xeb, 0x10, 0xff, 0x6d, 0xac, 0x89, 0x19, 0x2c, 0xb7,
316 0xb3, 0xa5, 0xf7, 0xa1, 0x4a, 0xc3, 0xc1, 0xdd, 0xaf, 0xb5, 0x1a, 0x16,
317 0x44, 0xdc, 0xa8, 0xb5, 0xca, 0xd0, 0x30, 0xaa, 0x7e, 0x73, 0xd5, 0x2e,
318 0x65, 0xd6, 0xf9, 0xbf, 0x5f, 0xda, 0x6f, 0x13, 0xe9, 0xd7, 0x12, 0x6c,
319 0x3a, 0x6c, 0x50, 0x26, 0x78, 0x6e, 0xc6, 0xeb, 0x75, 0xe1, 0x3c
320 };
321 static unsigned int test_ca_cert_der_len = 971;
322
323 /* Define an request to be sent to the TLS server. */
324 UCHAR http_request[] = { "GET /example.html HTTP/1.1" };
325
326 /* Define some HTML data (web page) with an HTTPS header to serve to connecting
327 clients. */
328 UCHAR html_data[] = { "HTTP/1.1 200 OK\r\n" \
329 "Date: Tue, 19 May 2020 23:59:59 GMT\r\n" \
330 "Content-Type: text/html\r\n" \
331 "Content-Length: 200\r\n\r\n" \
332 "<html>\r\n"\
333 "<body>\r\n"\
334 "<b>Hello NetX Secure User!</b>\r\n"\
335 "This is a simple webpage\r\n"\
336 "served up using NetX Secure!\r\n"\
337 "</body>\r\n"\
338 "</html>\r\n" };
339
340 /* Define the metadata area for TLS cryptography. The actual size needed can be
341 Ascertained by calling nx_secure_tls_metadata_size_calculate.
342 */
343 static CHAR crypto_metadata_server[18000];
344 static CHAR crypto_metadata_client[18000];
345
346 /* TLS buffers and certificate containers. */
347 static UCHAR tls_packet_buffer_server[40000];
348 static UCHAR tls_packet_buffer_client[40000];
349 static NX_SECURE_X509_CERT certificate;
350 static NX_SECURE_X509_CERT remote_certificate, remote_issuer;
351 static UCHAR remote_cert_buffer[2000];
352 static UCHAR remote_issuer_buffer[2000];
353
354 /* Pointer to the TLS ciphersuite table that is included in the platform-specific
355 cryptography subdirectory. The table maps the cryptographic routines for the
356 platform to function pointers usable by the TLS library.
357
358 For TLS Web servers, define NX_SECURE_ENABLE_AEAD_CIPHER in NetX Crypto to
359 allow web browsers to connect using AES_128_GCM cipher suites.
360 */
361 extern const NX_SECURE_TLS_CRYPTO nx_crypto_tls_ciphers_ecc;
362 extern const USHORT nx_crypto_ecc_supported_groups[];
363 extern const NX_CRYPTO_METHOD* nx_crypto_ecc_curves[];
364 extern const UINT nx_crypto_ecc_supported_groups_size;
365
366 /* Local IP address. */
367 #define TLS_SERVER_ADDRESS IP_ADDRESS(192, 168, 1, 160)
368 #define TLS_CLIENT_ADDRESS IP_ADDRESS(192, 168, 1, 167)
369
370 /* Define the server port.*/
371 #define SERVER_PORT 443
372
main()373 int main()
374 {
375
376 /* Enter the ThreadX kernel. */
377 tx_kernel_enter();
378 }
379
380
381 /* Define what the initial system looks like. */
tx_application_define(void * first_unused_memory)382 void tx_application_define(void *first_unused_memory)
383 {
384 CHAR *pointer;
385 UINT status;
386
387
388 error_counter = 0;
389
390 /* Setup the working pointer. */
391 pointer = (CHAR *) first_unused_memory;
392
393 /* Create a helper thread for the server. */
394 tx_thread_create(&server_thread, "TLS Server thread", tls_server_thread_entry, 0,
395 pointer, DEMO_STACK_SIZE,
396 4, 4, TX_NO_TIME_SLICE, TX_AUTO_START);
397
398 pointer = pointer + DEMO_STACK_SIZE;
399
400 /* Initialize the NetX system. */
401 nx_system_initialize();
402
403 /* Create the server packet pool. */
404 status = nx_packet_pool_create(&server_pool, "TLS Server Packet Pool", NX_PACKET_SIZE,
405 pointer, NX_PACKET_SIZE * 16);
406 pointer = pointer + NX_PACKET_SIZE * 16;
407 if (status)
408 error_counter++;
409
410 /* Create an IP instance. */
411 status = nx_ip_create(&server_ip, "TLS Server IP", TLS_SERVER_ADDRESS,
412 0xFFFFFF00UL, &server_pool, _nx_ram_network_driver,
413 pointer, 4096, 1);
414 pointer = pointer + 4096;
415 if (status)
416 error_counter++;
417
418 /* Enable ARP and supply ARP cache memory for the server IP instance. */
