1 /*
2  *  SSL client demonstration program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #include "mbedtls/platform.h"
23 
24 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||     \
25     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) ||    \
26     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||            \
27     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
28     !defined(MBEDTLS_X509_CRT_PARSE_C)
main(void)29 int main(void)
30 {
31     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
32                    "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
33                    "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
34                    "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
35                    "not defined.\n");
36     mbedtls_exit(0);
37 }
38 #else
39 
40 #include "mbedtls/net_sockets.h"
41 #include "mbedtls/debug.h"
42 #include "mbedtls/ssl.h"
43 #include "mbedtls/entropy.h"
44 #include "mbedtls/ctr_drbg.h"
45 #include "mbedtls/error.h"
46 #include "test/certs.h"
47 
48 #include <string.h>
49 
50 #define SERVER_PORT "4433"
51 #define SERVER_NAME "localhost"
52 #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
53 
54 #define DEBUG_LEVEL 1
55 
56 
my_debug(void * ctx,int level,const char * file,int line,const char * str)57 static void my_debug(void *ctx, int level,
58                      const char *file, int line,
59                      const char *str)
60 {
61     ((void) level);
62 
63     mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
64     fflush((FILE *) ctx);
65 }
66 
main(void)67 int main(void)
68 {
69     int ret = 1, len;
70     int exit_code = MBEDTLS_EXIT_FAILURE;
71     mbedtls_net_context server_fd;
72     uint32_t flags;
73     unsigned char buf[1024];
74     const char *pers = "ssl_client1";
75 
76     mbedtls_entropy_context entropy;
77     mbedtls_ctr_drbg_context ctr_drbg;
78     mbedtls_ssl_context ssl;
79     mbedtls_ssl_config conf;
80     mbedtls_x509_crt cacert;
81 
82 #if defined(MBEDTLS_DEBUG_C)
83     mbedtls_debug_set_threshold(DEBUG_LEVEL);
84 #endif
85 
86     /*
87      * 0. Initialize the RNG and the session data
88      */
89     mbedtls_net_init(&server_fd);
90     mbedtls_ssl_init(&ssl);
91     mbedtls_ssl_config_init(&conf);
92     mbedtls_x509_crt_init(&cacert);
93     mbedtls_ctr_drbg_init(&ctr_drbg);
94 
95     mbedtls_printf("\n  . Seeding the random number generator...");
96     fflush(stdout);
97 
98     mbedtls_entropy_init(&entropy);
99     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
100                                      (const unsigned char *) pers,
101                                      strlen(pers))) != 0) {
102         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
103         goto exit;
104     }
105 
106     mbedtls_printf(" ok\n");
107 
108     /*
109      * 0. Initialize certificates
110      */
111     mbedtls_printf("  . Loading the CA root certificate ...");
112     fflush(stdout);
113 
114     ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
115                                  mbedtls_test_cas_pem_len);
116     if (ret < 0) {
117         mbedtls_printf(" failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n",
118                        (unsigned int) -ret);
119         goto exit;
120     }
121 
122     mbedtls_printf(" ok (%d skipped)\n", ret);
123 
124     /*
125      * 1. Start the connection
126      */
127     mbedtls_printf("  . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
128     fflush(stdout);
129 
130     if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
131                                    SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
132         mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
133         goto exit;
134     }
135 
136     mbedtls_printf(" ok\n");
137 
138     /*
139      * 2. Setup stuff
140      */
141     mbedtls_printf("  . Setting up the SSL/TLS structure...");
142     fflush(stdout);
143 
144     if ((ret = mbedtls_ssl_config_defaults(&conf,
145                                            MBEDTLS_SSL_IS_CLIENT,
146                                            MBEDTLS_SSL_TRANSPORT_STREAM,
147                                            MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
148         mbedtls_printf(" failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
149         goto exit;
150     }
151 
152     mbedtls_printf(" ok\n");
153 
154     /* OPTIONAL is not optimal for security,
155      * but makes interop easier in this simplified example */
156     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
157     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
158     mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
159     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
160 
161     if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
162         mbedtls_printf(" failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret);
163         goto exit;
164     }
165 
166     if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
167         mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
168         goto exit;
169     }
170 
171     mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
172 
173     /*
174      * 4. Handshake
175      */
176     mbedtls_printf("  . Performing the SSL/TLS handshake...");
177     fflush(stdout);
178 
179     while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
180         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
181             mbedtls_printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
182                            (unsigned int) -ret);
183             goto exit;
184         }
185     }
186 
187     mbedtls_printf(" ok\n");
188 
189     /*
190      * 5. Verify the server certificate
191      */
192     mbedtls_printf("  . Verifying peer X.509 certificate...");
193 
194     /* In real life, we probably want to bail out when ret != 0 */
195     if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
196 #if !defined(MBEDTLS_X509_REMOVE_INFO)
197         char vrfy_buf[512];
198 #endif
199 
200         mbedtls_printf(" failed\n");
201 
202 #if !defined(MBEDTLS_X509_REMOVE_INFO)
203         mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "  ! ", flags);
204 
205         mbedtls_printf("%s\n", vrfy_buf);
206 #endif
207     } else {
208         mbedtls_printf(" ok\n");
209     }
210 
211     /*
212      * 3. Write the GET request
213      */
214     mbedtls_printf("  > Write to server:");
215     fflush(stdout);
216 
217     len = sprintf((char *) buf, GET_REQUEST);
218 
219     while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
220         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
221             mbedtls_printf(" failed\n  ! mbedtls_ssl_write returned %d\n\n", ret);
222             goto exit;
223         }
224     }
225 
226     len = ret;
227     mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
228 
229     /*
230      * 7. Read the HTTP response
231      */
232     mbedtls_printf("  < Read from server:");
233     fflush(stdout);
234 
235     do {
236         len = sizeof(buf) - 1;
237         memset(buf, 0, sizeof(buf));
238         ret = mbedtls_ssl_read(&ssl, buf, len);
239 
240         if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
241             continue;
242         }
243 
244         if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
245             break;
246         }
247 
248         if (ret < 0) {
249             mbedtls_printf("failed\n  ! mbedtls_ssl_read returned %d\n\n", ret);
250             break;
251         }
252 
253         if (ret == 0) {
254             mbedtls_printf("\n\nEOF\n\n");
255             break;
256         }
257 
258         len = ret;
259         mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
260     } while (1);
261 
262     mbedtls_ssl_close_notify(&ssl);
263 
264     exit_code = MBEDTLS_EXIT_SUCCESS;
265 
266 exit:
267 
268 #ifdef MBEDTLS_ERROR_C
269     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
270         char error_buf[100];
271         mbedtls_strerror(ret, error_buf, 100);
272         mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
273     }
274 #endif
275 
276     mbedtls_net_free(&server_fd);
277 
278     mbedtls_x509_crt_free(&cacert);
279     mbedtls_ssl_free(&ssl);
280     mbedtls_ssl_config_free(&conf);
281     mbedtls_ctr_drbg_free(&ctr_drbg);
282     mbedtls_entropy_free(&entropy);
283 
284     mbedtls_exit(exit_code);
285 }
286 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
287           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
288           MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
289