419 status = nx_arp_enable(&server_ip, (void *) pointer, 1024);
420 pointer = pointer + 1024;
421 if (status)
422 error_counter++;
423
424 /* Enable TCP traffic. */
425 status = nx_tcp_enable(&server_ip);
426 if (status)
427 error_counter++;
428
429 /* Create the TLS Client thread. */
430 status = tx_thread_create(&client_thread, "TLS Client", tls_client_thread_entry, 0,
431 pointer, DEMO_STACK_SIZE,
432 6, 6, TX_NO_TIME_SLICE, TX_AUTO_START);
433 pointer = pointer + DEMO_STACK_SIZE;
434 if (status)
435 error_counter++;
436
437 /* Create the Client packet pool. */
438 status = nx_packet_pool_create(&client_pool, "TLS Client Packet Pool", NX_PACKET_SIZE,
439 pointer, NX_PACKET_SIZE * 16);
440 pointer = pointer + NX_PACKET_SIZE * 16;
441 if (status)
442 error_counter++;
443
444 /* Create an IP instance. */
445 status = nx_ip_create(&client_ip, "TLS Client IP", TLS_CLIENT_ADDRESS,
446 0xFFFFFF00UL, &client_pool, _nx_ram_network_driver,
447 pointer, 2048, 1);
448 pointer = pointer + 2048;
449 if (status)
450 error_counter++;
451
452 status = nx_arp_enable(&client_ip, (void *) pointer, 1024);
453 pointer = pointer + 2048;
454 if (status)
455 error_counter++;
456
457 /* Enable TCP traffic. */
458 status = nx_tcp_enable(&client_ip);
459 if (status)
460 error_counter++;
461 }
462
463 /* Thread entry for the TLS Client demo. */
tls_client_thread_entry(ULONG thread_input)464 VOID tls_client_thread_entry(ULONG thread_input)
465 {
466 UINT status;
467 ULONG actual_status;
468 NX_PACKET *send_packet;
469 NX_PACKET *receive_packet;
470 UCHAR receive_buffer[200];
471 ULONG bytes;
472 ULONG server_ipv4_address;
473
474 /* We are not using the thread input parameter so suppress compiler warning. */
475 NX_PARAMETER_NOT_USED(thread_input);
476
477 /* Ensure the IP instance has been initialized. */
478 status = nx_ip_status_check(&client_ip, NX_IP_INITIALIZE_DONE, &actual_status,
479 NX_IP_PERIODIC_RATE);
480 if (status)
481 error_counter++;
482
483 /* Create a TCP socket to use for our TLS session. */
484 status = nx_tcp_socket_create(&client_ip, &client_tcp_socket, "TLS Client Socket",
485 NX_IP_NORMAL, NX_FRAGMENT_OKAY,
486 NX_IP_TIME_TO_LIVE, 8192, NX_NULL, NX_NULL);
487 if (status)
488 error_counter++;
489
490 /* Create a TLS session for our socket. This sets up the TLS session object for
491 later use */
492 status = nx_secure_tls_session_create(&client_tls_session,
493 &nx_crypto_tls_ciphers_ecc,
494 crypto_metadata_client,
495 sizeof(crypto_metadata_client));
496 if (status)
497 error_counter++;
498
499 /* Initialize ECC parameters for this session. */
500 status = nx_secure_tls_ecc_initialize(&client_tls_session,
501 nx_crypto_ecc_supported_groups,
502 nx_crypto_ecc_supported_groups_size,
503 nx_crypto_ecc_curves);
504 if (status)
505 error_counter++;
506
507 /* Set the packet reassembly buffer for this TLS session. */
508 status = nx_secure_tls_session_packet_buffer_set(&client_tls_session, tls_packet_buffer_client,
509 sizeof(tls_packet_buffer_client));
510 if (status)
511 error_counter++;
512
513 /* Initialize an X.509 certificate with our CA root certificate data. */
514 status = nx_secure_x509_certificate_initialize(&trusted_certificate, test_ca_cert_der,
515 test_ca_cert_der_len, NX_NULL, 0, NX_NULL, 0,
516 NX_SECURE_X509_KEY_TYPE_NONE);
517 if (status)
518 error_counter++;
519
520 /* Add the initialized certificate as a trusted root certificate. */
521 status = nx_secure_tls_trusted_certificate_add(&client_tls_session, &trusted_certificate);
522 if (status)
523 error_counter++;
524
525 /* Bind the socket. */
526 status = nx_tcp_client_socket_bind(&client_tcp_socket, 0, NX_WAIT_FOREVER);
527 if (status)
528 error_counter++;
529
530 /* Setup this thread to open a connection on the TCP socket to a remote server.
531 The IP address can be used directly or it can be obtained via DNS or other
532 means.*/
533 server_ipv4_address = TLS_SERVER_ADDRESS;
534 status = nx_tcp_client_socket_connect(&client_tcp_socket, server_ipv4_address,
535 SERVER_PORT, NX_WAIT_FOREVER);
536 if (status)
537 {
538 error_counter++;
539 return;
540 }
541
542 /* Start the TLS Session using the connected TCP socket. This function will
543 ascertain from the TCP socket state that this is a TLS Client session. */
544 status = nx_secure_tls_session_start(&client_tls_session, &client_tcp_socket,
545 NX_WAIT_FOREVER);
546 if (status)
547 {
548 error_counter++;
549 return;
550 }
551
552 /* Allocate a TLS packet to send an HTTP request over TLS (HTTPS). */
553 status = nx_secure_tls_packet_allocate(&client_tls_session, &client_pool, &send_packet,
554 NX_WAIT_FOREVER);
555 if (status)
556 error_counter++;
557
558 /* Populate the packet with our HTTP request. */
559 status = nx_packet_data_append(send_packet, http_request, sizeof(http_request), &client_pool,
560 NX_WAIT_FOREVER);
561 if (status)
562 error_counter++;
563
564 /* Send the HTTP request over the TLS Session, turning it into HTTPS. */
565 status = nx_secure_tls_session_send(&client_tls_session, send_packet, NX_WAIT_FOREVER);
566
567 /* If the send fails, you must release the packet. */
568 if (status != NX_SUCCESS)
569 {
570
571 /* Release the packet since the packet was not sent. */
572 nx_packet_release(send_packet);
573 }
574
575 /* Receive the HTTP response and any data from the server. */
576 status = nx_secure_tls_session_receive(&client_tls_session, &receive_packet,
577 NX_WAIT_FOREVER);
578 if (status == NX_SUCCESS)
579 {
580
581 /* Extract the data we received from the remote server. */
582 status = nx_packet_data_extract_offset(receive_packet, 0, receive_buffer,
583 sizeof(receive_buffer) - 1, &bytes);
584
585 /* Display the response data. */
586 receive_buffer[bytes] = 0;
587 printf("Received data: %s\n", receive_buffer);
588
589 /* Release the packet when done with it. */
590 nx_packet_release(receive_packet);
591 }
592
593 /* End the TLS session now that we have received our HTTPS/HTML response. */
594 status = nx_secure_tls_session_end(&client_tls_session, NX_WAIT_FOREVER);
595 if (status)
596 error_counter++;
597
598 /* Check for errors to make sure the session ended cleanly. */
599
600 /* Disconnect the TCP socket. */
601 status = nx_tcp_socket_disconnect(&client_tcp_socket, NX_WAIT_FOREVER);
602
603 }
604
605 /************* TLS Server *************************/
606
607 /* Define the TLS Server thread. */
tls_server_thread_entry(ULONG thread_input)608 void tls_server_thread_entry(ULONG thread_input)
609 {
610 UINT status;
611 ULONG actual_status;
612 NX_PACKET *send_packet;
613 NX_PACKET *receive_packet;
614 UCHAR receive_buffer[100];
615 ULONG bytes;
616
617 NX_PARAMETER_NOT_USED(thread_input);
618
619 /* Ensure the IP instance has been initialized. */
620 status = nx_ip_status_check(&server_ip, NX_IP_INITIALIZE_DONE, &actual_status,
621 NX_IP_PERIODIC_RATE);
622 if (status)
623 error_counter++;
624
625 /* Create a TCP socket to use for our TLS session. */
626 status = nx_tcp_socket_create(&server_ip, &server_tcp_socket, "TLS Server Socket",
627 NX_IP_NORMAL, NX_FRAGMENT_OKAY,
628 NX_IP_TIME_TO_LIVE, 8192, NX_NULL, NX_NULL);
629 if (status)
630 error_counter++;
631
632 /* Create a TLS session for our socket. */
633 status = nx_secure_tls_session_create(&server_tls_session,
634 &nx_crypto_tls_ciphers_ecc,
635 crypto_metadata_server,
636 sizeof(crypto_metadata_server));
637 if (status)
638 error_counter++;
639
640 status = nx_secure_tls_ecc_initialize(&server_tls_session,
641 nx_crypto_ecc_supported_groups,
642 nx_crypto_ecc_supported_groups_size,
643 nx_crypto_ecc_curves);
644 if (status)
645 error_counter++;
646
647 /* Set the packet reassembly buffer for this TLS session. */
648 status = nx_secure_tls_session_packet_buffer_set(&server_tls_session, tls_packet_buffer_server,
649 sizeof(tls_packet_buffer_server));
650 if (status)
651 error_counter++;
652
653 /* Initialize an X.509 certificate and private ECC key for our TLS Session. */
654 status = nx_secure_x509_certificate_initialize(&certificate, test_device_cert_der, test_device_cert_der_len, NX_NULL, 0,
655 test_device_cert_key_der, test_device_cert_key_der_len,
656 NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
657 if (status)
658 error_counter++;
659
660 /* Add the initialized certificate as a local identity certificate. */
661 status = nx_secure_tls_local_certificate_add(&server_tls_session, &certificate);
662 if (status)
663 error_counter++;
664
665 /* Setup this thread to listen on the TCP socket. */
666 status = nx_tcp_server_socket_listen(&server_ip, SERVER_PORT, &server_tcp_socket, 5, NX_NULL);
667 if (status)
668 error_counter++;
669
670 while(1)
671 {
672
673 /* Accept a client TCP socket connection. */
674 status = nx_tcp_server_socket_accept(&server_tcp_socket, NX_WAIT_FOREVER);
675 if (status)
676 {
677 printf("Socket accept failure: %x\n", status);
678 error_counter++;
679
680 /* Unaccept the server socket. */
681 nx_tcp_server_socket_unaccept(&server_tcp_socket);
682
683 /* Setup server socket for listening again. */
684 nx_tcp_server_socket_relisten(&server_ip, SERVER_PORT, &server_tcp_socket);
685
686 continue;
687 }
688
689 /* Start the TLS Session using the connected TCP socket. */
690 status = nx_secure_tls_session_start(&server_tls_session, &server_tcp_socket,
691 NX_WAIT_FOREVER);
692
693 if (status == NX_SUCCESS)
694 {
695 /* Receive the HTTPS request. */
696 status = nx_secure_tls_session_receive(&server_tls_session, &receive_packet,
697 NX_WAIT_FOREVER);
698
699 if (status == NX_SUCCESS)
700 {
701 /* Extract the HTTP request information from the HTTPS request. */
702 status = nx_packet_data_extract_offset(receive_packet, 0, receive_buffer,
703 sizeof(receive_buffer) - 1, &bytes);
704 if (status)
705 error_counter++;
706
707 /* Display the HTTP request data. */
708 receive_buffer[bytes] = 0;
709 printf("Received data: %s\n", receive_buffer);
710
711 /* Release the packet when done with it */
712 nx_packet_release(receive_packet);
713 }
714
715 /* Allocate a TLS packet to send HTML data back to client. */
716 status = nx_secure_tls_packet_allocate(&server_tls_session, &server_pool, &send_packet,
717 NX_WAIT_FOREVER);
718 if (status)
719 error_counter++;
720
721 /* Populate the packet with our HTTP response and HTML web page data. */
722 status = nx_packet_data_append(send_packet, html_data, sizeof(html_data), &server_pool,
723 NX_WAIT_FOREVER);
724 if (status)
725 error_counter++;
726
727 /* Send the HTTP response over the TLS Session, turning it into HTTPS. */
728 status = nx_secure_tls_session_send(&server_tls_session, send_packet,
729 NX_WAIT_FOREVER);
730
731 /* If the send fails, you must release the packet. */
732 if (status != NX_SUCCESS)
733 {
734 /* Release the packet since it was not sent. */
735 nx_packet_release(send_packet);
736 error_counter++;
737 }
738
739 }
740
741 /* End the TLS session now that we have sent our HTTPS/HTML response. */
742 status = nx_secure_tls_session_end(&server_tls_session, NX_WAIT_FOREVER);
743
744 /* Check for errors to make sure the session ended cleanly! */
745 if (status)
746 error_counter++;
747
748 /* Disconnect the TCP socket so we can be ready for the next request. */
749 status = nx_tcp_socket_disconnect(&server_tcp_socket, NX_WAIT_FOREVER);
750 if (status)
751 error_counter++;
752
753 /* Unaccept the server socket. */
754 status = nx_tcp_server_socket_unaccept(&server_tcp_socket);
755 if (status)
756 error_counter++;
757
758 /* Setup server socket for listening again. */
759 status = nx_tcp_server_socket_relisten(&server_ip, SERVER_PORT, &server_tcp_socket);
760 if (status)
761 error_counter++;
762
763 }
764
765 }
766
767 #endif /* NX_DISABLE_IPV4 */
768
